> ## Documentation Index
> Fetch the complete documentation index at: https://docs.upmetr.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Audit Logs

> Track security events and user activity across your organization with Upmetr's audit trail

Audit logs provide a complete security trail of all significant actions performed within your organization. Every login, configuration change, and resource modification is recorded with details about who performed the action, when, and from where.

<Note>
  Audit logs require the **audit\_logs** module, available on the **Enterprise** plan. Navigate to **Settings > Audit Logs** to access them.
</Note>

## What Gets Logged

Upmetr automatically records the following categories of events:

| Category            | Events                                                                                   |
| ------------------- | ---------------------------------------------------------------------------------------- |
| **Authentication**  | Login, logout, failed login attempts, password changes                                   |
| **MFA**             | MFA enabled/disabled, verification attempts, backup code usage, backup code regeneration |
| **Magic Link**      | Magic link sent, verified, failed                                                        |
| **Team Management** | User created, updated, deleted                                                           |
| **Cloud Accounts**  | Account added, updated, deleted, connection tested, resource discovery triggered         |
| **Uptime Monitors** | Monitor created, updated, deleted                                                        |
| **Incidents**       | Incident acknowledged, resolved, deleted                                                 |
| **Compute Actions** | EC2 instance start, stop, reboot                                                         |
| **Infra Agents**    | Agent created, updated, deleted, token regenerated                                       |
| **Alert Rules**     | Rule created, updated, deleted                                                           |
| **Status Pages**    | Client status page created, updated, deleted, token regenerated                          |
| **Settings**        | System settings updated, status page token regenerated                                   |
| **System**          | API access events, rate limiting                                                         |

Each log entry captures:

* **User** — who performed the action (email address)
* **Action** — what was done
* **Resource** — the affected resource type and ID
* **IP Address** — the originating IP
* **Timestamp** — when the action occurred
* **Status** — whether the action succeeded or failed

## Viewing Audit Logs

The audit logs page displays four summary cards at the top:

* **Total Events** — all-time event count for your organization
* **Events Today** — number of events recorded today
* **Logins (24h)** — successful logins in the last 24 hours
* **Failed Logins (24h)** — failed login attempts in the last 24 hours

<Tip>
  Keep an eye on the **Failed Logins** card. A sudden spike may indicate a brute-force attempt against one of your team member accounts.
</Tip>

### Filtering

Use the filter bar to narrow results:

* **Action** — filter by a specific action type (e.g., only login events)
* **Status** — show only successful or only failed events
* **Per Page** — adjust pagination (25, 50, or 100 entries per page)

Click **Clear all** to reset filters, or **Refresh** to fetch the latest events.

## Access Control

<Warning>
  Only **Superadmins** can view audit logs. Other roles (Admin, Viewer) do not have access to the audit logs page. If you need to review audit logs, ask your organization's Superadmin.
</Warning>

## Retention

Audit logs are retained indefinitely. All events remain accessible for the lifetime of your organization, ensuring you always have a complete historical record when needed for investigations or compliance reviews.

## Compliance

Audit logs help your organization meet regulatory requirements such as **LGPD** (Brazil) and **GDPR** (EU) by providing:

* A tamper-evident record of who accessed or modified personal data
* Traceability of authentication events and permission changes
* Evidence of security controls (MFA, access reviews) for auditors

<Tip>
  Regularly reviewing audit logs is a best practice recommended by most compliance frameworks. Consider scheduling a monthly review of failed login attempts, permission changes, and sensitive resource modifications.
</Tip>
