[comment]: # ({1849a860-66bd8c75})
# 5 Audit log
[comment]: # ({/1849a860-66bd8c75})
[comment]: # ({5c5eac0b-b503e694})
#### Overview
In the *Reports* > *Audit log* section, the records of user and system activity can be viewed.
::: noteclassic
For audit records to be collected and displayed, the *Enable audit logging* checkbox has to be marked in the *Administration* > [*Audit log*](/manual/web_interface/frontend_sections/administration/audit_log) section.
Without this setting enabled, the history of activities will not be recorded in the database and will not be shown in the audit log.
:::
{width="600"}
Audit log displays the following data:
|Column|Description|
|--|--------|
|*Time*|Timestamp of the audit record.|
|*User*|User who performed the activity.|
|*IP*|IP from which the activity was initiated.
Clicking the hyperlink will result in filtering audit log records by this IP.|
|*Resource*|Type of the affected resource (*API token*, *Action*, *Authentication*, *Autoregistration*, etc.).|
|*ID*|ID of the affected resource.
Clicking the hyperlink will result in filtering audit log records by this resource ID.|
|*Action*|Type of the activity (*Add*, [*Configuration refresh*](/manual/web_interface/frontend_sections/administration/proxies#mass-editing-options), *Delete*, *Execute*, *Failed login*, *History clear*, *Login*, *Logout*, [*Push*](/manual/api/reference/history/push), *Update*).|
|*Recordset ID*|Shared ID for all audit log records created as a result of the same operation.
For example, when linking a template to a host, a separate audit log record is created for each inherited template entity (item, trigger, etc.) - all these records will have the same *Recordset ID*.
Clicking the hyperlink will result in filtering audit log records by this *Recordset ID*.|
|*Details*|Description of the resource and detailed information about the performed activity.
If a record contains more than two rows, an additional *Details* link will be displayed. Click this link to view the full list of changes.|
::: noteclassic
When a [trapper item](/manual/config/items/itemtypes/trapper) or an [HTTP agent item](/manual/config/items/itemtypes/http) (with trapping enabled) has received some data,
an entry in the audit log will be added only if the data was sent using the [`history.push`](/manual/api/reference/history/push) API method, and not the [Zabbix sender](/manual/concepts/sender) utility.
:::
[comment]: # ({/5c5eac0b-b503e694})
[comment]: # ({c3b79ea3-84ad1722})
#### Buttons
The button at the upper-right corner of the page offers the following option:
| | |
|--|--------|
||Export audit log records from all pages to a CSV file. If a filter is applied, only the filtered records will be exported.|
[comment]: # ({/c3b79ea3-84ad1722})
[comment]: # ({3d62a059-d73129d8})
#### Using filter
The filter is located below the *Audit log* bar.
It can be opened and collapsed by clicking the *Filter* tab in the upper-right corner.
{width="600"}
You may use the filter to narrow the records by user, affected resource, resource ID, performed operation (*Recordset ID*), and IP.
Depending on the resource, one or more specific actions can be selected in the filter.
For better search performance, all data is searched with macros unresolved.
[comment]: # ({/3d62a059-d73129d8})
[comment]: # ({b82cc780-23b43559})
#### Time period selector
The time period selector next to the filter allows to select often required periods with one mouse click.
For more information, see [Time period and host selectors](/manual/web_interface/time_period_selector).
[comment]: # ({/b82cc780-23b43559})