# Logs # Audit ## Get organization audit logs (Version 2, Beta release) `client.organizations.logs.audit.list(stringorganizationId, AuditListParamsquery, RequestOptionsoptions?): CursorPaginationAfter` **get** `/organizations/{organization_id}/logs/audit` Gets a list of audit logs for an organization. ### Parameters - `organizationId: string` The unique id that identifies the organization. - `query: AuditListParams` - `before: string` Limits the returned results to logs older than the specified date. This can be a date string 2019-04-30 (interpreted in UTC) or an absolute timestamp that conforms to RFC3339. - `since: string` Limits the returned results to logs newer than the specified date. This can be a date string 2019-04-30 (interpreted in UTC) or an absolute timestamp that conforms to RFC3339. - `id?: ID` - `not?: Array` Filters out audit logs by their IDs. - `action_result?: ActionResult` - `not?: Array<"success" | "failure">` Filters out audit logs by whether the action was successful or not. - `"success"` - `"failure"` - `action_type?: ActionType` - `not?: Array<"create" | "delete" | "view" | "update">` Filters out audit logs by the action type. - `"create"` - `"delete"` - `"view"` - `"update"` - `actor_context?: ActorContext` - `not?: Array<"api_key" | "api_token" | "dash" | 2 more>` Filters out audit logs by the actor context. - `"api_key"` - `"api_token"` - `"dash"` - `"oauth"` - `"origin_ca_key"` - `actor_email?: ActorEmail` - `not?: Array` Filters out audit logs by the actor's email address. - `actor_id?: ActorID` - `not?: Array` Filters out audit logs by the actor's user ID. - `actor_ip_address?: ActorIPAddress` - `not?: Array` Filters out audit logs IP address where the action was initiated. - `actor_token_id?: ActorTokenID` - `not?: Array` Filters out audit logs by the API token ID when the actor context is an api_token or oauth. - `actor_token_name?: ActorTokenName` - `not?: Array` Filters out audit logs by the API token name when the actor context is an api_token or oauth. - `actor_type?: ActorType` - `not?: Array<"cloudflare_admin" | "system" | "user">` Filters out audit logs by the actor type. - `"cloudflare_admin"` - `"system"` - `"user"` - `cursor?: string` The cursor is an opaque token used to paginate through large sets of records. It indicates the position from which to continue when requesting the next set of records. A valid cursor value can be obtained from the cursor object in the result_info structure of a previous response. - `direction?: "desc" | "asc"` Sets sorting order. - `"desc"` - `"asc"` - `limit?: number` The number limits the objects to return. The cursor attribute may be used to iterate over the next batch of objects if there are more than the limit. - `raw_cf_ray_id?: RawCfRayID` - `not?: Array` Filters out audit logs by the response CF Ray ID. - `raw_method?: RawMethod` - `not?: Array` Filters out audit logs by the HTTP method for the API call. - `raw_status_code?: RawStatusCode` - `not?: Array` Filters out audit logs by the response status code that was returned. - `raw_uri?: RawURI` - `not?: Array` Filters out audit logs by the request URI. - `resource_id?: ResourceID` - `not?: Array` Filters out audit logs by the resource ID. - `resource_product?: ResourceProduct` - `not?: Array` Filters out audit logs by the Cloudflare product associated with the changed resource. - `resource_scope?: ResourceScope` - `not?: Array<"organizations">` Filters out audit logs by the resource scope, specifying whether the resource is associated with an organization. - `"organizations"` - `resource_type?: ResourceType` - `not?: Array` Filters out audit logs based on the unique type of resource changed by the action. ### Returns - `AuditListResponse` - `id?: string` A unique identifier for the audit log entry. - `action?: Action` Provides information about the action performed. - `description?: string` A short description of the action performed. - `result?: string` The result of the action, indicating success or failure. - `time?: string` A timestamp indicating when the action was logged. - `type?: string` A short string that describes the action that was performed. - `actor?: Actor` Provides details about the actor who performed the action. - `id?: string` The ID of the actor who performed the action. If a user performed the action, this will be their User ID. - `context?: "api_key" | "api_token" | "dash" | 2 more` - `"api_key"` - `"api_token"` - `"dash"` - `"oauth"` - `"origin_ca_key"` - `email?: string` The email of the actor who performed the action. - `ip_address?: string` The IP address of the request that performed the action. - `token_id?: string` The API token ID when the actor context is an api_token or oauth. - `token_name?: string` The API token name when the actor context is an api_token or oauth. - `type?: "cloudflare_admin" | "system" | "user"` The type of actor. - `"cloudflare_admin"` - `"system"` - `"user"` - `organization?: Organization` Contains organization related information. - `id?: string` A unique identifier for the organization. - `raw?: Raw` Provides raw information about the request and response. - `cf_ray_id?: string` The Cloudflare Ray ID for the request. - `method?: string` The HTTP method of the request. - `status_code?: number` The HTTP response status code returned by the API. - `uri?: string` The URI of the request. - `user_agent?: string` The client's user agent string sent with the request. - `resource?: Resource` Provides details about the affected resource. - `id?: string` The unique identifier for the affected resource. - `product?: string` The Cloudflare product associated with the resource. - `request?: unknown` - `response?: unknown` - `scope?: unknown` The scope of the resource. - `type?: string` The type of the resource. ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); // Automatically fetches more pages as needed. for await (const auditListResponse of client.organizations.logs.audit.list( 'a67e14daa5f8dceeb91fe5449ba496ef', { before: '2024-10-31', since: '2024-10-30' }, )) { console.log(auditListResponse.id); } ``` #### Response ```json { "errors": [ { "message": "message" } ], "result": [ { "id": "023e105f4ecef8ad9ca31a8372d0c353", "action": { "description": "Add Member", "result": "success", "time": "2024-04-26T17:31:07Z", "type": "create" }, "actor": { "id": "f6b5de0326bb5182b8a4840ee01ec774", "context": "dash", "email": "alice@example.com", "ip_address": "198.41.129.166", "token_id": "token_id", "token_name": "token_name", "type": "user" }, "organization": { "id": "019c4f65e7607d8c9f6f6b58aa3aff50" }, "raw": { "cf_ray_id": "8e9b1c60ef9e1c9a", "method": "POST", "status_code": 200, "uri": "/accounts/4bb334f7c94c4a29a045f03944f072e5/members", "user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) Safari/605.1.15" }, "resource": { "id": "id", "product": "organizations", "request": {}, "response": {}, "scope": {}, "type": "type" } } ], "result_info": { "count": "1", "cursor": "ASqdKd7dKgxh-aZ8bm0mZos1BtW4BdEqifCzNkEeGRzi_5SN_-362Y8sF-C1TRn60_6rd3z2dIajf9EAPyQ_NmIeAMkacmaJPXipqvP7PLU4t72wyqBeJfjmjdE=" }, "success": true } ``` ## Domain Types ### Audit List Response - `AuditListResponse` - `id?: string` A unique identifier for the audit log entry. - `action?: Action` Provides information about the action performed. - `description?: string` A short description of the action performed. - `result?: string` The result of the action, indicating success or failure. - `time?: string` A timestamp indicating when the action was logged. - `type?: string` A short string that describes the action that was performed. - `actor?: Actor` Provides details about the actor who performed the action. - `id?: string` The ID of the actor who performed the action. If a user performed the action, this will be their User ID. - `context?: "api_key" | "api_token" | "dash" | 2 more` - `"api_key"` - `"api_token"` - `"dash"` - `"oauth"` - `"origin_ca_key"` - `email?: string` The email of the actor who performed the action. - `ip_address?: string` The IP address of the request that performed the action. - `token_id?: string` The API token ID when the actor context is an api_token or oauth. - `token_name?: string` The API token name when the actor context is an api_token or oauth. - `type?: "cloudflare_admin" | "system" | "user"` The type of actor. - `"cloudflare_admin"` - `"system"` - `"user"` - `organization?: Organization` Contains organization related information. - `id?: string` A unique identifier for the organization. - `raw?: Raw` Provides raw information about the request and response. - `cf_ray_id?: string` The Cloudflare Ray ID for the request. - `method?: string` The HTTP method of the request. - `status_code?: number` The HTTP response status code returned by the API. - `uri?: string` The URI of the request. - `user_agent?: string` The client's user agent string sent with the request. - `resource?: Resource` Provides details about the affected resource. - `id?: string` The unique identifier for the affected resource. - `product?: string` The Cloudflare product associated with the resource. - `request?: unknown` - `response?: unknown` - `scope?: unknown` The scope of the resource. - `type?: string` The type of the resource.