Audit Logs

Track all activity in your organization for compliance and security.

What’s Logged

User Actions

• Sign in / sign out
• Profile changes
• Password changes

Document Actions

• Create, view, edit, delete
• Share and unshare
• Download and export

Organization Actions

• Member invitations
• Role changes
• Team management
• Settings changes

Security Events

• Failed login attempts
• Permission changes
• API key usage
• SSO events

Viewing Audit Logs

Go to Organization → Audit Logs

Log Entry Details

Each entry shows:

• Timestamp: When it occurred (UTC)
• Actor: Who performed the action
• Action: What was done
• Resource: What was affected
• IP Address: Source location
• Details: Additional context

Filtering Logs

By Action Type

• All actions
• Document actions
• User actions
• Admin actions
• Security events

By User

Search for specific user activity.

By Date Range

• Last 24 hours
• Last 7 days
• Last 30 days
• Custom range

By Resource

Filter by specific documents, teams, or other resources.

Search

Full-text search across:

• User names
• Actions
• Resource names
• IP addresses

Export Logs

Manual Export

1. Apply desired filters
2. Click Export
3. Choose format (CSV, JSON)
4. Download file

Scheduled Export

Automatically export logs:

1. Click Export → Schedule
2. Set frequency
3. Choose destination
4. Enable

SIEM Integration

For Enterprise customers:

• Stream logs to your SIEM
• Splunk, Datadog, etc.
• Real-time event streaming

Log Retention

Security Monitoring

Suspicious Activity

Look for:

• Failed login patterns
• Unusual access times
• Bulk downloads
• Permission escalation

Alerts (Enterprise)

Set up alerts for specific events:

1. Go to Audit Logs → Alerts
2. Create alert rule
3. Define trigger conditions
4. Set notification method

Next Steps

• Analytics - View usage analytics and insights
• Security - Configure SSO, SCIM, and security settings
• Roles & Permissions - Understand access control