Audit log
The audit log is the canonical record of who did what to which download, comment, review, or related object. Read it at AdminCP > [MC] Downloads Manager > Audit log.
Permissions
The audit log is gated by the standard AdminCP [MC] Downloads Manager admin permission. Any administrator with access to the Downloads Manager admin section can read the log. There is no separate per-moderator permission for it.
Filters
The listing offers these filters:
| Filter | What it matches |
|---|---|
| Actor | Username of the user who performed the action. |
| Target type | One of: Download, Version, File, Comment, Review, Category, Share token, Criteria gate. |
| Target ID | A specific row's ID. |
| Action | Any of the action types valid for the chosen target type. |
| Date range | From and to dates. |
| Via | One of: Web, API, CLI, System (for cron-driven entries). |
Filters compose. The listing paginates 20 entries per page.
What each row shows
- Date and time.
- Actor (username, or "System" for cron-driven actions).
- Action (e.g. "Password set", "Attached discussion thread").
- Target (linked to the row, with title where available).
- Severity colour (green, amber, red, grey).
- IP (when not yet anonymised).
- Via (the channel that triggered the action: Web, API, CLI, System).
Click a row to expand the full details payload.
Severity colours
The listing colours rows so you can scan a busy log quickly:
| Colour | Meaning |
|---|---|
| Green | Something was created, approved, restored, or otherwise added. |
| Amber | Something was edited, moved, or had a setting changed. |
| Red | Something was deleted, rejected, revoked, or failed. |
| Grey | Neutral or informational. |
Action types reference
For the full list of every entry kind you may see, see what you'll see in the audit log.
Searching specific actions
"Who deleted download #42?"
Filter:
- Target type: Download
- Target ID: 42
- Action: Download soft-deleted, or Download hard-deleted
"Show all actions by user X in the last 7 days"
Filter:
- Actor: X
- Date range: last 7 days
"Show every API write"
Filter:
- Via: API
This catches every write made through the REST API.
"Investigate share token abuse"
Filter:
- Target type: Share token
- Action: Share token attempt failed
- Date range: when the suspicious activity occurred
IP retention
Every entry stores the actor's IP. After the number of days set in Anonymise audit log IPs (default 90), the daily cron blanks the IP column. Anonymised entries display "[anonymised]" instead of an IP.
Log retention
Entries older than the Audit log retention value (default 365 days) are removed by the daily cron. Set to 0 to keep entries indefinitely.
What does not appear in the audit log
- Reads. The log only tracks state-changing actions.
- Permission grants and changes. Those go to the standard moderator log.
- AdminCP option changes. Option changes are not logged by the platform.
- File downloads as a viewer action. Use the per-download download count instead.
- Page views. Use stats and analytics instead.