Audit and privacy
The Audit and privacy tab controls how long the audit log keeps entries, when IP addresses are anonymised, and how long soft-deleted downloads stay recoverable.
Audit and privacy tab
| Setting | Default | What it does |
|---|---|---|
| Audit log retention | 365 days | How long audit log entries are kept before the daily cron prunes them. Use 0 to disable pruning. |
| Anonymise audit log IPs | 90 days | After this many days, IP addresses are removed from audit log entries. The retention cron handles anonymisation. Use 0 to disable. |
| Soft-deletion retention | 30 days | How long a soft-deleted download stays recoverable. After this window the daily cron permanently purges it. Authors with the "Permanently delete own" permission can purge their own downloads at any time. Use 0 to keep soft-deleted downloads indefinitely. |
Daily cron jobs
Three cron jobs enforce these retention windows. They run daily and are visible at AdminCP > Tools > Cron entries:
- The audit log retention job anonymises IPs and prunes old entries.
- The hard-delete job permanently removes downloads, versions, and files that have been soft-deleted longer than the retention window.
- The comment retention job hard-deletes comments soft-deleted past their own retention window.
You can adjust the schedules at AdminCP > Tools > Cron entries.
What the audit log records
Summary by what the entry was performed against:
| Target | What is logged |
|---|---|
| Downloads | Create, update, publish, soft-delete, restore, hard-delete, move, reassign, prefix change, dependency change, icon update, team membership, thread linkage. |
| Versions | Create, update, publish, soft-delete, restore, file list change. |
| Files | External fetch failure, file removal. |
| Comments | Posted (visible or queued), edited, deleted, hard-deleted, restored, approved. |
| Reviews | Created, edited, deleted, restored, approved, rejected, hard-deleted, reassigned, author reply added or removed. |
| Categories | Auto-disabled discussion settings (when the linked forum was deleted). |
| Share tokens | Created, used, attempt failed, revoked. |
| Criteria gates | Created, updated, deleted. |
For the full list, see what you'll see in the audit log.
Every entry records: the action, the actor's username, the actor's IP, what was acted on, additional details, the channel (Web, API, CLI, System), the API key (when via API), and the date.
Reading the log
Navigate to AdminCP > [MC] Downloads Manager > Audit log.
Filters available: actor user, target type, target ID, action, date range, channel.
See the audit log page for filter recipes and search patterns.
Privacy considerations
- Set Anonymise audit log IPs to your jurisdiction's PII retention limit. EU GDPR pressure often points to 90 days or shorter.
- Set Audit log retention to the retention limit your policy allows. Many policies require 365 days for security investigations and disallow longer.
- The audit log is not exported through the standard user data export. If you need to comply with a data subject access request that covers audit data, query the database directly for entries by the user.
What is not in the audit log
- Permission grants and changes. Those go to the standard moderator log.
- Read-only views (page hits, file downloads). Use the per-download download count and analytics instead.
- AdminCP option changes. Option changes are not logged by the platform; if you need that, install a third-party option-history add-on.