How to read the Recording Access Log to see who opened a recording

Someone asks: who listened to that recording, and when? In VICIdial the answer lives in the Recording Access Log. It is a plain audit trail that logs which user opened which recording and at what time. If you handle sensitive calls, this is the report that proves who touched what.

What the log actually records

Every time a user opens or plays a recording through the admin interface, that access is written to the log. A Call recording is the stored audio of a call, whether it was captured automatically by the campaign or started by an agent as On-demand recording. The log does not change the audio in any way. It only notes the act of accessing it: the user ID, the time of access, and which recording was opened.

flowchart TD
  A[User opens a recording] --> B[VICIdial writes an access row]
  B --> C[Row stores user ID]
  B --> D[Row stores access date and time]
  B --> E[Row stores recording date and time]
  C --> F[Recording Access Log report]
  D --> F
  E --> F
  F --> G[Audit who touched what]

Three ways to search it

1. By access date and time. Use this when you want to know everything that was opened during a window, for example after a customer complaint or a security review.
2. By recording date and time. Use this when you have one specific call in mind and want to see whether anyone has ever pulled it up, and who.
3. By user ID. Use this when you are auditing a single person, for instance confirming an agent or manager only accessed recordings they were entitled to hear.

Each search returns rows you can read top to bottom: the user who accessed, the time they did it, and the recording they opened. Cross-check the user ID against the role that person holds. A floor agent pulling dozens of unrelated recordings is a flag worth chasing. The three search modes overlap on purpose, so you can come at the same event from whichever angle you have. If a customer says their call was misused but only gives you a rough date, start with the recording date search and narrow from there. If your security team hands you a name, start with the user ID search instead.

Read the timestamps carefully. The access time and the recording time are two different columns and they answer different questions. The recording time tells you when the call happened. The access time tells you when someone reached for it afterwards. A long gap between the two is normal for an old call pulled during a dispute. A burst of accesses to many recordings in a few minutes by one user is the pattern worth a second look.

Why this matters for compliance

If you operate under rules like GDPR or you hold recordings of payment calls, you are expected to know who can reach that audio and to be able to show access history on demand. The access log is what turns that from a promise into evidence. Pair it with a sane Recording retention policy so you are not storing audio longer than the rules allow, and with a PCI pause step so card numbers never land in the recording in the first place.

If a search comes back empty for a recording you know exists, that usually means nobody has opened it through the interface yet, which is itself a useful answer during an investigation. For a wider view of access questions, work through the troubleshooting playbook, and when the recording itself is missing rather than just unaccessed, see where recordings go and how to find them. If you would rather not babysit recording security and server access on a self-managed box, let VICIfast run the box for you.