How to Use System Audit Logs

Audit logs within Kustomer are very useful in understanding which events took place, at which specific time, and who made the action to trigger the event. Most are aware and use the customer and conversation audit logs regularly, but Kustomer also offers system audit logs that give you more information and insight that the others don’t.

Today we will go over the various other events and information you can receive by using the system audit logs in addition to the customer and conversation audit logs. If anything is unclear, or you are looking for additional information and would like to go over anything please don’t hesitate to reach out to Kustomer Support

Understanding the System Audit Logs

To get to the system Audit log you must have Administrator level permissions in your instance, and then you can navigate to Settings > Security > Audit Log. From there you can choose a date range, and Event Type. Additionally, each event type will have more information and filters you can access. We will discuss those in each section below.

Once you select a type of event, the Audit log will show the following columns. 

  • Performed By - Shows the User or System Automation which took the action. System Automations are workflows, business rules, queue router, or APIs. 

  • Date - The date and time the event took place.

  • Event - The type of change tracked, such as Update, Create, or Login.

  • Section - The standard object or setting that was updated.

  • Property - The specific attribute that was changed. For example, this could be Assigned Users, Status, Name, Email Address, or Tags.

  • Before & After - The specific attribute information that changed on an object. For example, these columns could show that a conversation status went from Open to Do.
    Note: You can see more details for what was changed in the criteria or action by hovering over the Before and After columns.

Types of Events in System Audit Logs

Below is a list of all the events that you can view through the system audit logs. Additionally, you are able to view Conversation and Customer events in the system audit log. But, we won’t be discussing those events, as you can find more information on each of those here.

  • Authorization

  • Billing

  • Settings

  • Work Session

Now let’s take a look at these four types of events that we can view in the System Audit Logs.


When choosing the Authorization event, you will also have an additional filter of User. Once selecting a specific user the Authorization Audit Log will show you a couple of things. One being the IP address of the user when they log in or or log out of Kustomer. Additionally, you can see when there has been an update to a specific user for things such as changes to the role group they are a part of or any changes to their account. Like changes to their name, email, phone, etc. 

This can be pretty useful when determining who made what changes and at what specific time. As well as what the values were prior to making the changes.


The Billing Event Type is pretty straightforward, this will show you when you make any updates to your instance of Kustomer. Whether that be upgrading your current plan, adding additional full time, seasonal, or collaborator seats.

This will again show the before and after, what changes were made and by whom.


When viewing the Settings Event Type, you will also have multiple filters to look at the various changes to the Settings. The filters being Searches, Shortcuts, Business Rule, and Kustomer Access. This can also be filtered by specific user, so can be incredibly useful when looking over changes and when they happened. As it can be hard to remember what the conditions were in the past and compare that against current results. 

Work Session

The Work Session Event Type is arguably one of the most useful of the System Audit logs. This will give you insight into your agents and how much time they are spending logged in to Kustomer as well as which conversations that get assigned to them. One of the most helpful use cases of the Work Session Event Type is tracking when agents get assigned conversations and what capacity they are at if using Queues and Routing. Our Queues and Routing system relies heavily on the agents internet connection to automatically assign them work, so even the smallest disruption in their network can cause changes to their routing status. Which in turn can change the agent’s status from Available to Unavailable. When looking through the Work Session Events, if you see an agent go from Available to Unavailable and the action was performed by the System User that is a good indication that the agent had a minor lapse in internet connectivity.

In addition to seeing when an agent goes from Available to Unavailable it is incredibly useful to see the capacity of the agent and which conversations were assigned to them to take them over capacity, or back under capacity. Our Team Pulse does this currently, and presents a live view. But the System Audit Log is a good alternative.

As you can see the System Audit Logs offer a wealth of information to help you better monitor your instance of Kustomer and get more insight into all the different areas of the platform in one place.