Audit Logs

Instance administrators have access to audit logs that detail the creation, modification, and deletion of instance resources by your instance’s team members. This allows admins to view a trail of edits made to any resource owned by that instance.

If you are a member of an instance and you have administrator permissions, you will find a link to the logs in the of the “Settings” tab:

Audit Logs Link

Log Entries

Currently, log entries are sorted by timestamp (latest to earliest). Audit logs are available for all instance edits from the second week of April 2024 onwards, and the records are kept for one year.

Audit Logs List

Available Information

The following information is available for each request included in the audit log:

  • Request ID
  • Timestamp of request
  • URL path and HTTP method, which maps to a Losant API method
  • Query parameters included in the request, if applicable
  • Request body, if applicable
  • Request initiator (usually an instance member, but occasionally an API token or other entity)
  • Response body, if applicable
  • HTTP response code

Audit Log Detail

Note that a number of sensitive details, such as passwords, credit card numbers, and invitation tokens, are redacted from the audit logs for security purposes.

What’s Recorded

As a general rule, any request that creates, edits, or deletes an instance resource will appear in the audit logs. More specifically …

  • Edits to the instance itself, such as recurring usage report configuration.
  • Changes to instance members, such as leaving the instance or changing a member’s role.
  • Creation, modification, or deletion of any instance API token.
  • Creation, modification, or deletion of any instance custom node.

  • Creation, modification, or deletion of any instance organization.

    • This will include modification to the organization made by members of the organization themselves in the regular organization interface.
    • This will not include modifications to any organization sub-resources, such as applications or dashboards.

  • Changes to instance organization membership, such as leaving the organization or changing a member’s role.

    • This will include any membership/role modifications done by members of the organization themselves in the regular organization interface.
    • This will include the creation, revocation, acceptance, or deletion of any organization invitations either through the instance or the regular organization interface.
  • Creation, revocation, acceptance or deletion of any member invitation.

  • Creation, modification, or deletion of any instance sandbox user, either through the instance or by the user themselves. This includes:

    • Password resets
    • Passord changes
    • Email verification
    • The creation, modification, or deletion of User API Tokens
    • Enabling or disabling MFA

What’s Not Recorded

Not everything that happens within your instance is available in the audit log. Here are a number of requests that do not show up in the logs:

  • User or device authentications.
  • Any actions taken on Losant applications, dashboards, or their various sub-resources. These types of actions are recorded in Organization Audit Logs if they are enabled.
  • GET requests (data retrieval) on any instance-owned resource or sub-resource.
  • Many “pre-process” errors, such as malformed requests, 404 responses, and timeouts.

Was this page helpful?

Still looking for help? You can also search the Losant Forums or submit your question there.