Explore documentation
  1. Welcome to Uptime 👋
  2. Frequently Asked Questions
  3. Monitoring
    1. Get started with monitoring
    2. Working with monitors
    3. Customizing monitors
    4. Monitor types
  4. On-call scheduling and alerting
    1. Get started with on-call
    2. Sending alerts to Slack ↗
    3. Connecting external calendars
    4. Advanced on-call setup
  5. Incidents
    1. Working with incidents
    2. Create incidents manually
    3. Post mortems
    4. Incident silencing
    5. Incident metadata
  6. Status pages
    1. Get started with status pages
    2. Working with status pages
  7. Integrations
    1. Integrating with Better Stack
  8. Team and account management
    1. Team management
    2. Account settings
    3. Audit logs
  9. API
    1. Get started with API
  10. Monitors API
    1. Monitors
    2. Monitor groups
    3. Heartbeats
    4. Heartbeat groups
  11. On-call & Incidents API
    1. On-call calendar
    2. Escalation policies
    3. Severities
    4. Incidents
    5. Comments
  12. Integrations API
    1. New Relic Integrations
    2. Datadog Integrations
    3. AWS CloudWatch Integrations
    4. Azure Integrations
    5. Google Monitoring Integrations
    6. Grafana Integrations
    7. Prometheus Integrations
    8. Email integrations
    9. Incoming webhooks
    10. Splunk On-Call integrations
    11. PagerDuty Integrations
  13. Status pages API
    1. Status pages
    2. Status page sections
    3. Status page resources
    4. Status page reports
    5. Status page report updates
  14. Other API
    1. Metadata

Audit logs

Examine user actions by logging them into an HTTP log drain.

Enable audit logs

Use Better Stack to store and examine your audit logs.

1. Start by creating a Logs source

2. Set up audit logs

  • Navigate to Better Stack → Organization → Features.
  • Enable Audit logs toggle.
  • Fill in the URL: https://in.logs.betterstack.com/.
  • Header name: Authorization.
  • Header value: Bearer $SOURCE_TOKEN. Use the Source token you've copied earlier instead of $SOURCE_TOKEN.

3. Check your audit logs

You should see your audit logs in Logs → Live tail.

Want to send your audit logs somewhere else?

Use any URL, and we’ll send your audit logs there. We’ll use a POST request with audit logs in JSON format.

Audit logs format

Example of an audit log of a user deleting a monitor:

Example audit log for deleting a monitor
{
    "email": "simon@betterstack.com",
    "event": "DELETE request",
    "ip": "89.24.32.123",
    "message": "Simon Let <simon@betterstack.com> (user ID 123, team ID 456, organization ID 789) sent a GET request from 89.24.32.123 to https://uptime.betterstack.com/team/456/monitors/175",
    "name": "Simon Let",
    "organization_id": 789,
    "team_id": 456,
    "url": "https://uptime.betterstack.com/team/3/monitors/175",
    "user_id": 123
}

Need help?

Please let us know at hello@betterstack.com.
We're happy to help! 🙏

Previous article

Delete my account

Next article

Get started with Uptime API