Audit Logs
Audit logs record every significant administrative action in your workspace. Available on Business and Enterprise plans.
What is Logged
| Category | Events |
|---|---|
| Authentication | Login, logout, failed login attempts, token refresh |
| API Keys | Created, viewed (list), revoked |
| Monitors | Created, updated, deleted, paused, resumed |
| Alert Policies | Created, updated, deleted |
| Notification Channels | Created, updated, deleted, tested |
| Status Pages | Created, updated, deleted, published, unpublished |
| Team | Member invited, joined, role changed, removed |
| Billing | Plan upgraded, downgraded, payment method updated |
| Incidents | Acknowledged, resolved, manually created |
Accessing Audit Logs
- Go to Settings → Security → Audit Logs
- Browse the chronological event stream
- Filter by event type, user, or date range
- Export as CSV for compliance reporting
Log Entry Format
Each audit log entry contains:
{
"id": "al_xxxxxxxx",
"timestamp": "2026-05-18T14:32:00.000Z",
"event": "monitor.created",
"actor": {
"userId": "usr_xxxxxxxx",
"email": "admin@yourcompany.com",
"ipAddress": "203.0.113.45",
"userAgent": "Mozilla/5.0 ..."
},
"resource": {
"type": "monitor",
"id": "mon_xxxxxxxx",
"name": "Production API Health"
},
"changes": {
"before": null,
"after": {
"name": "Production API Health",
"type": "http",
"url": "https://api.yourapp.com/health",
"interval": 60
}
},
"workspaceId": "ws_xxxxxxxx"
}
API Access
GET /v1/audit-logs?from=2026-05-01T00:00:00Z&to=2026-05-18T23:59:59Z&limit=100
Authorization: Bearer psk_live_xxx
{
"success": true,
"data": [ ... ],
"pagination": { "page": 1, "limit": 100, "total": 847 }
}
Retention
| Plan | Retention |
|---|---|
| Business | 1 year |
| Enterprise | Custom (up to 7 years) |
Audit logs cannot be modified or deleted by workspace members. This ensures a tamper-evident record for compliance purposes.
Export for Compliance
For SOC 2, ISO 27001, or internal security reviews:
- Go to Settings → Security → Audit Logs
- Select date range
- Click Export CSV
- The CSV is emailed to your registered address within 5 minutes
For automated exports (SIEM integration), use the API endpoint to stream logs to your logging system.
SIEM Integration
Stream audit logs to your SIEM (Splunk, Datadog, CloudWatch Logs):
# Cron job: pull last hour of audit logs and ship to your SIEM
*/60 * * * * \
curl -s "https://api.pingsla.com/v1/audit-logs?from=$(date -u -d '1 hour ago' +%FT%TZ)" \
-H "Authorization: Bearer $PINGSLA_API_KEY" \
| jq '.data[]' \
>> /var/log/pingsla-audit.json