# Report Types ## About Commander provides the ability to run a variety of reports using event data and compliance data. ## Common Reports A few examples of the types of reports that Commander can run include the following: * Find users that have not logged in for X days * See the last time each user last logged in * Find users that have not created or updated any records in X days * See all record UIDs that have been accessed by a user * Determine which shared folders that a team has access to * Determine which record passwords have NOT been changed in X days ## Saving Reports to a File All reports in Commander can be saved to a file. To do this, add the following options to any report command: `--format` This option tells Commander what form to return the report in. The options are `json`, `csv`, and `table` (which is the default view) `--output` This option tells Commander the name of the file to save the report output to. If the given file does not exist, it will be created. ### Examples Save a report as a CSV for use with Microsoft Excel or Google Sheets. ``` share-report --shared-folders --format csv --output "shared_folder_report_results.csv" ``` Save a report as a json file for use with scripts ``` user-report --format json --output "user_report.json" ```
Where are files saved? When Commander creates a file it can be saved in one of a few places depending on how Commander is being run and what options were used. **Default Commander File Locations** If you are using the application version of Commander, files are saved to your user directory be default. That is `C:\users\username` for Windows and `/Users/username` for MacOS. If you are using Commander from the command line/terminal then files will be saved in the current directory by default. **Setting Specific Locations** When creating a file with Commander, if you provide a path before the filename, Commander will add the file in the specified location. Paths can be relative or specific.\ e.g. `[...] --output "/reports/report.csv"` will put the file in a folder called "reports" relative to the default location (so `/Users/username/reports/` on Application version and `current directory/reports/` if using the command line) `[...] --output "C:\reports\report.csv"` will place the file in a folder named "reports" in the C directory (if on Windows)
## Report Types Learn more about the reports that Commander can run. Click an option from this list to see the command documentation.
CommandExplanation
action-reportShow users that haven't performed a specific action in a given number of days
aging-reportDisplay a report of password changes and search for records that have NOT been changed
audit-logExport the enterprise audit and event logs
audit-reportShow a customized report of audit events
compliance-reportSee information about records in vaults of users across the enterprise
msp-legacy-reportDisplay information about available managed company licenses
security-audit-reportShow report of password security strength for each user in the enterprise
shared-records-reportDisplay information about shared records
share-reportShow a report of shared records in the logged-in Keeper vault
user-reportShow a report of user logins
## Common Reports in Detail ### Find Users that have not Logged in {% hint style="info" %} Requires the ARAM add-on {% endhint %} ``` action-report --target no-logon ``` By default this looks back 30 days (results are all users that have not logged in in 30 days). The number of days to look back for can be changed with the flag: `--days X` where "X" is the number of days to use.
Example ``` My Vault> action-report --target no-logon Admin Action Taken: COMMAND: None STATUS: n/a SERVER MESSAGE: n/a AFFECTED: 0 3 Users With "no-logon" Status Older Than 30 Day(s): username ----------------------------------------- john.smith@examplecorp.com jane.doe@examplecorp.com chris.apple@examplecorp.com ```
## See the last time each user logged in ``` user-report --last-login ``` To include more details, such as the user's team(s) and Node run `user-report` without `--last-login`
Example ``` My Vault> user-report --last-login Querying latest login for the last 365 days Email Name Status Transfer Status Last Login ----------------------------------------- ----------------------------------------- -------- ----------------- ------------------------- john.smith@examplecorp.com John Smith Active 2022-08-22 12:33:03-05:00 chris.apple@examplecorp.com Chris Apple Invited sam.strong@examplecorp.com Samantha Strong Active 2022-08-09 13:03:31-05:00 jane.doe@examplecorp.com Jane Doe Active 2022-10-10 09:07:34-05:00 admin+comms@examplecorp.com Communication Admin Active ```
## Find users that have not created or updated any records {% hint style="info" %} Requires the ARAM add-on {% endhint %} ``` action-report --target no-update ``` By default this looks back 30 days (results are all users that have not created or updated records in 30 days). The number of days to look back for can be changed with the flag: `--days X` where "X" is the number of days to use.
Example ``` My Vault> action-report --target no-update Admin Action Taken: COMMAND: None STATUS: n/a SERVER MESSAGE: n/a AFFECTED: 0 3 Users With "no-update" Status Older Than 30 Day(s): username ----------------------------------------- john.smith@examplecorp.com jane.doe@examplecorp.com chris.apple@examplecorp.com ```
## See all records historically accessed by a user {% hint style="info" %} Requires ARAM add-on and Compliance Reports add-on {% endhint %} ``` compliance record-access-report ``` Replace \ with the username or email address of the user to see access history of. To list records currently in a user's vault, use: `compliance record-access-report --report-type vault ` For complete visibility of all records accessible to a user (owned plus shared), combine `compliance report` with `compliance record-access-report --report-type vault` and join where `compliance report.username == rar.vault_owner` and `record_uid` matches. {% hint style="warning" %} In some Commander versions, `--report-type vault` may not include all shared records. For complete vault visibility, use the recommended workflow above. {% endhint %}
Example ``` My Vault> compliance record-access-report john.smith@examplecorp.com Loading record information..... Record UID Record Title Record URL Record Owner IP Address Device Last Access ---------------------- --------------------------------- --------------------------------- ------------------------- --------------- ----------------- ------------------- x4AOxLwR5tSA7u5R9Bwplw wifi details john.smith@examplecorp.com 11.00.001.001 Web App 16.7.3 2022-10-13 12:38:33 xrnnK1HWSLMVh_irjIGAJw SAP Connect john.smith@examplecorp.com 11.00.001.001 Commander 16.7.0 2022-10-13 12:12:46 xB36NT_lPxestkuCCg_35w 11.00.001.001 Web App 16.8.0 2022-10-07 09:39:10 U7YOaZv4pmLXGfTHPXuvaA 11.00.001.001 Commander 16.7.0 2022-10-05 15:09:43 a9TshEIoSluKXAccdJhHIQ Dropbox dropbox.com/login sam.strong@examplecorp.com 11.00.001.001 Commander 16.7.0 2022-10-05 15:09:31 6wSYfG9UeHTzDDSIGeuiyg Twitter https://www.twitter.com john.smith@examplecorp.com 11.00.001.001 Commander 16.7.0 2022-10-05 15:09:25 o6BJUKCGLa7mmMApzPjw4A KCM Connect SSH 127.0.0.1 john.smith@examplecorp.com 11.00.001.001 Commander 16.7.0 2022-10-05 15:09:14 ```
## See What Shared Folders Teams Have Access To {% hint style="info" %} Requires Compliance Reports add-on {% endhint %} ``` compliance team-report ```
Example ``` My Vault> compliance team-report Loading compliance data....:...:...:...:...:...:...:...:...:...:...:...:...: Team Name Shared Folder Name Shared Folder UID Permissions ----------- -------------------- ---------------------- ------------- Comms-Team Comms Team Logins 8-2gk4cde5hWN5q7ENwpCA read-only Engineering Deployment Credentials 3kf9kd4e5hWdN5q7Ed9fS0 can-edit Management Finances Logins dO9S0cMQ_kPYAsUYILVlSA can-share ```
## Determine which record passwords have NOT been changed {% hint style="info" %} Requires Compliance Reports add-on {% endhint %} ``` aging-report ```
Example ``` My Vault> aging-report --format=table --period=1y Owner Record Title Last Password Change Shared Record URL --------------- ------------ ---------------------- -------- ---------- user1@company.com Hilton 2020-05-14 12:41:48 False https://... user1@company.com AlienVault 2020-02-04 12:30:35 True https://... user1@company.com TripAdvisor 2020-07-08 15:22:55 False https://... user2@company.com Amazon --- False https://... user2@company.com Kayak 2021-05-25 09:13:56 False https://... user2@company.com Amazon --- False https://... ```
## Get a list of all records accessible in a user's vault {% hint style="info" %} Requires Compliance Reports add-on {% endhint %} ``` compliance report compliance record-access-report ``` If you want to get a list of all visible records in the vault at Enterprise-level, no single report will yield this information. This is because the `compliance report` only returns owned records, while the `compliance record-access-report` only returns records with at least one sharing relationship. As such, by merging and de-duplicating both reports, all accessible records would be present.
Example ``` My Vault> compliance report -r -nc --aging --active-items -u user@company.com Record UID Title Type Username Permissions URL In Trash Shared Folder UID Created Last Pw Change Last Modified Last Rotation ---------------------- --------------------------------- ------ ------------------------------- ---------------------------- ----------------------- ---------- ---------------------- ------------------- ------------------- -------------------- --------------- YxJnMZXOs3mspxrZJ-NnPw Owned record (not shared) login user@company.com owner,edit,share,share_admin owned.com False 2026-02-24 09:51:47 2026-02-24 10:00:41 2026-02-24 10:00:36 hjhrpu7_FI4KaQHIh57zZw Owned record (shared) login user@company.com owner,edit,share,share_admin owned-shared.com False 7lkjCcmUO0f7UPOm_HK_vA 2026-02-24 09:49:14 Owned record (shared) login user2@company.com read-only owned-shared.com False 7lkjCcmUO0f7UPOm_HK_vA 2026-02-24 09:49:14 My Vault> compliance record-access-report --report-type vault -r -nc --aging -e user@company.com Vault Owner Record UID Record Title Record Type Record URL Has Attachments In Trash Record Owner IP Address Device Last Access Created Last Pw Change Last Modified Last Rotation ---------------- ---------------------- ------------------------- ------------- ------------------ ----------------- ---------- ------------------------------- ------------ -------------- ------------------- ------------------- ---------------- ------------------- --------------- user@company.com hjhrpu7_FI4KaQHIh57zZw Owned record (shared) login owned-shared.com False False compliance1@tractondynamics.com 10.0.12.33 Web App 17.5.1 2026-02-24 09:53:53 2026-02-24 09:49:14 URxbwDkwESW8fuh43RzBZg Shared record (not owned) login shared-record.com False False compliance2@tractondynamics.com 2026-02-24 09:52:24 ```
--- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.keeper.io/keeperpam/commander-cli/command-reference/reporting-commands/report-types.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.