How audit logs work
Audit logs are an Apex-plan feature for organizations that need traceability: a durable, read-only record of who changed what, and when, that you can answer to long after the fact and hand to an auditor. They track configuration and access changes, not visitor traffic, which is what statistics are for.
Three levels
Caputchin keeps audit logs at three independent levels, each scoped to its own tenancy. You read the level that matches the change you are tracing, and each has its own page in the dashboard and its own reference here.
| Level | Where it lives | Reference |
|---|---|---|
| Account | Account settings | Account log |
| Troop | A troop's own page | Troop log |
| Site key | A site key's own page | Site-key log |
A deletion is recorded one level up from the thing deleted: deleting a site key lands on the troop log, and deleting a troop lands on the account log. This is deliberate, because deleting something takes its own log with it (there is no soft-delete), so the record of the deletion has to live on the surviving parent. Everything else, including each thing's creation, lives on its own level.
What each entry shows
Each entry is a single action and captures enough to answer "who did what, when, and did it work":
- Who: the person or token behind the action, and whether they acted through a dashboard session or a personal access token. Actions taken by Caputchin support under support access appear under their own identity.
- What: the action, the thing it touched, and a summary of the change, including a before-and-after for configuration edits.
- Outcome: whether it succeeded or was denied, with the reason when denied. A blocked attempt is on the record too, which is often the more interesting half of an investigation.
- When: a timestamp, plus a request id you can quote to support or line up against your own logs.
Finding what you need
A busy log gets long, so the panel filters it the same way at every level:
- By action, to see only one kind of change.
- By who: search for a person or token by name, or narrow to dashboard sessions versus personal access tokens.
- By target, to follow changes to one specific thing.
- By date, to bound an investigation to a window.
- Denied attempts: the log shows successful actions by default; flip the toggle to include the ones that were blocked.
Exporting
You can download the current view as CSV or JSON. The file is named for the scope and the time it was taken. CSV opens straight in a spreadsheet and is the usual way to hand evidence to an auditor; JSON is the better fit for feeding the records into your own tooling or SIEM.
Retention
Entries are kept for two years, then removed automatically. Export anything you need to keep beyond that. If an account leaves Apex, its logs stop being available with the rest of the Apex features, so export first if you need them.
See also
- Account log: account-wide sign-ins, tokens, billing, and plan.
- Troop log: members, troop settings, and site-key deletion.
- Site-key log: one key's lifecycle and configuration.