Audit Log Usage for Team Operations

Who this is for

Organization Owners and Admins who want to use the audit log to track team activity, investigate unexpected changes, or prepare for a compliance review.

What you will complete

Read and filter the audit log, identify who made a specific change, and export audit data.

Before you begin

• Owner or Admin role required.
• Navigate to Settings → Audit Log.

What the audit log records

The audit log is a permanent, immutable record of every action taken in your organization. It captures:

• Actor — the user who performed the action (or "AI Pilot" for AI-initiated actions)
• Action — what was done (deploy, backup created, server restarted, member invited, role changed, etc.)
• Target — which resource was affected (server name, site name, member email)
• Result — Completed, Failed, Denied
• Timestamp — exact time in UTC
• IP address — the IP from which the action was initiated (for manual actions)

The audit log cannot be modified or deleted, even by Owners.

Step-by-step: investigate a specific change

1. Go to Settings → Audit Log.
2. Use the date range filter to narrow to the time period you are investigating.
3. Use the Actor filter to find actions by a specific team member.
4. Use the Action type filter to narrow to a specific operation (deploy, delete, role change, etc.).
5. Find the relevant entry and click to expand full details.
6. The detail view shows: who did it, exactly what was done, the target resource, and the result.

Common audit log queries

"Who deleted the site?" Filter: Action type = Delete Site. Date range = past 7 days. The entry shows the actor and timestamp.

"What did this team member do last week?" Filter: Actor = [member email]. Date range = last 7 days.

"Did the AI Pilot do anything last night?" Filter: Actor / Source = AI Pilot. Date range = last 24 hours.

"When was a member's role changed?" Filter: Action type = Role Change or Member Update. Look for the member's email in the target field.

Export for compliance

The audit log can be exported as a reference for compliance reviews. Contact support for bulk export options if your plan includes compliance data export.

For spot checks, you can copy the visible log entries from the dashboard.

What success looks like

• You can identify who performed any action in your organization within the past 30 days.
• Unexpected changes (a deleted server, a changed role) can be traced to a specific actor and timestamp.
• AI Pilot actions are clearly labeled as "AI Pilot" in the source column.

Common errors and fixes

"I cannot see the Audit Log in Settings" Cause: Your role may be Member or Viewer, which cannot access the audit log. Fix: Ask your organization Owner to upgrade your role to Admin if you need audit access.

"The audit log only shows 30 days of history" Cause: Default retention period. Extended retention may be available on higher plans. Fix: Contact support if your compliance requirements need longer retention.

Related articles

• KB-09-02: Current role model and practical governance
• KB-07-13: Audit trail for AI actions
• KB-11-07: Incident transparency and audit references