Audit Logging
Overview
Every user action in Easy Mail Archive is recorded in the audit log. You can view it at Admin > Audit Log.
What gets logged
The audit system tracks these action types:
- Login — successful authentications
- Search — search queries executed by users
- View — individual messages opened
- Download — messages downloaded as EML
- Restore — messages restored to a mailbox
- Remove — message deletions
- Settings — changes to account or tenant settings
- Admin — administrative actions (user changes, domain config, security policy changes, etc.)
- Error — failed operations
- Import — CSV user imports and message imports
- Not Spam — messages unmarked as spam
- Mark Private — messages flagged as private
- Power Search — cross-tenant search (global scope) initiated
Viewing and filtering the log
The audit log page shows entries in reverse chronological order. Each entry includes the date, the user's email, the action type, their IP address, a message ID (where applicable), and a description.
You can filter by:
- Email — text search on the user's email address
- Action type — pick a specific action from the dropdown
- Date range — from/to date pickers
Exporting
Click Export CSV to download the currently filtered audit entries as a CSV file. This is useful for providing audit trails to compliance officers or external auditors.
Compliance
Audit logs are stored for the lifetime of your account and cannot be modified or deleted by any user, including administrators. For organizations subject to GoBD, the log provides the procedural documentation required to demonstrate that archived data has not been tampered with.
Search transparency is a particularly important aspect — every search query is recorded along with who executed it, making it possible to answer GDPR Article 15 access requests about who viewed specific emails.