Audit logs provide a history of changes made to your Cloudflare account's settings such as DNS, WAF, and other Cloudflare products. Audit Logs are available on all plans types including free subscriptions. There are audit logs captured for both users and organizations.
Where are they located?
1. Log in to the Cloudflare dashboard.
2. Click on the appropriate Cloudflare account.
3. Click Audit Log in the second navigation bar from the top.
What do they look like?
Audit logs, as shown below, give a historical listing of changes made to your account for a certain time period. These logs can be searched by user email or by domain. Audit logs are also downloadable in a CSV format.
What is captured?
The majority of Cloudflare setting changes are included in audit logs barring some exceptions outlined below. Audit logs include account level actions like login and logout, as well as most setting changes to DNS, Crypto, Firewall, Speed, Caching, Page Rules, Network, and Traffic features.
What is not captured?
Most new beta features aren't yet going to show up in your audit logs. Once a feature is out of beta audit logs for it should be available.
Is there an API endpoint?
Yes, it is detailed here: Audit Logs API endpoint