Six ways to track activity in NetSuite

Whether you’re preparing for an audit, troubleshooting an issue, or comparing your production and development environments, NetSuite’s user activity logs offer several ways to track what’s happening in your system.

However, while these logs are powerful, they can be difficult to analyze at scale and don’t always provide the full context needed for audit and security investigations.

Read on for a quick overview of six of the most important tools in your NetSuite account.

NetSuite system notes

NetSuite system notes are a time-stamped log of changes to customizations, configurations, and other record types. They include:

• Who made the change
• Their role at the time
• The field that was modified
• Before and after values
• How the change was made (UI, script, or web service)

This level of detail makes system notes essential for audit and segregation of duties (SoD) analysis.

There are a few important limitations to keep in mind. System notes track changes, not views, so you won’t see who looked at a record. Some large fields may not store before and after values, and if a record is deleted, the associated system notes are no longer available.

In addition, high-volume environments can generate millions of system notes per month, making analysis difficult without additional tools.

(Hint: enabling system notes on record creation will make audit prep a lot simpler for public companies.)

As you can imagine, a busy account can produce thousands of system notes every day — to make it easier to find the information you’re looking for, NetSuite gives you some out-of-the-box searches, called audit trails, that focus on specific record types and activities.

Analytics audit trail

The analytics audit trail tracks changes to saved searches, reports, search schedules, and layouts. It shows:

• What changed
• Who made the change
• When it happened

Think of it as system notes for analytics objects, helping you maintain control over reporting logic and outputs. It tracks both deletions and changes.

There is also a related execution log showing when a saved search was last run and by whom.

Login audit trail

Another audit trail that’s critical for SOX compliance and overall security is the login audit trail. It tracks:

• Login attempts (successful and failed)
• User identity and role
• IP address and access method

Regular review can help identify unauthorized access attempts and support role and permission cleanup initiatives, including preparation for segregation of duties (SoD) projects.

Script execution logs

Script execution logs, by default, track script errors, but they can be configured to capture audit messages and debug data if needed.

Script execution logs aren’t based on system notes, so they are not immutable and can be written to via code. They are also retained for a limited time, typically around 30 days, making them more useful for troubleshooting than for audit purposes.

Workflow history and execution logs

Workflow history and execution logs serve a similar purpose as script execution logs, but, obviously, for workflows. They track actions and transitions that execute on a record that are triggered by a workflow, including server triggers, event types and contexts, and more.

Like script execution logs, they are primarily used for debugging and validation, and are rarely central to audit or compliance efforts.

Deleted record logs

Finally, the deleted record log shows you information about deleted transactions, including who did it and when. This is important information for auditors but unfortunately NetSuite’s user activity logs only capture certain record types — customizations and setup preferences, for example, aren’t tracked — and don’t give you a lot of corroborating information about the deletion itself.

This becomes more challenging because system notes are no longer available after deletion, which can leave gaps during investigations or audits.

The big takeaway is that while NetSuite’s user activity logs, system notes, and audit trails provide detailed visibility into system activity, they also create challenges. High volumes of data, limited context, and gaps like lost system notes after deletion can make it difficult to fully understand what changed, why it changed, and what impact it had.

To maintain control over your NetSuite environment, teams need more than raw logs. They need clear visibility into configuration changes, dependencies, and how roles and permissions are actually used in practice so they can reduce risk, support audits, and ensure changes don’t introduce unintended consequences.

How Netwrix can help

NetSuite provides detailed activity tracking, but understanding what those changes actually mean for your environment is where most teams struggle.

Netwrix Platform Governance gives you the visibility and control needed to move beyond raw logs and manage your NetSuite environment with confidence.

• See what changed and why it matters: Quickly identify configuration changes across your environment and understand their impact.Instead of digging through system notes, you can see how changes relate to each other, understand dependencies across configurations, and assess their impact in context.
• Understand dependencies before changes break things: NetSuite environments are highly interconnected. Platform Governance maps relationships between objects so you can avoid unintended consequences when making changes or deploying updates.
• Investigate issues faster: Stop piecing together data across multiple logs. Get a clear view of changes, context, and impact in one place so you can resolve issues and answer auditor questions quickly.
• Maintain control over roles and permissions: Understand how roles are used in practice and identify risky changes that could impact segregation of duties (SoD) or access controls.
• Support audits without manual effort: Provide clear, complete visibility into system activity and configuration changes, making it easier to demonstrate control and respond to audit requests.

NetSuite tracking tools give you the raw data you need, but turning that data into clear insight is what enables better decisions. By adding visibility into configuration changes, dependencies, and real-world usage, teams can move from reactive investigation to proactive control of their NetSuite environment.