Audit logs

Examine user actions by logging them into an HTTP log drain.

Enable audit logs

Use Better Stack to store and examine your audit logs.

1. Create an HTTP logs source

1. Go to Telemetry → Sources → Connect source.
2. Name the source Audit logs.
3. Copy the Source token and Ingesting host.

2. Set up audit logs

1. Go to Better Stack → Organization → Features.
2. Enable the Audit logs toggle.
3. For URL, enter https://$INGESTING_HOST/, replacing $INGESTING_HOST with the Ingesting host from your source.
4. For Header name, enter Authorization.
5. For Header value, enter Bearer $SOURCE_TOKEN, replacing $SOURCE_TOKEN with the Source token from your source.

3. Check your audit logs

You should see your audit logs in Telemetry → Live tail.

Audit logs format

Example of an audit log of a user deleting a monitor:

{
    "email": "simon@betterstack.com",
    "event": "DELETE request",
    "ip": "89.24.32.123",
    "message": "Simon Let <simon@betterstack.com> (user ID 123, team ID 456, organization ID 789) sent a GET request from 89.24.32.123 to https://uptime.betterstack.com/team/456/monitors/175",
    "name": "Simon Let",
    "organization_id": 789,
    "team_id": 456,
    "url": "https://uptime.betterstack.com/team/3/monitors/175",
    "user_id": 123
}

Need help?

Please let us know at hello@betterstack.com. We're happy to help.