> ## Documentation Index
> Fetch the complete documentation index at: https://zite.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Audit logs

> Track activity across your Zite organization — database changes, logins, permission updates, and more.

Audit logs give you a detailed record of activity in your Zite organization. Use them to monitor who did what and when — for security reviews, compliance, and troubleshooting.

<Note>
  Audit logs are available on **Enterprise** plans. Contact us to enable audit logs for your organization.
</Note>

## What's tracked

Audit logs capture three categories of events:

### Database changes

Every structural change to your Zite databases is logged, including:

* **Tables** — creating, renaming, deleting, restoring, duplicating, and reordering tables
* **Fields** — creating, renaming, changing types, deleting, restoring, and reordering fields
* **Views** — creating, updating, deleting, and changing view settings
* **Databases** — creating, deleting, copying, importing, and migrating databases
* **Imports** — Airtable and CSV imports

### Security & authentication

* **Logins** — successful and failed login attempts across all methods (password, Google, Microsoft, SSO)
* **Passwords & MFA** — password resets, changes, MFA setup and removal
* **API keys** — enabling and regenerating API access
* **Sessions** — logouts and session invalidation

### User & organization management

* **Users** — inviting, disabling, and changing roles for team members
* **Groups** — creating, renaming, and modifying group membership and access
* **Organization settings** — name changes, MFA requirements, and org deletion
* **OAuth apps** — creating, deleting, and resetting secrets for developer apps

Each event includes the **timestamp**, **who performed the action**, the **resource affected**, **IP address**, **user agent**, and a **detailed payload** with the specifics of what changed.

## Viewing audit logs

Go to **Settings → Audit logs** in the left sidebar.

You'll see a table of recent events with:

* **Time** — hover for the exact timestamp
* **Actor** — who performed the action and their role
* **Action** — the event type (e.g., `db.table.create`, `auth.login.success`)
* **Resource** — what was affected, including the database name for database events
* **Outcome** — whether it succeeded or failed

Click any row to open the **detail drawer** with the full event information, including request metadata and the raw event payload.

## Filtering

Use the filter bar at the top of the page to narrow events by:

* **Date range** — select a start and end date
* **Actor type** — filter by Org Members, API Keys, or Unknown actors
* **Resource type** — filter by Users, Tables, Fields, Views, Databases, Groups, or Organization

Filters apply immediately. Click **Load more** at the bottom to page through results.

## Event categories

Events are organized into these categories:

| Category    | Description                                           |
| ----------- | ----------------------------------------------------- |
| `auth`      | Logins, logouts, password changes, MFA, SSO, sessions |
| `api`       | API key management                                    |
| `developer` | OAuth application management                          |
| `user`      | Invitations, role changes, access changes             |
| `org`       | Organization-level settings                           |
| `group`     | Group creation, membership, and access                |
| `db`        | Database, table, field, and view changes              |
| `import`    | Airtable and CSV imports                              |

For a complete list of every event type and what data is captured, see the [event types reference](/help/platform/audit-logs/event-types).

## Retention

Audit log events are retained for **30 days**. Events older than 30 days are automatically removed.

## Actor types

Each event records who performed the action:

| Actor type      | Description                                              |
| --------------- | -------------------------------------------------------- |
| **Org Members** | A logged-in user in your organization                    |
| **API Keys**    | An action performed via the API with a Bearer token      |
| **Unknown**     | An unauthenticated action (e.g., a failed login attempt) |
