Audit Logs
Track all user activity and changes in your Lucaro workspace for security and compliance.
What Gets Logged
Authentication Events
- User logins and logouts
- SSO authentication
- Failed login attempts
- API key usage
Content Changes
- Dashboard created, updated, deleted
- Metrics registry changes
- Alert configuration changes
- Data source connections
Administrative Actions
- User invited, role changed, removed
- Workspace settings changed
- SSO configuration updated
- API keys created or revoked
Data Access
- Dashboard views
- Data exports
- Query execution
- Shared link access
Viewing Audit Logs
- Navigate to Workspace Settings → Audit Logs
- Use filters to narrow down by user, action type, or date range
- Click on any event to see full details
- Export logs for compliance reporting
Log Entry Structure
{
"id": "log_abc123",
"timestamp": "2024-01-15T10:30:45Z",
"actor": {
"id": "user_xyz",
"email": "john@company.com",
"type": "user" // user, api_key, system
},
"action": "dashboard.update",
"resource": {
"type": "dashboard",
"id": "dash_123",
"name": "Sales Dashboard"
},
"changes": {
"title": {
"old": "Sales Report",
"new": "Sales Dashboard"
}
},
"context": {
"ip_address": "192.168.1.1",
"user_agent": "Mozilla/5.0...",
"project_id": "proj_abc"
}
}API Access
# List audit logs
curl "https://api.lucaro.dev/v2/workspace/{workspaceId}/audit-logs" \
-H "Authorization: Bearer YOUR_API_TOKEN" \
-G \
-d "start_date=2024-01-01" \
-d "end_date=2024-01-31" \
-d "action=dashboard.*" \
-d "actor_email=john@company.com"
# Export logs
curl "https://api.lucaro.dev/v2/workspace/{workspaceId}/audit-logs/export" \
-H "Authorization: Bearer YOUR_API_TOKEN" \
-d '{"format": "csv", "date_range": "last_90_days"}'Log Retention
| Plan | Retention Period |
|---|---|
| Free / Starter | 30 days |
| Business | 1 year |
| Enterprise | Unlimited (configurable) |
SIEM Integration
Forward audit logs to your SIEM system for centralized security monitoring:
- Splunk via HTTP Event Collector
- Datadog via Log Ingestion API
- Custom webhook endpoints
- S3 bucket export