# Audit History

The Audit History provides a detailed log of all actions taken within your organization. Use it to track changes, troubleshoot issues, and maintain security compliance.

### Accessing Audit History

1. Go to **Settings**
2. Select **Organization** scope
3. Click **Audit History** tab

### Audit Log

The audit log displays all organization activity:

| Column     | Description              |
| ---------- | ------------------------ |
| Event Time | When the action occurred |
| Event Type | Category of action       |
| Project    | Affected project         |
| User       | Who performed the action |
| Request    | HTTP status code         |
| IP Address | Source IP                |
| Actions    | View details             |

#### Filtering

Filter audit entries by:

* **From Date**: Start of date range
* **To Date**: End of date range
* **Project**: Filter by specific project
* **Exclude GET Requests**: Hide read-only actions

#### Time Range

Select a date range to analyze specific periods:

* Default shows last 7 days
* Use date pickers for custom range
* View historical data for compliance

### Event Types

Common event types in the audit log:

#### Resource Actions

| Event Type           | Description               |
| -------------------- | ------------------------- |
| Instance.Create      | Cloud instance created    |
| Instance.Get         | Instance details viewed   |
| Instance.Delete      | Instance terminated       |
| Metal.Create         | Metal service deployed    |
| Metal.Update         | Metal service modified    |
| Volume.Create        | Storage volume created    |
| Volume.List-attached | Volume attachments listed |

#### Account Actions

| Event Type       | Description            |
| ---------------- | ---------------------- |
| Tags.Get         | Tags retrieved         |
| Tags.Update      | Tags modified          |
| SshKey.Create    | SSH key added          |
| SshKey.Delete    | SSH key removed        |
| Network.Get      | Network info retrieved |
| Blockstorage.Get | Block storage accessed |

### Event Details

Click **Actions** > **View Details** for full event information:

| Field              | Description             |
| ------------------ | ----------------------- |
| Event ID           | Unique identifier       |
| Event Time         | Precise timestamp       |
| Event Type         | Action category         |
| User               | Email of actor          |
| Service Name       | Affected service        |
| HTTP Method & Path | API call details        |
| Status Code        | Result (200, 404, etc.) |
| IP Address         | Source of request       |
| Correlation ID     | Request tracking ID     |
| Project ID         | Affected project        |
| User Agent         | Browser/client info     |

### Use Cases

#### Security Monitoring

Track suspicious activity:

* Unusual login times
* Actions from unexpected IPs
* Bulk deletions
* Permission changes

#### Troubleshooting

Investigate issues:

* What changed before the problem?
* Who made the last modification?
* What was the sequence of events?
* Were there any errors?

#### Compliance

Meet audit requirements:

* Who did what and when
* Access patterns
* Change documentation
* Incident investigation

#### Change Management

Track infrastructure changes:

* Deployment history
* Configuration modifications
* Scaling events
* Member management

### Best Practices

#### Regular Review

* Check audit logs weekly
* Look for anomalies
* Verify expected activity
* Document findings

#### Security Alerts

Set up monitoring for:

* Failed authentication
* Sensitive operations
* Off-hours activity
* New member additions

#### Retention

Consider:

* Export important logs
* Archive for compliance
* Document significant events
* Maintain incident records

#### Investigation

When investigating:

1. Identify the timeframe
2. Filter to relevant events
3. Review event details
4. Correlate with other data
5. Document findings

### Limitations

* Audit logs have retention limits
* Very high-volume logs may be sampled
* Some internal operations may not appear
* Export for long-term retention

### Integration

The audit log data is also available via API:

* Retrieve programmatically
* Integrate with SIEM systems
* Build custom dashboards
* Automated alerting


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.teraswitch.com/account/audit-history.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.