With Confluence OnDemand, the only access logging is the apache access log, which is only going to show you the IP address of those who accessed your instance. It sounds like this user has legitimate access to at least part of your instance, so this probably won't be of any benefit.
If this would be of any help for you, just submit a support request and we will send the log over right away.
Hi team, I’m Avinoam, a product manager on Confluence Cloud, and today I’m really excited to let the Community know that all customers can now try out the new editing experience and see some of the ...
Connect with like-minded Atlassian users at free events near you!Find a group
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no AUG chapters near you at the moment.Start an AUG
You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs