Activity Log
The Activity Log provides a centralized audit trail of actions occurring throughout your Manage1to1 system. It tracks what administrators do, when they do it, and creates accountability for system changes, user modifications, and critical operations.
You can access this page from the main navigation under Activity Log.
To view the activity log, you need the View Activity Log permission assigned to your administrator role.
Understanding the Activity Log
The Activity Log is your system's "black box" - a permanent record of administrative actions and system events. It answers questions like:
- Who created/edited/deleted this user?
- When was this device checked out?
- Which administrator changed this setting?
- What actions occurred before this problem started?
- Who accessed sensitive information?
Common logged actions:
- User account creation, modification, deletion
- Device checkouts and returns
- Incident creation and updates
- Invoice generation and payment processing
- Cart assignments and changes
- Configuration changes in settings
- Administrator logins and actions
- Permission changes
- Data exports and reports
What You'll See on the Activity Log Page
The activity log displays a table with recent system events:
| Column | What It Shows |
|---|---|
| Date/Time | When the action occurred (timestamp) |
| Administrator | Who performed the action |
| Action | Description of what happened |
| User | Which user was affected (if applicable) |
| IP Address | Where the action originated from |
Example entries:
03/15/2024 2:45 PM | John Smith | User Created - User ID: 12345 | Jane Doe | 192.168.1.100
03/15/2024 2:50 PM | John Smith | Device Checked Out - Device: #ABC123 | Jane Doe | 192.168.1.100
03/15/2024 3:15 PM | Mary Johnson | Incident Created - Incident ID: 567 | | 192.168.1.105
Default View vs. Full Logs
By default, the Activity Log shows a filtered view of recent administrative actions to keep the page fast and responsive.
Default View
What's included:
- Administrative actions (user management, device operations, etc.)
- System configuration changes
- Key workflow events
- Recent entries (typically last 500-1000 actions)
What's excluded:
- Routine user/device activity logs (to reduce noise)
- Very old historical entries
- Automated system actions
Performance:
- Loads quickly
- Suitable for daily monitoring
- Recommended for most use cases
Loading Full Logs
At the top of the page, you'll see a checkbox or button to Load Full Logs.
When enabled:
- Includes broader set of historical entries
- Shows user-specific and device-specific activity
- Pulls from complete activity history
- May take longer to load (depends on data volume)
When to use full logs:
- Investigating specific incidents requiring complete history
- Auditing user access patterns
- Compliance reviews needing comprehensive records
- Troubleshooting issues requiring detailed timeline
Performance note: Full logs can be slow on large systems (years of data). Use filters to narrow results.
Searching and Filtering
Quick Search
Use the search box to find specific log entries:
- Search by administrator name
- Search by action keywords (e.g., "deleted", "created", "invoice")
- Search by user name
- Search by device asset tag or serial
As you type, the table filters to matching results.
Sorting
Click any column header to sort:
- Date/Time: Chronological order (newest first by default)
- Administrator: Group actions by who performed them
- Action: Alphabetical by action type
- User: Group actions affecting specific users
Common Use Cases
Scenario 1: Tracking Down Who Made a Change
User claims they didn't request a password reset, but it happened:
- Open Activity Log
- Search for the user's name
- Look for "Password Reset" or similar action
- Check timestamp and administrator who performed it
- Verify if action was legitimate
Result: You can see exactly who reset the password and when.
Scenario 2: Auditing Administrator Actions
Monthly security review requires checking what admins did:
- Enable Load Full Logs if needed
- Filter by specific administrator name
- Review their actions over the review period
- Look for unusual or unauthorized actions
- Export results if needed for documentation
Result: Complete accountability trail for administrator activity.
Scenario 3: Investigating Data Breach Concerns
Suspicious activity reported, need to check who accessed records:
- Search for relevant user names
- Check IP addresses for unusual locations
- Review timestamps for after-hours access
- Look for bulk exports or unusual data access
- Note which administrators accessed what
Result: Identify if unauthorized access occurred and by whom.
Scenario 4: Troubleshooting System Issues
Something broke after a configuration change:
- Filter by recent date range (when problem started)
- Look for "Settings" or "Configuration" actions
- Identify what was changed and when
- Note who made the change
- Revert or adjust based on findings
Result: Pinpoint exactly what changed and caused the issue.
Scenario 5: Compliance Auditing
Annual audit requires proof of who accessed student records:
- Enable Load Full Logs
- Search for specific student name
- Review all access/modification events
- Export log entries for audit documentation
- Verify compliance with data access policies
Result: Complete audit trail for compliance documentation.
Understanding Log Entries
Entry Components
Each log entry contains:
Timestamp - Exact date and time of action
Administrator - Full name of admin who performed action (or "System" for automated actions)
Action Description - What happened, including relevant IDs and details
Affected User - Who the action involved (if applicable)
IP Address - Source location of the action
Common Action Types
User Management:
- "User Created - User ID: 12345"
- "User Updated - User ID: 12345"
- "User Deleted - User ID: 12345"
- "Password Reset - User ID: 12345"
Device Operations:
- "Device Checked Out - Device: #ABC123"
- "Device Checked In - Device: #ABC123"
- "Device Created - Asset Tag: ABC123"
- "Device Updated - Asset Tag: ABC123"
Incidents:
- "Incident Created - Incident ID: 567"
- "Incident Updated - Incident ID: 567"
- "Incident Marked Complete - Incident ID: 567"
System/Settings:
- "Settings Updated - [Section Name]"
- "Administrator Permission Changed"
- "System Configuration Modified"
Data Access:
- "Report Exported - [Report Type]"
- "Bulk Data Export"
- "User Profile Accessed"
Activity Log Retention
Activity logs are typically retained indefinitely, creating a permanent historical record. However, your district may have data retention policies that archive or purge very old entries.
Check with your system administrator for:
- How long logs are kept
- Whether archived logs can be accessed
- Backup/disaster recovery procedures for logs
Tips for Using the Activity Log
✅ Do:
- Review activity log regularly for unusual patterns
- Use it to verify actions before confronting staff
- Search specifically rather than scrolling endlessly
- Export important findings for documentation
- Check IP addresses for suspicious locations
- Use full logs judiciously (only when needed)
❌ Don't:
- Assume the log shows everything (it shows admin actions, not all system events)
- Use it to micromanage staff (it's for accountability, not surveillance)
- Forget to check timestamps (time zone aware)
- Leave full logs enabled permanently (performance impact)
- Export sensitive data without proper authorization
Security and Privacy
Who can access:
- Only administrators with View Activity Log permission
- Typically restricted to senior IT staff and administrators
- Should not be granted to all staff
What's tracked:
- Administrative actions within Manage1to1
- System configuration changes
- Data access and modifications
What's NOT tracked:
- User logins to student/staff portals
- General web traffic
- Personal emails or communications
- Actions outside of Manage1to1
Privacy considerations:
- Activity log may contain sensitive information
- Access should be limited to those with legitimate need
- Log data subject to same privacy policies as other system data
Common Questions
Q: Can I delete activity log entries? No. The activity log is immutable - entries cannot be edited or deleted. This ensures integrity of the audit trail.
Q: How far back does the log go? Depends on your system configuration, but typically years. Very old entries may be archived.
Q: Does the log show user (student/staff) actions? Not typically. The activity log focuses on administrator actions. User-specific activity is logged separately within their records.
Q: Can I export the activity log? Depending on configuration, yes. Look for an export button or contact your system administrator.
Q: What if I see suspicious activity? Report it to your IT security team or system administrator immediately. Document the entries (screenshot or note details).
Q: Does "System" mean the computer did it automatically? Yes. Entries showing "System" as the administrator were automated actions (scheduled tasks, automated emails, etc.).
Q: Why is the page slow to load? If "Load Full Logs" is enabled, disable it for faster loading. Large activity histories take time to load.
Next Steps
The Activity Log is a powerful tool for accountability, troubleshooting, and compliance. Use it regularly to maintain oversight of your Manage1to1 system and ensure proper use by all administrators.