Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Salesforce Security Auditing


The JSA DSM for Salesforce Security Auditing can collect Salesforce Security Auditing audit trail logs that you copy from the cloud to a location that JSA can access.

The following table identifies the specifications for the Salesforce Security Auditing DSM:

Table 1: Salesforce Security Auditing DSM Specifications






Salesforce Security Auditing

RPM file name



Log File

JSA recorded events

Setup Audit Records

Automatically discovered


Includes identity


More information

Salesforce web site (

Salesforce Security Auditing DSM Integration Process

To integrate Salesforce Security Auditing DSM with JSA, use the following procedures:

  1. If automatic updates are not enabled, download and install the most recent versions of the following RPMs on your JSA Console:

    • Log File Protocol RPM

    • Salesforce Security Auditing RPM

  2. Download the Salesforce audit trail file to a remote host that JSA can access.

  3. For each instance of Salesforce Security Auditing, create a log source on the JSA Console.

Downloading the Salesforce Audit Trail File

To collect Salesforce Security Auditing events, you must download the Salesforce audit trail file to a remote host that JSA can access.

You must use this procedure each time that you want to import an updated set of audit data into JSA. When you download the audit trail file, you can overwrite the previous audit trail CSV file. When JSA retrieves data from the audit trail file, JSA processes only audit records that were not imported before.

  1. Log in to your Salesforce Security Auditing server.
  2. Go to the Setup section.
  3. Click Security Controls.
  4. Click View Setup Audit Trail.
  5. Click Download setup audit trail for last six months (Excel.csv file).
  6. Copy the downloaded file to a location that JSA can reach by using Log File Protocol.

Configuring a Salesforce Security Auditing Log Source in JSA

To collect Salesforce Security Auditing events, configure a log source in JSA.

  1. Log in to JSA.
  2. Click the Admin tab.
  3. In the navigation menu, click Data Sources.
  4. Click the Log Sources icon.
  5. Click Add.
  6. From the Log Source Type list, select Salesforce Security Auditing.
  7. From the Protocol Configuration list, select Log File.
  8. Configure the following Salesforce Security Auditing parameters:



    Event Generator

    RegEx Based Multiline

    Start Pattern

    (\d{1,2}/\d{1,2}/\d{4} \d{1,2}:\d{2}:\d{2} \w+)

    End Pattern

    Ensure that this parameter remains empty.

    Date Time RegEx

    (\d{1,2}/\d{1,2}/\d{4} \d{1,2}:\d{2}:\d{2} \w+)

    Date Time Format

    dd/MM/yyyy hh:mm:ss z


    These values are based on the Winter 2015 version of Salesforce Security Auditing. For previous versions, use the following regex statements:

    • For the Start Pattern parameter, use the following statement:

    • For the Date Time RegEx parameter, use the following statement:

    • For the Date Time Format parameter, use MM/dd/yyyy hh:mm:ss aa z

  9. Configure the remaining parameters.
  10. Click Save.
  11. On the Admin tab, click Deploy Changes.

Related Documentation