Skip to main content
Audit logs provide a complete security trail of all significant actions performed within your organization. Every login, configuration change, and resource modification is recorded with details about who performed the action, when, and from where.
Audit logs require the audit_logs module, available on the Enterprise plan. Navigate to Settings > Audit Logs to access them.

What Gets Logged

Upmetr automatically records the following categories of events:
CategoryEvents
AuthenticationLogin, logout, failed login attempts, password changes
MFAMFA enabled/disabled, verification attempts, backup code usage, backup code regeneration
Magic LinkMagic link sent, verified, failed
Team ManagementUser created, updated, deleted
Cloud AccountsAccount added, updated, deleted, connection tested, resource discovery triggered
Uptime MonitorsMonitor created, updated, deleted
IncidentsIncident acknowledged, resolved, deleted
Compute ActionsEC2 instance start, stop, reboot
Infra AgentsAgent created, updated, deleted, token regenerated
Alert RulesRule created, updated, deleted
Status PagesClient status page created, updated, deleted, token regenerated
SettingsSystem settings updated, status page token regenerated
SystemAPI access events, rate limiting
Each log entry captures:
  • User — who performed the action (email address)
  • Action — what was done
  • Resource — the affected resource type and ID
  • IP Address — the originating IP
  • Timestamp — when the action occurred
  • Status — whether the action succeeded or failed

Viewing Audit Logs

The audit logs page displays four summary cards at the top:
  • Total Events — all-time event count for your organization
  • Events Today — number of events recorded today
  • Logins (24h) — successful logins in the last 24 hours
  • Failed Logins (24h) — failed login attempts in the last 24 hours
Keep an eye on the Failed Logins card. A sudden spike may indicate a brute-force attempt against one of your team member accounts.

Filtering

Use the filter bar to narrow results:
  • Action — filter by a specific action type (e.g., only login events)
  • Status — show only successful or only failed events
  • Per Page — adjust pagination (25, 50, or 100 entries per page)
Click Clear all to reset filters, or Refresh to fetch the latest events.

Access Control

Only Superadmins can view audit logs. Other roles (Admin, Viewer) do not have access to the audit logs page. If you need to review audit logs, ask your organization’s Superadmin.

Retention

Audit logs are retained indefinitely. All events remain accessible for the lifetime of your organization, ensuring you always have a complete historical record when needed for investigations or compliance reviews.

Compliance

Audit logs help your organization meet regulatory requirements such as LGPD (Brazil) and GDPR (EU) by providing:
  • A tamper-evident record of who accessed or modified personal data
  • Traceability of authentication events and permission changes
  • Evidence of security controls (MFA, access reviews) for auditors
Regularly reviewing audit logs is a best practice recommended by most compliance frameworks. Consider scheduling a monthly review of failed login attempts, permission changes, and sensitive resource modifications.