Login Audit Trail Features for User Activity Tracking

The Login Audit Trail is a specialized search that returns account login and logout activity, filterable by various parameters such as date, user, role, or IP address. This feature is essential for monitoring account user activities, revealing when users have logged in or out and from which locations. Each search result indicates whether the corresponding login or logout attempt was successful, enhancing security and oversight.

How Can You Access the Login Audit Trail?

You can navigate to the Login Audit Trail at Setup > Users/Roles > View Login Audit Trail. This path allows administrators to easily access vital login records to audit user activity efficiently.

Note on Session Timeouts

It's important to note that if a user's session times out, their login will end without an explicit logout entry being recorded in the Login Audit Trail. This lack of explicit logout could potentially lead to gaps in the audit trail during periods of inactivity.

IP Address Tracking

The Login Audit Trail not only records the user’s login and logout times but also captures the IP address where the session initiated. However, it does not track changes in the user's IP address during an active session. For example, if a user connects through a Virtual Private Network (VPN) during a session, only the initial IP address is recorded. If the user logs out and then back in while the VPN is still in use, the new IP address will be captured for that session.

Search Capabilities

The Login Audit Trail provides both simple and advanced search capabilities similar to other NetSuite searches:

• Simple Search Mode: Offers basic filters, including the user name, IP address, role, and date range.
• Advanced Search Mode: Includes more complex filtering options, allowing the use of formulas, join fields, result sorting, and grouping. Join fields can include Role, Employee, and in some cases, Customer, Partner, and Vendor.

Viewing Transactions

When examining individual login entries, you can view a list of transactions completed during that specific session. If no transactions are listed, it indicates that the user did not perform any actions during that logged period.

General Access

Additionally, the Log Audit Trail search can be accessed through the general search task links, making it easier to navigate to user activity records from various sections in NetSuite.

Key Takeaways:

• The Login Audit Trail tracks user login/logout activity and can be filtered by date, user, role, or IP address.
• Sessions may end without a logout entry due to session timeouts.
• Only the initial IP address is captured; changes during a session, such as those caused by a VPN, are not recorded.
• Both simple and advanced search functionalities are available for detailed user activity tracking.