This article provides an overview of the differences between zone audits and system audits in Workspace. These two audit types provide different information and can be helpful for gathering data to suit your specific needs.

Zone Audit Events

Zone audit events provide zone-specific logs of events that happened within a specific file, folder, or share in a particular zone. These audit logs include the following information:

• Zone Reactivation: Where the zone may have been archived and reactivated.
• Zone Archived: Where the zone has been placed into an archived status.
• File Created: Lists when a file has been created in the zone.
• File Export: Lists when a file has been exported or downloaded from the zone.

An example of a zone audit entry can be seen below:

Zone audit entries are displayed with the following information:

• Date: The date the audit entry or event occurred.
• Description: A description of the event that took place.
• User: The email address of the user who created the event.
• IP Address: The IP address of the audit event.

System Audit Events

System audit logs provide system audit entries and log what occurred on the system overall. These audit logs can include the following information:

• Authentication: Lists when a user logs in to Workspace.
• File Deletion and Upload: Lists when a user either deletes or uploads a file.
• Zone Deletion: Lists when a user has deleted a zone.
• Permission Modifications: Lists when a user modifies the permissions of a specific role.

An example of a system audit entry can be seen below:

System audit entries are displayed with the following information:

• Created: The date on which the audit entry or event took place.
• Name: The name of the event, such as the file name and the event that took place.
• Zone: The name of the zone in which the event took place.
• Owner: The email address of the user who made the change.
• IP Address: The IP address that the event came from.