Skip to main content

Audit Logs

Audit logs record every significant administrative action in your workspace. Available on Business and Enterprise plans.

What is Logged

CategoryEvents
AuthenticationLogin, logout, failed login attempts, token refresh
API KeysCreated, viewed (list), revoked
MonitorsCreated, updated, deleted, paused, resumed
Alert PoliciesCreated, updated, deleted
Notification ChannelsCreated, updated, deleted, tested
Status PagesCreated, updated, deleted, published, unpublished
TeamMember invited, joined, role changed, removed
BillingPlan upgraded, downgraded, payment method updated
IncidentsAcknowledged, resolved, manually created

Accessing Audit Logs

  1. Go to Settings → Security → Audit Logs
  2. Browse the chronological event stream
  3. Filter by event type, user, or date range
  4. Export as CSV for compliance reporting

Log Entry Format

Each audit log entry contains:

{
"id": "al_xxxxxxxx",
"timestamp": "2026-05-18T14:32:00.000Z",
"event": "monitor.created",
"actor": {
"userId": "usr_xxxxxxxx",
"email": "admin@yourcompany.com",
"ipAddress": "203.0.113.45",
"userAgent": "Mozilla/5.0 ..."
},
"resource": {
"type": "monitor",
"id": "mon_xxxxxxxx",
"name": "Production API Health"
},
"changes": {
"before": null,
"after": {
"name": "Production API Health",
"type": "http",
"url": "https://api.yourapp.com/health",
"interval": 60
}
},
"workspaceId": "ws_xxxxxxxx"
}

API Access

GET /v1/audit-logs?from=2026-05-01T00:00:00Z&to=2026-05-18T23:59:59Z&limit=100
Authorization: Bearer psk_live_xxx
{
"success": true,
"data": [ ... ],
"pagination": { "page": 1, "limit": 100, "total": 847 }
}

Retention

PlanRetention
Business1 year
EnterpriseCustom (up to 7 years)

Audit logs cannot be modified or deleted by workspace members. This ensures a tamper-evident record for compliance purposes.

Export for Compliance

For SOC 2, ISO 27001, or internal security reviews:

  1. Go to Settings → Security → Audit Logs
  2. Select date range
  3. Click Export CSV
  4. The CSV is emailed to your registered address within 5 minutes

For automated exports (SIEM integration), use the API endpoint to stream logs to your logging system.

SIEM Integration

Stream audit logs to your SIEM (Splunk, Datadog, CloudWatch Logs):

# Cron job: pull last hour of audit logs and ship to your SIEM
*/60 * * * * \
curl -s "https://api.pingsla.com/v1/audit-logs?from=$(date -u -d '1 hour ago' +%FT%TZ)" \
-H "Authorization: Bearer $PINGSLA_API_KEY" \
| jq '.data[]' \
>> /var/log/pingsla-audit.json