The system administrator can download detailed reports called Content Logs from the Admin Console. These reports give information on how end users are working with corporate assets.
As end users interact with the assets—actions such as create or update—the details are recorded in log files. You can export these log files to track actions that users perform on the Creative Cloud and Document Cloud assets owned by your organization. As you move more assets into Adobe's cloud storage solutions, your coverage becomes more robust and meaningful.
You can only track assets managed by your Enterprise ID and Federated ID users. Actions performed on these assets by Adobe ID users are also logged. However, assets managed by users with Adobe IDs are not included, because legally, the individual users own these assets, not your organization. To migrate users from Adobe IDs to Enterprise ID or Federated ID, see Edit Identity Type.
Content Logs only contain details for users in the directories that you own. They do not contain details for users in a trusted directory. For more information on directories, see Directory Trusting.
You can download the Content Logs from the Admin Console, for the following user actions:
|Created||When a user uploads, imports, creates, or copies an item|
|Read||When a user downloads a file or library from the web, saves it locally on a device, or makes it available offline|
|Updated||When a user edits and saves an item|
|Permanently deleted||When a user permanently deletes an item|
|Sent an invite#||When a user adds a collaborator to a shared item|
|Accepted an invite#||When a user accepts an invitation to join a shared item as a collaborator|
|Changed a collaborator's role#||When a user modifies a collaborator's role|
|Created a public link#||When a user creates a public link|
|Removed a public link#||When a user removes a public link|
Actions performed on assets stored within Lightroom CC, Lightroom Classic, Lightroom Mobile, Lightroom Web, Behance, and Adobe Stock are not logged.
You cannot generate logs for dates that are earlier than the release of this feature.
After you receive the notification, click Download File under Content Logs in the Admin Console. The Content Logs report can contain multiple files, each of a maximum size of 100 MB.
A report is available in the Admin Console for seven days. Once deleted, you can regenerate it for the same time period, as long as the date range is within the past 90 days.
For organizations with numerous users, the resulting 90-day Content Logs report can be large and contain many files, potentially preventing its full download, depending on the browser used. If you are unable to download the Content Logs report, try reducing the selected date range. For an improved experience, it might also be useful to edit the default settings of some browsers in order not to be asked where to save each file before each download.
It displays the time in UTC. Depending on your location, it can differ from the date range you selected at the time of report creation.
The report is downloaded as csv files. For a description of the fields in the downloaded file, see Log Schema.
|Action||User action (For example, created, read, updated, shared link)|
|Date||Date and time of the event (UTC format)|
|User name||Name of the user who performed the action|
|User email||Email of the user who performed the action|
|Path||Path of the item|
|Item name||Name of the item|
|Item ID||Unique ID of the item generated by Adobe|
|Item type||Folder, file, or library|
|IP address||IP address from which the user performed the action. The field is blank if the event logged is not a Created, Read, Updated or Permanently deleted event.|
|Created||Date and time the item was uploaded or created in the cloud. The field is blank if the event logged is not a Created, Read, Updated or Permanently deleted event.|
|Last modified||Date and time the item was last modified. The field is blank if the event logged is not a Created, Read, Updated or Permanently deleted event.|
|Password protected||True if the shared link is password protected, False if it is not. The field is blank if the event logged is not a shared link event.|
|Shared link||URL to the shared item. The field is blank if the event logged is not a shared link event.|
|Permission||Permission level of the collaborator invited to join a shared item. The field is blank if the event logged is not a Sent an invite, Accepted an invite, or Changed a collaborator's role event.|
|Collaborator email||Email of the collaborator invited to join the shared item. The field is blank if the event logged is not a Sent an invite, Accepted an invite, or Changed a collaborator's role event.|
The following issues may affect you if you have been migrated to the new storage model. You are on the new storage model if you see a Storage tab in the Admin Console.
- Logs may contain system internal events, such as events from system users identified as "firstname.lastname@example.org" or "email@example.com" email addresses.
- Logs may contain events that include paths that may not exist in customer's actual directories as these are internal system events.
- Some log entries may not have [creative_cloud] or [document_cloud] prepended in the path column.
- Some log entries may contain a long string of alphanumeric characters embedded in the path. This is the GUID of the user's folder. We will replace this with the user name.
- Some log entries may not categorize items identified as "libraries" correctly in the "Item Type" column and may have an incorrect item name.
- In a workflow that may contain sharing activities, different item ID's may actually refer to the same item.
- Some events when creating or updating a document in XD may reference an incorrect item name and may generate duplicate create events.