# Logs # Audit ## Get account audit logs (Version 2) `accounts.logs.audit.list(AuditListParams**kwargs) -> SyncCursorPaginationAfter[AuditListResponse]` **get** `/accounts/{account_id}/logs/audit` Gets a list of audit logs for an account. ### Parameters - `account_id: str` The unique id that identifies the account. - `before: Union[null, null]` Limits the returned results to logs older than the specified date. This can be a date string 2019-04-30 (interpreted in UTC) or an absolute timestamp that conforms to RFC3339. - `since: Union[null, null]` Limits the returned results to logs newer than the specified date. This can be a date string 2019-04-30 (interpreted in UTC) or an absolute timestamp that conforms to RFC3339. - `id: Optional[ID]` - `not_: Optional[SequenceNotStr[str]]` Filters out audit logs by their IDs. - `account_name: Optional[AccountName]` - `not_: Optional[SequenceNotStr[str]]` Filters out audit logs by the account name. - `action_result: Optional[ActionResult]` - `not_: Optional[List[Literal["success", "failure"]]]` Filters out audit logs by whether the action was successful or not. - `"success"` - `"failure"` - `action_type: Optional[ActionType]` - `not_: Optional[List[Literal["create", "delete", "view", "update"]]]` Filters out audit logs by the action type. - `"create"` - `"delete"` - `"view"` - `"update"` - `actor_context: Optional[ActorContext]` - `not_: Optional[List[Literal["api_key", "api_token", "dash", 2 more]]]` Filters out audit logs by the actor context. - `"api_key"` - `"api_token"` - `"dash"` - `"oauth"` - `"origin_ca_key"` - `actor_email: Optional[ActorEmail]` - `not_: Optional[SequenceNotStr[str]]` Filters out audit logs by the actor's email address. - `actor_id: Optional[ActorID]` - `not_: Optional[SequenceNotStr[str]]` Filters out audit logs by the actor ID. This can be either the Account ID or User ID. - `actor_ip_address: Optional[ActorIPAddress]` - `not_: Optional[SequenceNotStr[str]]` Filters out audit logs IP address where the action was initiated. - `actor_token_id: Optional[ActorTokenID]` - `not_: Optional[SequenceNotStr[str]]` Filters out audit logs by the API token ID when the actor context is an api_token or oauth. - `actor_token_name: Optional[ActorTokenName]` - `not_: Optional[SequenceNotStr[str]]` Filters out audit logs by the API token name when the actor context is an api_token or oauth. - `actor_type: Optional[ActorType]` - `not_: Optional[List[Literal["account", "cloudflare_admin", "system", "user"]]]` Filters out audit logs by the actor type. - `"account"` - `"cloudflare_admin"` - `"system"` - `"user"` - `audit_log_id: Optional[AuditLogID]` - `not_: Optional[SequenceNotStr[str]]` Filters out audit logs by their IDs. - `cursor: Optional[str]` The cursor is an opaque token used to paginate through large sets of records. It indicates the position from which to continue when requesting the next set of records. A valid cursor value can be obtained from the cursor object in the result_info structure of a previous response. - `direction: Optional[Literal["desc", "asc"]]` Sets sorting order. - `"desc"` - `"asc"` - `limit: Optional[float]` The number limits the objects to return. The cursor attribute may be used to iterate over the next batch of objects if there are more than the limit. - `raw_cf_rayid: Optional[RawCfRayID]` - `not_: Optional[SequenceNotStr[str]]` Filters out audit logs by the response CF Ray ID. - `raw_method: Optional[RawMethod]` - `not_: Optional[SequenceNotStr[str]]` Filters out audit logs by the HTTP method for the API call. - `raw_status_code: Optional[RawStatusCode]` - `not_: Optional[Iterable[int]]` Filters out audit logs by the response status code that was returned. - `raw_uri: Optional[RawURI]` - `not_: Optional[SequenceNotStr[str]]` Filters out audit logs by the request URI. - `resource_id: Optional[ResourceID]` - `not_: Optional[SequenceNotStr[str]]` Filters out audit logs by the resource ID. - `resource_product: Optional[ResourceProduct]` - `not_: Optional[SequenceNotStr[str]]` Filters out audit logs by the Cloudflare product associated with the changed resource. - `resource_scope: Optional[ResourceScope]` - `not_: Optional[List[Literal["accounts", "user", "zones", "memberships"]]]` Filters out audit logs by the resource scope, specifying whether the resource is associated with an user, an account, a zone, or a membership. - `"accounts"` - `"user"` - `"zones"` - `"memberships"` - `resource_type: Optional[ResourceType]` - `not_: Optional[SequenceNotStr[str]]` Filters out audit logs based on the unique type of resource changed by the action. - `zone_id: Optional[ZoneID]` - `not_: Optional[SequenceNotStr[str]]` Filters out audit logs by the zone ID. - `zone_name: Optional[ZoneName]` - `not_: Optional[SequenceNotStr[str]]` Filters out audit logs by the zone name associated with the change. ### Returns - `class AuditListResponse: …` - `id: Optional[str]` A unique identifier for the audit log entry. - `account: Optional[Account]` Contains account related information. - `id: Optional[str]` A unique identifier for the account. - `name: Optional[str]` A string that identifies the account name. - `action: Optional[Action]` Provides information about the action performed. - `description: Optional[str]` A short description of the action performed. - `result: Optional[str]` The result of the action, indicating success or failure. - `time: Optional[datetime]` A timestamp indicating when the action was logged. - `type: Optional[str]` A short string that describes the action that was performed. - `actor: Optional[Actor]` Provides details about the actor who performed the action. - `id: Optional[str]` The ID of the actor who performed the action. If a user performed the action, this will be their User ID. - `context: Optional[Literal["api_key", "api_token", "dash", 2 more]]` - `"api_key"` - `"api_token"` - `"dash"` - `"oauth"` - `"origin_ca_key"` - `email: Optional[str]` The email of the actor who performed the action. - `ip_address: Optional[str]` The IP address of the request that performed the action. - `token_id: Optional[str]` The API token ID when the actor context is an api_token or oauth. - `token_name: Optional[str]` The API token name when the actor context is an api_token or oauth. - `type: Optional[Literal["account", "cloudflare_admin", "system", "user"]]` The type of actor. - `"account"` - `"cloudflare_admin"` - `"system"` - `"user"` - `raw: Optional[Raw]` Provides raw information about the request and response. - `cf_rayid: Optional[str]` The Cloudflare Ray ID for the request. - `method: Optional[str]` The HTTP method of the request. - `status_code: Optional[int]` The HTTP response status code returned by the API. - `uri: Optional[str]` The URI of the request. - `user_agent: Optional[str]` The client's user agent string sent with the request. - `resource: Optional[Resource]` Provides details about the affected resource. - `id: Optional[str]` The unique identifier for the affected resource. - `product: Optional[str]` The Cloudflare product associated with the resource. - `request: Optional[object]` - `response: Optional[object]` - `scope: Optional[object]` The scope of the resource. - `type: Optional[str]` The type of the resource. - `zone: Optional[Zone]` Provides details about the zone affected by the action. - `id: Optional[str]` A string that identifies the zone id. - `name: Optional[str]` A string that identifies the zone name. ### Example ```python import os from datetime import date from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) page = client.accounts.logs.audit.list( account_id="a67e14daa5f8dceeb91fe5449ba496ef", before=date.fromisoformat("2024-10-31"), since=date.fromisoformat("2024-10-30"), ) page = page.result[0] print(page.id) ``` #### Response ```json { "errors": [ { "message": "message" } ], "result": [ { "id": "023e105f4ecef8ad9ca31a8372d0c353", "account": { "id": "4bb334f7c94c4a29a045f03944f072e5", "name": "Example Account" }, "action": { "description": "Add Member", "result": "success", "time": "2024-04-26T17:31:07Z", "type": "create" }, "actor": { "id": "f6b5de0326bb5182b8a4840ee01ec774", "context": "dash", "email": "alice@example.com", "ip_address": "198.41.129.166", "token_id": "token_id", "token_name": "token_name", "type": "user" }, "raw": { "cf_ray_id": "8e9b1c60ef9e1c9a", "method": "POST", "status_code": 200, "uri": "/accounts/4bb334f7c94c4a29a045f03944f072e5/members", "user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) Safari/605.1.15" }, "resource": { "id": "id", "product": "members", "request": {}, "response": {}, "scope": {}, "type": "type" }, "zone": { "id": "id", "name": "example.com" } } ], "result_info": { "count": "1", "cursor": "ASqdKd7dKgxh-aZ8bm0mZos1BtW4BdEqifCzNkEeGRzi_5SN_-362Y8sF-C1TRn60_6rd3z2dIajf9EAPyQ_NmIeAMkacmaJPXipqvP7PLU4t72wyqBeJfjmjdE=" }, "success": true } ``` ## Domain Types ### Audit List Response - `class AuditListResponse: …` - `id: Optional[str]` A unique identifier for the audit log entry. - `account: Optional[Account]` Contains account related information. - `id: Optional[str]` A unique identifier for the account. - `name: Optional[str]` A string that identifies the account name. - `action: Optional[Action]` Provides information about the action performed. - `description: Optional[str]` A short description of the action performed. - `result: Optional[str]` The result of the action, indicating success or failure. - `time: Optional[datetime]` A timestamp indicating when the action was logged. - `type: Optional[str]` A short string that describes the action that was performed. - `actor: Optional[Actor]` Provides details about the actor who performed the action. - `id: Optional[str]` The ID of the actor who performed the action. If a user performed the action, this will be their User ID. - `context: Optional[Literal["api_key", "api_token", "dash", 2 more]]` - `"api_key"` - `"api_token"` - `"dash"` - `"oauth"` - `"origin_ca_key"` - `email: Optional[str]` The email of the actor who performed the action. - `ip_address: Optional[str]` The IP address of the request that performed the action. - `token_id: Optional[str]` The API token ID when the actor context is an api_token or oauth. - `token_name: Optional[str]` The API token name when the actor context is an api_token or oauth. - `type: Optional[Literal["account", "cloudflare_admin", "system", "user"]]` The type of actor. - `"account"` - `"cloudflare_admin"` - `"system"` - `"user"` - `raw: Optional[Raw]` Provides raw information about the request and response. - `cf_rayid: Optional[str]` The Cloudflare Ray ID for the request. - `method: Optional[str]` The HTTP method of the request. - `status_code: Optional[int]` The HTTP response status code returned by the API. - `uri: Optional[str]` The URI of the request. - `user_agent: Optional[str]` The client's user agent string sent with the request. - `resource: Optional[Resource]` Provides details about the affected resource. - `id: Optional[str]` The unique identifier for the affected resource. - `product: Optional[str]` The Cloudflare product associated with the resource. - `request: Optional[object]` - `response: Optional[object]` - `scope: Optional[object]` The scope of the resource. - `type: Optional[str]` The type of the resource. - `zone: Optional[Zone]` Provides details about the zone affected by the action. - `id: Optional[str]` A string that identifies the zone id. - `name: Optional[str]` A string that identifies the zone name.