Appearance
Audit Logs
Audit logs show security-relevant activity in your organization. Use them to review administrative changes, investigate unexpected access, and prepare an evidence trail for internal review.
Opening Audit Logs
Go to Settings > Organization > Audit Logs.
Audit logs require admin-level access. If the page asks for elevated access, approve the request before loading logs.
What Gets Recorded
Audit events can include:
- User login and failed login attempts.
- Member invitations.
- Member role changes.
- Member removal.
- Credential creation and revocation.
- Administrative actions from platform services.
Each event can include timestamp, action, source area, actor, target, outcome, client ID, IP address, user agent, and structured metadata.
Filtering
Use filters to narrow the event list:
- Time range — Last hour, 24 hours, 7 days, or 30 days.
- Action — Show one event type.
- Source — Show events from one source area.
Expand a row to inspect event metadata.
Investigation Workflow
- Select the time range around the incident.
- Filter by action or source area if you know it.
- Expand suspicious rows.
- Compare actor, target, IP address, and outcome.
- Revoke affected credentials or adjust member roles if needed.
Troubleshooting
| Symptom | What to check |
|---|---|
| Audit page is not visible | You need admin access. |
| Logs do not load | Approve the elevated access request and retry. |
| Expected event is missing | Check a wider time range and remove action/source filters. |
| Actor is a service client | Review credentials in Credentials & Webhooks. |
| Event metadata is unclear | Contact support with the event timestamp and event ID if available. |