Skip to main content
The Audit log is a tamper-evident record of every administrative action on a gateway — config changes, key rotations, user invites, provider edits, failed auth, and so on. Open Settings → Audit log (/dashboard/settings/audit-log) in the dashboard.
Audit logs are local-only. They stay on the gateway that recorded them and are never routed through the cloud. Viewing them requires the dashboard to be connected to that gateway — see Activation.
Audit log

Columns

ColumnNotes
Log IDUnique event identifier.
WhenTimestamp (supports seconds, milliseconds, and ISO).
WhoActor email or user ID.
ActionColor-coded badge: delete (red), update (yellow), create / auth (blue), read (green).
TargetResource type acted upon.
RoleActor’s role at the time of the event.
OriginSource IP.
Columns are sortable and resizable.

Filters

  • Free-text search — debounced, matches any field, server-side.
  • Who — actor dropdown.
  • Action — All Actions, Read, Create, Update, Delete.
  • Target — resource type.
  • Time range — All Time, Last Hour, 24h, 7d, 30d, or custom calendar.
  • Refresh — manual refetch.

Event categories

Actions are bucketed by the verb in the event name:
BucketMatches
Deletedelete, revoke, remove, suspend, block, deny, reject.
Updateupdate, edit, modify, change, rotate, reset.
Createcreate, write, add, invite, register, enable, login, auth, connect.
Readread, list, get, view, fetch, query, success.

Row actions

  • Expand — pretty-printed JSON with every field broken out.
  • Raw / Details toggle — switch between structured view and raw payload.
  • Copy event — copies the full JSON to the clipboard.
No export from this view; use the gateway’s CLI if you need bulk extraction.

Access

Any dashboard user with access to the connected gateway can read the audit log. Role-based restrictions on the audit log itself are not applied in the UI; the action badge shows the actor’s role at the time of each event for attribution.