# Logs # Audit ## Get account audit logs (Version 2) `client.Accounts.Logs.Audit.List(ctx, params) (*CursorPaginationAfter[LogAuditListResponse], error)` **get** `/accounts/{account_id}/logs/audit` Gets a list of audit logs for an account. ### Parameters - `params LogAuditListParams` - `AccountID param.Field[string]` Path param: The unique id that identifies the account. - `Before param.Field[Time]` Query param: Limits the returned results to logs older than the specified date. This can be a date string 2019-04-30 (interpreted in UTC) or an absolute timestamp that conforms to RFC3339. - `Since param.Field[Time]` Query param: Limits the returned results to logs newer than the specified date. This can be a date string 2019-04-30 (interpreted in UTC) or an absolute timestamp that conforms to RFC3339. - `ID param.Field[LogAuditListParamsID]` Query param - `Not []string` Filters out audit logs by their IDs. - `AccountName param.Field[LogAuditListParamsAccountName]` Query param - `Not []string` Filters out audit logs by the account name. - `ActionResult param.Field[LogAuditListParamsActionResult]` Query param - `Not []LogAuditListParamsActionResultNot` Filters out audit logs by whether the action was successful or not. - `const LogAuditListParamsActionResultNotSuccess LogAuditListParamsActionResultNot = "success"` - `const LogAuditListParamsActionResultNotFailure LogAuditListParamsActionResultNot = "failure"` - `ActionType param.Field[LogAuditListParamsActionType]` Query param - `Not []LogAuditListParamsActionTypeNot` Filters out audit logs by the action type. - `const LogAuditListParamsActionTypeNotCreate LogAuditListParamsActionTypeNot = "create"` - `const LogAuditListParamsActionTypeNotDelete LogAuditListParamsActionTypeNot = "delete"` - `const LogAuditListParamsActionTypeNotView LogAuditListParamsActionTypeNot = "view"` - `const LogAuditListParamsActionTypeNotUpdate LogAuditListParamsActionTypeNot = "update"` - `ActorContext param.Field[LogAuditListParamsActorContext]` Query param - `Not []LogAuditListParamsActorContextNot` Filters out audit logs by the actor context. - `const LogAuditListParamsActorContextNotAPIKey LogAuditListParamsActorContextNot = "api_key"` - `const LogAuditListParamsActorContextNotAPIToken LogAuditListParamsActorContextNot = "api_token"` - `const LogAuditListParamsActorContextNotDash LogAuditListParamsActorContextNot = "dash"` - `const LogAuditListParamsActorContextNotOAuth LogAuditListParamsActorContextNot = "oauth"` - `const LogAuditListParamsActorContextNotOriginCAKey LogAuditListParamsActorContextNot = "origin_ca_key"` - `ActorEmail param.Field[LogAuditListParamsActorEmail]` Query param - `Not []string` Filters out audit logs by the actor's email address. - `ActorID param.Field[LogAuditListParamsActorID]` Query param - `Not []string` Filters out audit logs by the actor ID. This can be either the Account ID or User ID. - `ActorIPAddress param.Field[LogAuditListParamsActorIPAddress]` Query param - `Not []string` Filters out audit logs IP address where the action was initiated. - `ActorTokenID param.Field[LogAuditListParamsActorTokenID]` Query param - `Not []string` Filters out audit logs by the API token ID when the actor context is an api_token or oauth. - `ActorTokenName param.Field[LogAuditListParamsActorTokenName]` Query param - `Not []string` Filters out audit logs by the API token name when the actor context is an api_token or oauth. - `ActorType param.Field[LogAuditListParamsActorType]` Query param - `Not []LogAuditListParamsActorTypeNot` Filters out audit logs by the actor type. - `const LogAuditListParamsActorTypeNotAccount LogAuditListParamsActorTypeNot = "account"` - `const LogAuditListParamsActorTypeNotCloudflareAdmin LogAuditListParamsActorTypeNot = "cloudflare_admin"` - `const LogAuditListParamsActorTypeNotSystem LogAuditListParamsActorTypeNot = "system"` - `const LogAuditListParamsActorTypeNotUser LogAuditListParamsActorTypeNot = "user"` - `AuditLogID param.Field[LogAuditListParamsAuditLogID]` Query param - `Not []string` Filters out audit logs by their IDs. - `Cursor param.Field[string]` Query param: The cursor is an opaque token used to paginate through large sets of records. It indicates the position from which to continue when requesting the next set of records. A valid cursor value can be obtained from the cursor object in the result_info structure of a previous response. - `Direction param.Field[LogAuditListParamsDirection]` Query param: Sets sorting order. - `const LogAuditListParamsDirectionDesc LogAuditListParamsDirection = "desc"` - `const LogAuditListParamsDirectionAsc LogAuditListParamsDirection = "asc"` - `Limit param.Field[float64]` Query param: The number limits the objects to return. The cursor attribute may be used to iterate over the next batch of objects if there are more than the limit. - `RawCfRayID param.Field[LogAuditListParamsRawCfRayID]` Query param - `Not []string` Filters out audit logs by the response CF Ray ID. - `RawMethod param.Field[LogAuditListParamsRawMethod]` Query param - `Not []string` Filters out audit logs by the HTTP method for the API call. - `RawStatusCode param.Field[LogAuditListParamsRawStatusCode]` Query param - `Not []int64` Filters out audit logs by the response status code that was returned. - `RawURI param.Field[LogAuditListParamsRawURI]` Query param - `Not []string` Filters out audit logs by the request URI. - `ResourceID param.Field[LogAuditListParamsResourceID]` Query param - `Not []string` Filters out audit logs by the resource ID. - `ResourceProduct param.Field[LogAuditListParamsResourceProduct]` Query param - `Not []string` Filters out audit logs by the Cloudflare product associated with the changed resource. - `ResourceScope param.Field[LogAuditListParamsResourceScope]` Query param - `Not []LogAuditListParamsResourceScopeNot` Filters out audit logs by the resource scope, specifying whether the resource is associated with an user, an account, a zone, or a membership. - `const LogAuditListParamsResourceScopeNotAccounts LogAuditListParamsResourceScopeNot = "accounts"` - `const LogAuditListParamsResourceScopeNotUser LogAuditListParamsResourceScopeNot = "user"` - `const LogAuditListParamsResourceScopeNotZones LogAuditListParamsResourceScopeNot = "zones"` - `const LogAuditListParamsResourceScopeNotMemberships LogAuditListParamsResourceScopeNot = "memberships"` - `ResourceType param.Field[LogAuditListParamsResourceType]` Query param - `Not []string` Filters out audit logs based on the unique type of resource changed by the action. - `ZoneID param.Field[LogAuditListParamsZoneID]` Query param - `Not []string` Filters out audit logs by the zone ID. - `ZoneName param.Field[LogAuditListParamsZoneName]` Query param - `Not []string` Filters out audit logs by the zone name associated with the change. ### Returns - `type LogAuditListResponse struct{…}` - `ID string` A unique identifier for the audit log entry. - `Account LogAuditListResponseAccount` Contains account related information. - `ID string` A unique identifier for the account. - `Name string` A string that identifies the account name. - `Action LogAuditListResponseAction` Provides information about the action performed. - `Description string` A short description of the action performed. - `Result string` The result of the action, indicating success or failure. - `Time Time` A timestamp indicating when the action was logged. - `Type string` A short string that describes the action that was performed. - `Actor LogAuditListResponseActor` Provides details about the actor who performed the action. - `ID string` The ID of the actor who performed the action. If a user performed the action, this will be their User ID. - `Context LogAuditListResponseActorContext` - `const LogAuditListResponseActorContextAPIKey LogAuditListResponseActorContext = "api_key"` - `const LogAuditListResponseActorContextAPIToken LogAuditListResponseActorContext = "api_token"` - `const LogAuditListResponseActorContextDash LogAuditListResponseActorContext = "dash"` - `const LogAuditListResponseActorContextOAuth LogAuditListResponseActorContext = "oauth"` - `const LogAuditListResponseActorContextOriginCAKey LogAuditListResponseActorContext = "origin_ca_key"` - `Email string` The email of the actor who performed the action. - `IPAddress string` The IP address of the request that performed the action. - `TokenID string` The API token ID when the actor context is an api_token or oauth. - `TokenName string` The API token name when the actor context is an api_token or oauth. - `Type LogAuditListResponseActorType` The type of actor. - `const LogAuditListResponseActorTypeAccount LogAuditListResponseActorType = "account"` - `const LogAuditListResponseActorTypeCloudflareAdmin LogAuditListResponseActorType = "cloudflare_admin"` - `const LogAuditListResponseActorTypeSystem LogAuditListResponseActorType = "system"` - `const LogAuditListResponseActorTypeUser LogAuditListResponseActorType = "user"` - `Raw LogAuditListResponseRaw` Provides raw information about the request and response. - `CfRayID string` The Cloudflare Ray ID for the request. - `Method string` The HTTP method of the request. - `StatusCode int64` The HTTP response status code returned by the API. - `URI string` The URI of the request. - `UserAgent string` The client's user agent string sent with the request. - `Resource LogAuditListResponseResource` Provides details about the affected resource. - `ID string` The unique identifier for the affected resource. - `Product string` The Cloudflare product associated with the resource. - `Request unknown` - `Response unknown` - `Scope unknown` The scope of the resource. - `Type string` The type of the resource. - `Zone LogAuditListResponseZone` Provides details about the zone affected by the action. - `ID string` A string that identifies the zone id. - `Name string` A string that identifies the zone name. ### Example ```go package main import ( "context" "fmt" "time" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/accounts" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) page, err := client.Accounts.Logs.Audit.List(context.TODO(), accounts.LogAuditListParams{ AccountID: cloudflare.F("a67e14daa5f8dceeb91fe5449ba496ef"), Before: cloudflare.F(time.Now()), Since: cloudflare.F(time.Now()), }) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", page) } ``` #### Response ```json { "errors": [ { "message": "message" } ], "result": [ { "id": "023e105f4ecef8ad9ca31a8372d0c353", "account": { "id": "4bb334f7c94c4a29a045f03944f072e5", "name": "Example Account" }, "action": { "description": "Add Member", "result": "success", "time": "2024-04-26T17:31:07Z", "type": "create" }, "actor": { "id": "f6b5de0326bb5182b8a4840ee01ec774", "context": "dash", "email": "alice@example.com", "ip_address": "198.41.129.166", "token_id": "token_id", "token_name": "token_name", "type": "user" }, "raw": { "cf_ray_id": "8e9b1c60ef9e1c9a", "method": "POST", "status_code": 200, "uri": "/accounts/4bb334f7c94c4a29a045f03944f072e5/members", "user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) Safari/605.1.15" }, "resource": { "id": "id", "product": "members", "request": {}, "response": {}, "scope": {}, "type": "type" }, "zone": { "id": "id", "name": "example.com" } } ], "result_info": { "count": "1", "cursor": "ASqdKd7dKgxh-aZ8bm0mZos1BtW4BdEqifCzNkEeGRzi_5SN_-362Y8sF-C1TRn60_6rd3z2dIajf9EAPyQ_NmIeAMkacmaJPXipqvP7PLU4t72wyqBeJfjmjdE=" }, "success": true } ```