Audit Logs

Track all activity in your ops0 organization. Audit logs provide a complete record of who did what and when.

Accessing Audit Logs

Go to Settings

Navigate to the Settings section.

Select Audit Logs

Click on Audit Logs in the sidebar navigation.

Page Layout

Search Box

Search log entries.

Filters

Filter by type, user, date.

Export

Download logs.

Log Table

All audit entries.

Log Entry Columns

Column	Description
Timestamp	When event occurred
User	Who performed action
Action	What was done
Resource	What was affected
IP Address	User's IP
Status	Success, Failed

Viewing Log Entries

Log List

Each row shows:

┌────────────────────────────────────────────────────────────────────┐
│ 2024-01-15 10:30:45  john@example.com  deployed  vpc-production   │
│ Action: terraform apply                                            │
│ IP: 192.168.1.100  Status: Success                                │
└────────────────────────────────────────────────────────────────────┘

Click for Details

Select Entry

Click on any log entry in the table.

View Details

The detail panel opens on the right.

Analyze

Review full event information including changes and request data.

Entry Details

Field	Description
Event ID	Unique identifier
Timestamp	Exact time (with timezone)
User	Email and user ID
Action	Event type
Resource	Resource type and ID
Changes	What changed
Request	API request details
Response	API response
IP Address	Source IP
User Agent	Browser/client

Event Categories

Authentication Events

user.login

User logged in

user.logout

User logged out

user.login_failed

Failed login attempt

user.password_changed

Password updated

user.2fa_enabled

2FA turned on

user.session_revoked

Session ended

User Management Events

Event	Description
user.invited	User invitation sent
user.joined	User accepted invite
user.removed	User removed from org
user.role_changed	Role assignment changed
user.disabled	User account disabled

Project Events

Event	Description
project.created	New project created
project.updated	Project modified
project.deleted	Project deleted
project.file_created	File added
project.file_updated	File modified
project.file_deleted	File removed

Deployment Events

deployment.started

Deployment began

deployment.completed

Deployment finished

deployment.failed

Deployment failed

deployment.cancelled

Deployment stopped

deployment.approved

Approval granted

deployment.rejected

Approval denied

Integration Events

Event	Description
integration.created	Integration added
integration.updated	Credentials updated
integration.deleted	Integration removed
integration.tested	Connection tested

Policy Events

Event	Description
policy.created	Policy created
policy.updated	Policy modified
policy.deleted	Policy removed
policy.violation	Violation detected

Workflow Events

Event	Description
workflow.created	Workflow created
workflow.updated	Workflow modified
workflow.executed	Workflow ran
workflow.completed	Workflow finished
workflow.failed	Workflow failed

Filtering Logs

By Date Range

1Click Date Range filter

Select preset:

Last 24 hours
Last 7 days
Last 30 days
Last 90 days
Custom range

3For custom, select start/end dates

By User

1Click User filter

2Select specific user

3Shows only that user's actions

By Action Category

1Click Category filter

Select:

All
Authentication
Users
Projects
Deployments
Integrations
Policies
Workflows
Settings

By Status

1Click Status filter

Select:

All
Success
Failed

By Resource

1Click Resource filter

2Enter resource name or ID

3Shows events for that resource

Searching Logs

1Type in Search box

Searches across:

Action names
Resource names
User emails
Event details

3Real-time filtering

Search Examples

Search	Finds
`deploy`	All deployment events
`john@`	All John's actions
`vpc-prod`	Events for vpc-prod project
`failed`	Failed events

Exporting Logs

Export Options

1Click Export button

Select format:

CSV
JSON
PDF

3Select date range

4Click Download

Export Fields

Exports include:

Timestamp
User email
Action
Resource
Status
IP address
Full details

Scheduled Exports

1Click Schedule Export

2Select frequency (Daily, Weekly)

3Select format

4Enter email recipient

5Click Schedule

Log Retention

Retention Period

Free

7 days

Pro

90 days

Enterprise

1 year+

After Retention

Logs are automatically deleted
Export before expiration for compliance
Contact support for extended retention

Real-Time Logs

Live View

1Click Live toggle

2New events appear immediately

3Auto-scrolls to latest

Pause Live View

1Click Pause button

2View freezes

3Click Resume to continue

Security Analysis

Filter for suspicious activity:

1Filter: Category = Authentication

2Filter: Status = Failed

3Review IP addresses and patterns

Permission Changes

Track sensitive changes:

1Filter: Category = Users

2Look for role_changed events

3Review who made changes

Unusual Activity

Signs to Watch For

Many failed logins
Actions at unusual times
Actions from unusual IPs
Bulk deletions

Compliance Use Cases

SOC 2

Demonstrate:

Access controls (role changes)
Change management (deployments)
Security events (login attempts)

Track:

Data access events
User data modifications
Consent changes

Creating Compliance Reports

1Set date range for audit period

2Export relevant categories

3Include in compliance documentation

API Access

Programmatic Access

Query logs via API:

curl -X GET \
  -H "Authorization: Bearer $API_KEY" \
  "https://api.ops0.io/v1/audit-logs?start=2024-01-01&end=2024-01-31"

API Filters

Parameter	Description
`start`	Start date
`end`	End date
`user`	User email
`action`	Action type
`status`	success/failed
`limit`	Max results
`offset`	Pagination offset

Best Practices

Review Regularly

Check logs weekly for anomalies and security events.

Set Up Alerts

Configure notifications for critical events like failed logins.

Export for Compliance

Schedule regular exports before retention period expires.

Monitor Failed Events

Failed actions are often the first indicator of security issues.

Track Deployments

Maintain audit trail for change management requirements.

Document Reviews

Record when and what you reviewed for audit evidence.

Troubleshooting

Missing Events

Events not appearing

Check date filter is set to correct range.

Can't find user's events

Verify user email is spelled correctly in filter.

Gaps in timeline

Check retention period - old logs may have been deleted.

Export Issues

Export too large

Reduce date range or filter to specific categories.

Timeout

Try smaller date range or use scheduled exports.

Missing fields

Check export format - JSON includes all fields, CSV is summarized.

Example: Investigating a Failed Deployment

Using audit logs to trace and understand a deployment failure.

Initial Alert

Notification: Deployment Failed
─────────────────────────────────────
Project:    api-infrastructure
Time:       2024-01-15 14:30:45 UTC
User:       sarah@acme.com

Step 1: Filter to Deployment Events

Settings → Audit Logs
─────────────────────────────────────
Filter: Category = Deployments
Filter: Status = Failed
Filter: Date = Today

Results: 1 event found

Step 2: View Event Details

Event Details
─────────────────────────────────────
Event ID:     evt_abc123xyz
Timestamp:    2024-01-15 14:30:45 UTC
User:         sarah@acme.com (usr_456)
Action:       deployment.failed
Resource:     api-infrastructure
IP Address:   192.168.1.50
User Agent:   Chrome/120.0

Changes:
  error: "Policy violation: S3 encryption required"
  resources_planned: 5
  resources_applied: 2

Request:
  deployment_id: dep_789
  trigger: manual

Filter: Resource = api-infrastructure
Filter: Date = Last 24 hours
─────────────────────────────────────
14:30:45  deployment.failed   sarah@acme.com
14:30:42  deployment.started  sarah@acme.com
14:28:10  project.file_updated  sarah@acme.com  (main.tf)
14:25:33  user.login  sarah@acme.com

Step 4: Identify Root Cause

Timeline Analysis
─────────────────────────────────────
14:25  Sarah logged in
14:28  Sarah updated main.tf
14:30  Sarah started deployment
14:30  Deployment failed: policy violation

Root Cause: Code change introduced unencrypted S3 bucket
Fix: Add encryption configuration to S3 resource

Result

Incident Report
─────────────────────────────────────
Issue:       Deployment blocked by policy
Detected:    Immediately via policy check
Impact:      No production impact (blocked)
Root Cause:  Missing S3 encryption config
Resolution:  Add encryption, redeploy
Time to Fix: 15 minutes

The audit log provided complete visibility into what happened and when.

Next Steps

General Settings - Profile settings
IAM Settings - Users and roles
Integrations - Connect providers

Audit Logs

Accessing Audit Logs

Go to Settings

Select Audit Logs

Page Layout

Search Box

Filters

Export

Log Table

Log Entry Columns

Viewing Log Entries

Log List

Click for Details

Select Entry

View Details

Analyze

Entry Details

Event Categories

Authentication Events

user.login

user.logout

user.login_failed

user.password_changed

user.2fa_enabled

user.session_revoked

User Management Events

Project Events

Deployment Events

Integration Events

Policy Events

Workflow Events

Filtering Logs

By Date Range

By User

By Action Category

By Status

By Resource

Searching Logs

Search Box

Search Examples

Exporting Logs

Export Options

Export Fields

Scheduled Exports

Log Retention

Retention Period

After Retention

Real-Time Logs

Live View

Pause Live View

Security Analysis

Failed Login Detection

Permission Changes

Unusual Activity

Compliance Use Cases

SOC 2

GDPR

Creating Compliance Reports

API Access

Programmatic Access

API Filters

Best Practices

Troubleshooting

Missing Events

Export Issues

Example: Investigating a Failed Deployment

Initial Alert

Step 1: Filter to Deployment Events

Step 2: View Event Details

Step 3: Find Related Events

Step 4: Identify Root Cause

Result

Next Steps

Audit Logs

Accessing Audit Logs

Go to Settings

Select Audit Logs

Page Layout

Search Box

Filters