Know How to Audit Admin logs in Google Workspace

Christopher Warner
Last update: October 22, 2024
No Comments

Introduction

In this article, we will know how to Audit Admin logs in Google Workspace. Auditing Admin logs help to record, track, and create documentation about the Admin activities in Google Workspace. The process helps to identify unauthorized activities and inform about the security loopholes. As an Admin, you can download the CSV of Admin logs from the Admin Console. But Foresight makes this process easier by automating it.

What do you mean by 'columns' in log event data?

In log event data, 'columns' refer to specific attributes or fields that store detailed information about each logged event, allowing for easy searching and filtering of data. Each column represents a key piece of data related to the log event. Common examples of columns include:

Actor: The email address of the user who initiated the log event.
Event: The specific action logged, such as "Activity Rule Creation" or "Investigation Query." These are grouped by types like Domain Settings or User Settings.
IP Address: The IP address associated with the user, which could be tied to their physical location or through a virtual private network (VPN) or proxy server.
Actor Organizational Unit: The organizational unit (OU) to which the actor belongs, revealing the user's department or team.

These columns are used to filter and search log data effectively in order to monitor and analyze activities within an organization.

What are admin logs in Google Admin, and why do they exist?

Admin logs are a feature in the Google Admin Console that allows you to audit, investigate, and identify the admins and users, their activities, and much more. The data helps you to track the Admin and users’ activity and ensure there are no malpractices. When you enable audit logs, they let your security, compliance, and auditing entities examine Google Cloud data and systems for any possible security threat. In this way, it maintains data consistency.

How to find Admin logs in Google Admin?

Automate Auditing and Exporting Admin logs with xFanatical Foresight Automation tool

xFanatical Foresight Automation tool is an advanced automation tool designed to simplify and streamline the administration of Google Workspace. It offers a user-friendly interface and powerful features to automate repetitive tasks, including the auditing of admin logs. With xFanatical Foresight, you can set up automated workflows to regularly check and report on admin activities, ensuring no suspicious activity goes unnoticed.

Video Demo

Instructions

Create a calendar event for exporting Admin logs weekly to Google Drive

Log in to your xFanatical Foresight account with your Google Admin account.
Go to the Rules page and click the New Rule button.
Select the Calendar event started trigger from the select a trigger screen.
Select Primary Calendar in the Calendars field and Admin Activity in the Event title field.
Click Next.
On the Select an action screen, click the Convert datetime action.
Select Current Datetime in the Source datetime field.
- Select these steps in the Time change steps - Subtract 1 Week, Set the Day of week to 1, and Set to the Start of Day.
- Enter Start Datetime as the Variable name.
Again click Add next action, and select the Convert datetime action.
Again, select Current Datetime in the Source datetime field.
- Select Subtract 1 Week in the Time Change steps. Then, click Add Step to Set the Day of Week to 5. Again, click Add Step to Set to the End of Day.
- Enter End Datetime as the Variable name.
Click Add next action.
On the Select an action screen, click the List admin activity logs action.
Select the Start Datetime and End Datetime variable using icon.
Click Add next action.
On the Select an action screen, click the Upload data to drive action.
Select Admin Logs CSV Download Link in the CSV file URL. Then, select the desired Google Drive Folder.
Click Review.
Enter the Rule name, and click Create.

Rule Triggering

The rule has been created successfully. You can now check the workflow in the Foresight interface.

Verifying Results

Conclusion

Auditing admin logs in Google Workspace using the xFanatical Foresight Automation tool is a proactive approach to maintaining the security and compliance of your organization's digital environment. By setting up automated workflows, interpreting the data effectively, and adhering to best practices, you can ensure that your Google Workspace remains secure and well-managed.

Start leveraging xFanatical Foresight today to gain a deeper insight into your admin activities and safeguard your valuable data.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

0 Comments

Most Voted

Newest Oldest

Inline Feedbacks

View all comments

Unleash the power of automation and shape the future of intelligent digital workspace.

Products & Services

Company

Contact

xFanatical, Inc.

10080 N Wolfe Road

Suite SW3242

Cupertino, CA 95014

United States

Cookie	Duration	Description
_ga	2 years	This cookie is installed by Google Analytics. The cookie is used to calculate visitor, session, campaign data and keep track of site usage for the site’s analytics report. The cookies store information anonymously and assigns a randomly generated number to identify unique visitors. This cookie is installed the first time a visitor enters the website through a browser. When the visitor comes back to the website through the same browser, the cookie will consider them to be the same visitor. Only in the event that the visitor changes browser, will they be deemed to be a different visitor.
_gat_gtag-###	1 minute	This cookie is installed by Google Analytics. It is used to analyze visitor browsing habits, flow, source and other information.
_gid	1 day	This cookie is installed by Google Analytics. The cookie is used to store information of how visitors use a website and helps in creating an analytics report of how the website is doing. The data collected includes the number of visitors, the source where they have come from, and the pages visited in an anonymous form.
CONSENT	2 years	YouTube sets this cookie via embedded youtube-videos and registers anonymous statistical data.

Cookie	Duration	Description
__Secure-1PAPISID	2 years	Used by for targeting purposes to build a profile of the website visitor's interests in order to show relevant & personalized Google advertising
__Secure-1PSID	2 years	Used by for targeting purposes to build a profile of the website visitor's interests in order to show relevant & personalized Google advertising.
__Secure-3PAPISID	2 years	Used by for targeting purposes to build a profile of the website visitor's interests in order to show relevant & personalized Google advertising.
__Secure-3PSID	2 years	Used by for targeting purposes to build a profile of the website visitor's interests in order to show relevant & personalized Google advertising.
_gcl_au	3 months	This cookie is set by Google Analytics to take information in advert clicks and store it in a 1st party cookie so that conversions can be attributed outside of the landing page.
1P_JAR	1 month	This cookie is installed by Google Ads. This cookie is used to collect site statistics and track conversion rates.
APISID	2 years	This cookie is used by Google to store user preferences and information while viewing Youtube videos on this site.
HSID	2 years	This cookie contains digitally signed and encrypted records of a user’s Google Account ID and most recent sign-in time. Google uses security cookies to authenticate users, prevent fraudulent use of login credentials, and protect user data from unauthorized parties.
LOGIN_INFO	2 years	This cookie is used by YouTube (Google) for storing user preferences and other unspecified purposes.
NID	6 months	NID cookie, set by Google, is used for advertising purposes; to limit the number of times the user sees an ad, to mute unwanted ads, and to measure the effectiveness of ads.
PREF	2 years	This cookie is used by YouTube (Google) for storing user preferences and other unspecified purposes.
SID	2 years	This cookie contains digitally signed and encrypted records of a user’s Google Account ID and most recent sign-in time. Google uses security cookies to authenticate users, prevent fraudulent use of login credentials, and protect user data from unauthorized parties.
SIDCC	1 year	This cookie carries out information about how the end user uses the website and any advertising that the end user may have seen before visiting the said website.
SSID	2 years	This cookie is used to save the user's preferences and other information.
test_cookie	15 minutes	The test_cookie is set by doubleclick.net and is used to determine if the user's browser supports cookies.
VISITOR_INFO1_LIVE	6 months	A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.
YSC	session	This cookie is used by YouTube to remember user input and associate a user’s actions. This cookie lasts for as long as the user keeps their browser open.
yt-remote-connected-devices	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt-remote-device-id	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt.innertube::nextId	never	This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen.
yt.innertube::requests	never	This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen.