Audit logs

Audit logs record every meaningful state change in your organization — who did what, when, from which IP. They're the trail of evidence you need for security reviews, post-incident debriefs, and compliance attestations.

Audit logs are a Pro plan feature. Lower tiers do not retain a visible audit trail.

What gets logged

The following actions write a row to the audit log:

Each row carries:

• Timestamp — when the action occurred (UTC).
• User — who performed the action (email, name).
• Action — which event from the table above.
• Resource type + resource ID — what was affected.
• IP address — the source IP (after Cloudflare / proxy resolution).
• User agent — the browser or API client.
• Metadata — JSON blob with action-specific detail (e.g. the old vs. new fields on an update).
• Impersonation marker — if a StatusOwl staff member was impersonating you for support, the row shows both the apparent user and the impersonator. This is rare and surfaced explicitly in the UI.

Member changes, billing actions, and API-key operations also generate audit entries; the surface above lists the events the dashboard filters by today.

Viewing the log

Open Organization → Audit Logs (Pro plan only). The view paginates 50 entries per page and supports:

• Search — full-text across action, resource type, resource ID, user email, and metadata.
• Action filter — narrow to one event type (e.g. only integration.deleted).
• Resource type filter — narrow to monitors, status pages, or integrations.
• Date range — start / end date pickers (ISO timestamps under the hood).
• Expand row — click any row to open the full metadata JSON, IP, and user agent.

Who can see audit logs

Visibility is restricted to Owner and Admin roles. Billing, Member, and Viewer roles cannot open the page. See Roles & permissions for the full matrix.

Retention

Audit log entries are retained per your plan's data_retention_days setting. On the Pro plan, retention is generous enough to cover quarterly audits comfortably; for longer retention requirements (annual or multi-year), contact sales@statusowl.net to discuss Enterprise terms.

Export

The dashboard renders audit entries in a table for review. There is no built-in CSV / JSON export at this time — for large extracts, contact support and we'll generate one for you. A self-serve export is on the roadmap.

What's not logged

Audit logs cover state-changing actions in your organization. They do not capture:

• Read-only views (opening a dashboard, listing monitors). Audit logs are about change, not browsing.
• Monitor check results — those live in the time-series store and are queried through the monitors API (when shipped) or the per-monitor dashboard view.
• Public status-page traffic — visitor analytics are separate from audit logging.
• API request logs at the per-request level. The dashboard tracks per-key last_used_at and aggregate request_count (see Managing API keys); full per-request logs aren't exposed.

Use cases

A few patterns we see customers lean on audit logs for:

• Security review. "Show every integration created in the last 30 days." Filter by integration.created + 30-day range.
• Post-incident debrief. "Did anyone touch the affected monitor in the hour before the outage?" Filter by the monitor's UUID.
• Onboarding hygiene. "Did the new admin only modify resources in their assigned scope?" Filter by user email.
• Compliance. Quarterly export to your GRC tool for SOC 2 or ISO 27001 evidence collection.

See also

• Roles & permissions — who can view audit logs.
• Plans & limits — audit logs are a Pro-tier feature.
• Managing API keys — key lifecycle events that appear in the audit log.