Skip to main content

General information about the Audit Logs service

For your information

Audit logs can only be accessed by the Account Owner, a user with the member role in the Account access scope, and a user with the audit_logs.admin.

Audit Logs is a service for collecting and storing logs of events that occur in an account. Events reflect operations with resources or users:

  • authentication and starting or ending a session in the Control Panel;
  • reading specific data (accessing the Secrets Manager service, reading encryption keys, etc.);
  • managing access rights and security services (users, roles, passwords, tokens, access keys, secrets, certificates, etc.);
  • mutating operations with resources (creating, modifying, deleting servers, networks, volumes, etc.).

Audit logs include successful and unsuccessful events, as well as events that are not allowed by security policies. When an event occurs, it is recorded in the audit logs and becomes available within several minutes.

Audit logs are collected automatically and stored for 90 days. At any time, you can export them manually or configure export via API.

Tasks solved

The Audit Logs service can be used for:

  • passing audits, certifications, and compliance procedures;
  • monitoring access to sensitive information;
  • filtering logs for transmission to analysis systems;
  • tracking suspicious behavior;
  • analyzing the actions of a specific user or service and detecting anomalies;
  • investigating information security incidents.

Pricing

The service is provided free of charge.