The second part of the Salesforce Advanced Administrator exam preparation will be revolving on the Auditing and Monitoring topic. Without further ado, lets get started!

NOTE: This post is written in April 2019 and content might be changed/updated overtime. The content is inspired by


Record Modification Fields (create/modify)

  • The simplest form of checking who created at when and who modified at when.

Field History Tracking

  • It can track up to 20 fields per object and if you to increase the limit, you will need to contact Salesforce support.
  • Data is kept for 18 months (24 months via API).
  • Fields longer than 255 characters will only track the values being changed but not exactly what is being changed.

Field Audit Trail

  • Add-on for field history tracking that comes with an additional cost.
  • Let you define a policy to retain archieved field history data up to 10 years.
  • Field Audit Trail is independent of field history tracking.
  • Track more than 20 fields per object.
  • All historic data is captured from the history related list into FieldHistoryArchive object.
  • Limitation: formula fields, roll-up summary fields, auto-number fields, created and last modified by, multi-select fields, long text fields and etc. cannot be tracked.

Setup Audit Trail

  • One easy way to track the recent setup changes that is made by adminstrator.
  • By default, it shows 20 most recent changes and stores audit trail history for past 6 months.
  • Setup audit trail can be downloaded for the last 6 months in Excel (CSV format).
  • If a delegate makes a setup change on behalf of an end-user, the Delegate User column shows the delegate's username.
  • Lots of changes are tracked in Setup Audit Trail (literally almost everything)
  • Setup changes made by delegated administrators are also tracked.

Email Log

  • Email logs are CSV files that contain information about all email sent through Salesforce over the last 30 days.
  • Modify all data permission needed to access email logs.
  • Email logs are fetched in the form of zip files containing:
    • email address of sender
    • email address of recipient
    • date/time of the email
    • delivery status
    • error code associated
    • and etc.
  • A maximum of 100,000 records can be obtained in one zip file.
  • If an email log returns 500,000 records, that will be up to 5 zip files to download.
  • When requesting for email log, you will need to specify the start and end date and the email address to receive the email log files.

Login History

  • Login History displays up to 20,000 most recent login attempts.
  • Login History can be downloaded to a CSV or Gzip file for the past 6 months.
  • Downloading has different options: All Logins, HTTP GET Logins, TLS Logins and Web Site Logins only.
  • New list views can be created for customized columns and filters.

Login Forensics

  • Login Forensics is used to identify unusual behavior within organization, to detect identity fraud and other security concerns:
    • Average number of login per user per specified time period
    • Who logged in more than average number of times
    • Who logged in during non-business hours
    • Who logged in from suspicious IP ranges
  • These types of events can be tracked via LoginEvent and PlatformEventMetrics.
  • Login Forensics can only be accessed through API (no user interface in Salesforce application).


Health Check


  • Health Check identifies and fixes vulnerabilities in security settings such as Session Settings, Password Policies, Certificate and Key Management, and File Upload and Download Security Settings.
  • Summary score indicates how an org performs based on the security baseline (default is Salesforce Baseline Standard).
  • Security baseline can be exported and imported in xml format. (click the gear icon to export or import)
  • Up to 5 custom baselines can be uploaded.
  • Grade is used to assess the overall security status and it is grouped by the following:
    • 90% and above -> excellent
    • 80% - 89% -> very good
    • 70% - 79% -> good
    • 55% - 69% -> poor
    • 54% and below -> very poor
  • Different type of status indicates the urgency: Critical, Warning and Compliant.

System Overview


  • System Overview displays an information overview of current org.
  • When the org reaches 95% of limit, home page will display the messages.
  • Configure Messages allows to choose which type of messages to be displayed on home page.
  • Permission required to view System Overview: Customize Application

Storage Usage


  • Storage Usage consists of Data Storage and File Storage.
  • File Storage includes:
    • Files in attachments
    • Documents tab
    • Files tab
    • Chatter files
    • assets
  • Find out Overall Top Files by Storage Utilization at the bottom of the Storage Usage page.
  • Data Storage includes:
    • Storage on objects like Account, Lead, Opportunity and etc.

Debug Log

  • Debug Log records database operations, system processes, and errors that occur when executing a transaction or while running unit tests.
  • Debug log helps debugging issues related to database changes, HTTP callouts, Apex errors, workflow rules, assignment rules, approval process and validation rules.
  • NOTE: it does not include information from action triggered by time-based workflows.
  • Debug log can be set and retained for specific users, Apex classes and triggers.
  • Debug log can be viewed, downloaded or deleted.
  • Debug log provides detailed information along with timestamps and error of specific component at specific line.
  • Size limit for each debug log is 5MB. Any debug log larger than 5MB is reduced in size by removing older log lines.
  • If org accumulates more than 250MB of debug logs, users will be prevented from adding or editing trace flags.

Jobs (Scheduled/Background/Apex/Bulk Data)


  • Jobs can be scheduled to run at specific intervals of time.
  • Scheduled jobs:
    • Dashboard refresh
    • Reporting snapshot
    • Report run
    • Other components which have been set to run at specific time
  • Background jobs:
    • Sharing rules recalculation in Organization Wide Default (OWD)
    • User is notified through email when it is done.
  • Apex jobs:
    • Run Apex classes at specific interval of time.
    • Only 100 Apex jobs scheduled at one time.
  • Bulk data jobs:
    • Jobs that are done through data loader in CRUD
    • Export activities are performed for several records together.

Outbound Messages


  • Can be triggered via workflows or approvals to notify external servers by sending outbound messages.
  • When a workflow or approval process triggers an outbound message, a message is sent to the specific endpoint URL which contains the field specified at the time of setup.
  • Once message is received at the endpoint URL, it processes using the outbound messaging WSDL.
  • If endpoint URL is unavailable, it stays in the queue for 24 hours. After that, the message is removed from queue.
  • Outbound messagse might be delivered more than once or if over 24 hours in the queue, it might not be delivered at all. (reason why audit trails cannot be setup on Outbound messages)

Time-based Workflow


  • Time-based workflow rules can be used to send out emails or update fields after a specific time period.
  • For example: send out email to group of users when the case is not closed within 5 days.
  • NOTE: Time-dependent trigger doesn't support minutes or seconds. Also, they don't have access to DATE or DATETIME fields containing TODAY or NOW functions.
  • Time-dependent workflow limitation:
    • Doesn't support minutes or seconds
    • Can't reference DATE or DATETIME that contains derived functions, such as TODAY or NOW
    • Salesforce limits the number of time triggers an org can execute per hour. If the limits is 1000 and you have 1200 pending workflows, the 200 will be executed in next hour.
    • Can't archieve a product or pricebook that has pending actions.
    • Can't add or remove time triggers or edit trigger dates without deleting the action first.
  • Time-based workflows do not run on previously created records.
  • Time-based workflows cannot be used when the evaluation criteria is "Every time a record is created or edited".
  • Time-based workflow records can be deleted from queue if they are not required in queues.

API Usage Notification


  • Email notification will be sent to administrator if the org exceeds the specific limit for the number of API requests made in specified span of hours.
  • Notification interval can be set between 1 to 24 hours.
  • If exceeding the threshold, it will trigger the email notification to the notification recipient every intervals until the the limit is no longer exceeded.
  • A maximum of 10 notifications can be created for an organization.

Well, that's all for now. I will upload more new content when I see fit. For now, let's stick with what I have here for now. Have a good one!

Post was published on , last updated on .

Like the content? Support the author by!