The Setup Audit Trail does not need to be turned on. It records by default. The configuration work is on the consumption side: accessing it, filtering it, downloading it, and archiving it for long-term retention.
- Open Setup Audit Trail
Setup, in the Quick Find type Setup Audit Trail, click the link under Security. The default view shows the most recent 20 entries.
- Filter by date, user, or section
Above the entries list, filter by date range, by user, or by section (Apex Classes, Manage Users, Security Controls). Filters combine with AND logic. Use them to narrow large logs.
- Search the Display field
For specific changes (a particular custom field, a named Apex class), use the search box on the Display field. Pattern matching is substring, not regex, but adequate for most queries.
- Download the full 180-day log
Click Download Setup Audit Trail. The platform generates a CSV with all entries from the past 180 days. Save the file with a date stamp. The CSV is the canonical export for compliance audits.
- Schedule monthly external archive
For longer retention than 180 days, schedule a monthly extract through a CI job or a scheduled Apex export. Push the file to an external archive (S3, on-prem SIEM). This preserves the audit history beyond Salesforce's default retention.
- Buy Field Audit Trail for compliance-heavy orgs
For 10-year retention without manual archiving, purchase the Field Audit Trail add-on. It extends Setup Audit Trail (and Field History) to up to 10 years and adds queryable history tables.
Top-of-page filter that narrows entries to a specific window. Useful for compliance "what changed in Q3" questions.
Narrow to changes made by a specific user. Critical for forensic investigations.
Narrow to a category (Apex Classes, Manage Users, Security Controls). Each category has its own audit log filter.
Generates the past 180 days as a CSV. The download is the source of truth for offline analysis and external archival.
Paid extension that grows retention from 180 days to up to 10 years and adds queryable history tables for Setup, Field History, and Big Object archives.
- Setup Audit Trail retention is 180 days by default. Older entries are gone unless you exported them. Schedule monthly CSV archives if your compliance regime requires longer history.
- The trail does not show pre-change vs post-change values. It tells you a Flow was edited, not what changed inside the Flow. For pre/post comparisons, use source control or a change-tracking tool.
- Record-level data changes are not in the audit trail. Field History Tracking captures field-value changes on standard and custom objects, but it has its own retention and selection rules.
- Reads, queries, and exports of record data are not in the audit trail. Event Monitoring is the right tool for those, and it is a paid add-on with much finer granularity.
- Managed package install events appear in the trail with the package's namespace in the Source field. Use this to confirm which version of a package is installed at a given point in time.