Event Logs in Trio MSP provide a centralized, immutable audit trail of administrative actions, platform changes, device operations, and integration events across all managed organizations. This module is designed for traceability, accountability, and compliance, allowing MSP administrators to reconstruct who did what, where, and when—down to individual device-level actions.
Unlike alerts, which focus on real-time risk and anomalies, Event Logs capture historical system activity. Every logged event is timestamped, associated with a specific admin identity and role, and categorized to enable forensic analysis, compliance reporting, and operational troubleshooting.
Event Log Structure and Data Model
Each event record in Trio MSP is normalized and indexed to support fast filtering, exports, and audits. The event log table surfaces the most relevant metadata by default, while detailed views expose extended context.
An event log entry contains:
Event name – The specific action performed (e.g., Login, Device Locked, App added to the library)
Category – Logical grouping such as Authentication, Devices, Users, Groups, Integration, or Platform Adjustments
Admin – The administrator who initiated the action
Admin role – The role active at the time of execution (e.g., Super Admin, IT Admin L2)
Date & Time – Precise execution timestamp (UTC-based, rendered in UI locale)
This structure ensures that even high-volume environments remain auditable without ambiguity.
Navigating Event Logs
To access Event Logs:
Open the Trio MSP Admin Panel
Navigate to Activity → Event logs
Select the target Organization from the organization switcher (top-right)
Once loaded, the system retrieves events scoped strictly to the selected organization and region, preventing cross-tenant data exposure.
Filtering and Sorting Logic
Event Logs support multi-dimensional filtering, allowing admins to isolate events with surgical precision. Filters are applied server-side to ensure performance at scale.
You can refine results using:
Event name – Narrow down to specific actions (e.g., Password Reset, Device Wiped)
Category – Focus on domains like Authentication, Devices, or Integrations
Admin – Attribute actions to a specific administrator
Date & Time range – Perform time-bound investigations or audits
Sort order – Ascending or descending by timestamp
These filters can be combined, enabling queries such as “All device wipe actions performed by Super Admins in the last 30 days.”
Viewing Event Log Details
Clicking any event row opens the Event log details panel. This view expands the record into a fully contextualized audit entry.
The details panel includes:
A human-readable description of the action
Region and organization context
Admin identity and active role
Exact execution timestamp
Affected resources, where applicable (e.g., list of devices)
For bulk operations—such as deleting multiple devices—the panel lists each affected device individually, including:
Device name and model
Ownership type (COD / BYOD)
Enrollment or unenrollment source
Direct links to device records for follow-up
This level of granularity is critical for post-incident reviews and compliance validation.
Exporting Event Logs
Trio MSP allows controlled export of event logs for offline analysis, audits, or regulatory submissions.
To export event logs:
Click Export in the Event Logs view
Select a date range (From / To)
Choose export columns:
Original column set (default)
Or explicitly select fields such as Event name, Category, Admin, Role, Date & Time
Click Export
The exported file preserves the same ordering and filters applied in the UI, ensuring consistency between on-screen investigations and offline records.
Operational and Compliance Use Cases
Event Logs are foundational to several MSP workflows:
Security investigations – Trace configuration changes or access events
Change management – Validate who modified policies or devices
Compliance audits – Provide verifiable evidence for ISO, SOC 2, or internal governance
Customer accountability – Demonstrate action history to tenants when disputes arise
Because logs are system-generated and non-editable, they can be relied upon as a source of truth.
Key Distinction: Alerts vs. Event Logs
While both live under Activity, their purposes differ:
Alerts are proactive and real-time, signaling conditions that require attention
Event Logs are retrospective, recording completed actions and system changes
Together, they form a complete operational visibility layer for MSP administrators.