Macha
Helpdesk Concepts

Audit Log

Definition

An audit log is a chronological, tamper-resistant record of who did what and when in a system — capturing actions like logins, permission changes, ticket edits, and setting changes for security and compliance.

Also known as: audit trailactivity logevent log

How it works

Each significant event is written as an immutable entry with an actor (user or system), an action, a timestamp, and often the before/after values. In a help desk this covers admin changes, role and permission edits, exports, deletions, and sometimes ticket-level activity.

Audit logs are usually read-only and retained for a fixed period, and higher-tier plans may stream them to an external SIEM or log store for long-term monitoring.

Why it matters

Audit logs answer the question "what happened, and who was responsible?" That's essential for security investigations, troubleshooting a broken automation, and meeting compliance requirements like SOC 2, ISO 27001, HIPAA, or GDPR.

As AI agents take actions inside a help desk, an audit trail of what the AI did — which tickets it touched, what it changed — becomes just as important as the trail for human agents.

Frequently asked

What is the difference between an audit log and an activity log?

They overlap, but an audit log emphasizes security- and compliance-relevant events and immutability, while a general activity log may just show recent user actions for convenience.

Why do audit logs matter for compliance?

Frameworks like SOC 2 and ISO 27001 require evidence of access control and accountability. An audit log provides the traceable record auditors ask for.

Put these ideas to work

Macha is an AI agent layer that sits on top of the help desk you already run — Zendesk, Freshdesk, Front, Intercom, or Gorgias.

Start Trial