# Audit Logs

## Get account audit logs

`client.auditLogs.list(AuditLogListParamsparams, RequestOptionsoptions?): V4PagePaginationArray<AuditLog>`

**get** `/accounts/{account_id}/audit_logs`

Gets a list of audit logs for an account. Can be filtered by who made the change, on which zone, and the timeframe of the change.

### Parameters

- `params: AuditLogListParams`

  - `account_id: string`

    Path param: Identifier

  - `id?: string`

    Query param: Finds a specific log by its ID.

  - `action?: Action`

    Query param

    - `type?: string`

      Filters by the action type.

  - `actor?: Actor`

    Query param

    - `email?: string`

      Filters by the email address of the actor that made the change.

    - `ip?: string`

      Filters by the IP address of the request that made the change by specific IP address or valid CIDR Range.

  - `before?: (string & {}) | (string & {})`

    Query param: Limits the returned results to logs older than the specified date. A `full-date` that conforms to RFC3339.

    - `(string & {})`

    - `(string & {})`

  - `direction?: "desc" | "asc"`

    Query param: Changes the direction of the chronological sorting.

    - `"desc"`

    - `"asc"`

  - `_export?: boolean`

    Query param: Indicates that this request is an export of logs in CSV format.

  - `hide_user_logs?: boolean`

    Query param: Indicates whether or not to hide user level audit logs.

  - `page?: number`

    Query param: Defines which page of results to return.

  - `per_page?: number`

    Query param: Sets the number of results to return per page.

  - `since?: (string & {}) | (string & {})`

    Query param: Limits the returned results to logs newer than the specified date. A `full-date` that conforms to RFC3339.

    - `(string & {})`

    - `(string & {})`

  - `zone?: Zone`

    Query param

    - `name?: string`

      Filters by the name of the zone associated to the change.

### Returns

- `AuditLog`

  - `id?: string`

    A string that uniquely identifies the audit log.

  - `action?: Action`

    - `result?: boolean`

      A boolean that indicates if the action attempted was successful.

    - `type?: string`

      A short string that describes the action that was performed.

  - `actor?: Actor`

    - `id?: string`

      The ID of the actor that performed the action. If a user performed the action, this will be their User ID.

    - `email?: string`

      The email of the user that performed the action.

    - `ip?: string`

      The IP address of the request that performed the action.

    - `type?: "user" | "admin" | "Cloudflare"`

      The type of actor, whether a User, Cloudflare Admin, or an Automated System.

      - `"user"`

      - `"admin"`

      - `"Cloudflare"`

  - `interface?: string`

    The source of the event.

  - `metadata?: unknown`

    An object which can lend more context to the action being logged. This is a flexible value and varies between different actions.

  - `newValue?: string`

    The new value of the resource that was modified.

  - `oldValue?: string`

    The value of the resource before it was modified.

  - `owner?: Owner`

    - `id?: string`

      Identifier

  - `resource?: Resource`

    - `id?: string`

      An identifier for the resource that was affected by the action.

    - `type?: string`

      A short string that describes the resource that was affected by the action.

  - `when?: string`

    A UTC RFC3339 timestamp that specifies when the action being logged occured.

### Example

```node
import Cloudflare from 'cloudflare';

const client = new Cloudflare({
  apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted
});

// Automatically fetches more pages as needed.
for await (const auditLog of client.auditLogs.list({
  account_id: '023e105f4ecef8ad9ca31a8372d0c353',
})) {
  console.log(auditLog.id);
}
```

#### Response

```json
{
  "errors": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "messages": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "result": [
    {
      "id": "d5b0f326-1232-4452-8858-1089bd7168ef",
      "action": {
        "result": true,
        "type": "change_setting"
      },
      "actor": {
        "id": "f6b5de0326bb5182b8a4840ee01ec774",
        "email": "michelle@example.com",
        "ip": "198.41.129.166",
        "type": "user"
      },
      "interface": "API",
      "metadata": {
        "name": "security_level",
        "type": "firewall",
        "value": "high",
        "zone_name": "example.com"
      },
      "newValue": "low",
      "oldValue": "high",
      "owner": {
        "id": "023e105f4ecef8ad9ca31a8372d0c353"
      },
      "resource": {
        "id": "023e105f4ecef8ad9ca31a8372d0c353",
        "type": "zone"
      },
      "when": "2017-04-26T17:31:07Z"
    }
  ],
  "success": true
}
```