Audit Logging
Track every administrative action in your CeyMail dashboard with searchable, filterable, and exportable audit logs.
Audit logging records every administrative action taken in the dashboard -- who did what, when, and from where. This gives you a complete trail for security reviews, compliance, and troubleshooting.
Business feature
Audit Logging is available on the Business plan and above.
What's logged
Every mutation in the dashboard creates an audit entry. Actions are grouped into categories:
| Category | Actions |
|---|---|
| Domains | Domain created, domain deleted |
| Users | User created, password changed, user deleted, bulk import |
| Aliases | Alias created, alias deleted |
| DKIM | Key generated, key deleted |
| Services | Service started, stopped, restarted |
| Queue | Queue flushed, queue cleared, item deleted |
| Backups | Backup created, backup deleted, schedule updated |
| Accounts | Account created, updated, deleted |
| Authentication | Login success, login failed, logout |
| Settings | Settings updated, AI settings updated |
| System | Factory reset, relay configured, relay removed, update initiated |
Each entry records the action, target (what was affected), detail (additional context), user (who performed it), IP address, and timestamp.
Viewing audit logs
Navigate to Audit Log in the sidebar. The table shows entries sorted by newest first, with six columns:
- Timestamp -- when the action occurred
- Action -- what was done (color-coded badge)
- Target -- the resource that was affected
- Detail -- additional context about the action
- User -- which admin performed the action
- IP Address -- where the request came from (partially masked for privacy)
Action badges are color-coded: green for create actions, yellow for updates, red for deletions and failed logins, and accent-colored for authentication and service operations.
Searching and filtering
Use the filter bar above the table to narrow down entries:
- Search -- full-text search across action, target, detail, and username
- Action filter -- dropdown grouped by category (Domains, Users, Aliases, etc.) to show only a specific action type
- Date range -- from and to date pickers to restrict the time window
All filters are applied server-side, so results are accurate even with thousands of entries. Filters work together -- you can search for a keyword, filter by action type, and restrict to a date range simultaneously.
Sorting
Click the Timestamp or Action column headers to toggle between ascending and descending sort order. The default sort is newest first.
Pagination
The bottom of the table shows pagination controls:
- Page size -- choose 10, 25, 50, or 100 entries per page
- Page navigation -- move between pages
- Total count -- the total number of matching entries
Exporting to CSV
Click the Export CSV button to download the current filtered view as a CSV file. The export:
- Includes all entries matching your current filters (up to 50,000 rows)
- Uses the filename format
audit-log-YYYY-MM-DD.csv - Opens correctly in Excel (includes UTF-8 BOM)
- Masks IP addresses the same way as the dashboard display
Filter before exporting
The export includes all entries matching your current filters. Apply filters first to export only the entries you need, especially if you have a large audit history.
IP address privacy
IP addresses are partially masked in both the dashboard and CSV exports. For IPv4 addresses, the last octet is replaced (e.g., 192.168.1.xxx). For IPv6, the last segment is masked. This preserves enough information for network-level analysis while protecting individual privacy.