Zscaler records the login name and IP address of every admin who logs in to the Admin Portal and changes policies or configuration settings. The Audit Logs display an admin's login and logout record (timestamps, actions, IP, etc.) and any configuration changes they completed. If an admin account makes five unsuccessful attempts to log in within one minute, the account will be locked out for five minutes and the failed attempts will be recorded. The audit logs are stored for up to 6 months.
To view these records, go to Administration > Audit Logs.
On the Audit Logs page, you can do the following:
Up to 1000 lines are shown. If there are more than 1000, only the count is shown.
There are two types of changes you can view: