Understanding Cloudflare Audit Logs

Learn how Cloudflare's Audit Logs help track changes within your Cloudflare account or domains.


Overview

Audit logs summarize the history of changes made within your Cloudflare account.  Audit logs include account level actions like login and logout, as well as setting changes to DNS, Crypto, Firewall, Speed, Caching, Page Rules, Network, and Traffic features, etc.  Audit Logs are available on all plan types and are captured for both individual users and for multi-user organizations.

Most new beta features don't appear in audit logs until the feature is officially released.

Audit logs are found within the Cloudflare dashboard for your account (also available via the Audit Logs API endpoint):

  1. Log in to the Cloudflare dashboard.
  2. Select the appropriate Cloudflare account.
  3. Click Audit Log in the second navigation bar from the top.

Audit Logs are searchable by user email or domain and are downloadable in a CSV format via the Download CSV button.  To filter logs by date range, click the date range beneath the Audit Log heading.  


Retention

To maintain Audit Logs query performance, the public Audit Logs API was modified on Jun 30 2019 to return records with a maximum age of 18 months.

If you'd like to download historical audit log data, we recommend scripting against the Audit Logs API to pull each day's log and store. 

Cloudflare will maintain full Audit Logs for the life of a Customer's account and potentially longer if required by law or to otherwise comply with regulatory obligations.

Not finding what you need?

95% of questions can be answered using the search tool. This is the quickest way to get a response.

Powered by Zendesk