## Get account audit logs

`audit_logs.list(AuditLogListParams**kwargs)  -> SyncV4PagePaginationArray[AuditLog]`

**get** `/accounts/{account_id}/audit_logs`

Gets a list of audit logs for an account. Can be filtered by who made the change, on which zone, and the timeframe of the change.

### Parameters

- `account_id: str`

  Identifier

- `id: Optional[str]`

  Finds a specific log by its ID.

- `action: Optional[Action]`

  - `type: Optional[str]`

    Filters by the action type.

- `actor: Optional[Actor]`

  - `email: Optional[str]`

    Filters by the email address of the actor that made the change.

  - `ip: Optional[str]`

    Filters by the IP address of the request that made the change by specific IP address or valid CIDR Range.

- `before: Optional[Union[Union[null, null], Union[str, datetime]]]`

  Limits the returned results to logs older than the specified date. A `full-date` that conforms to RFC3339.

  - `Union[null, null]`

    Limits the returned results to logs older than the specified date. A `full-date` that conforms to RFC3339.

  - `Union[str, datetime]`

    Limits the returned results to logs older than the specified date. A `date-time` that conforms to RFC3339.

- `direction: Optional[Literal["desc", "asc"]]`

  Changes the direction of the chronological sorting.

  - `"desc"`

  - `"asc"`

- `export: Optional[bool]`

  Indicates that this request is an export of logs in CSV format.

- `hide_user_logs: Optional[bool]`

  Indicates whether or not to hide user level audit logs.

- `page: Optional[float]`

  Defines which page of results to return.

- `per_page: Optional[float]`

  Sets the number of results to return per page.

- `since: Optional[Union[Union[null, null], Union[str, datetime]]]`

  Limits the returned results to logs newer than the specified date. A `full-date` that conforms to RFC3339.

  - `Union[null, null]`

    Limits the returned results to logs newer than the specified date. A `full-date` that conforms to RFC3339.

  - `Union[str, datetime]`

    Limits the returned results to logs newer than the specified date. A `date-time` that conforms to RFC3339.

- `zone: Optional[Zone]`

  - `name: Optional[str]`

    Filters by the name of the zone associated to the change.

### Returns

- `class AuditLog: …`

  - `id: Optional[str]`

    A string that uniquely identifies the audit log.

  - `action: Optional[Action]`

    - `result: Optional[bool]`

      A boolean that indicates if the action attempted was successful.

    - `type: Optional[str]`

      A short string that describes the action that was performed.

  - `actor: Optional[Actor]`

    - `id: Optional[str]`

      The ID of the actor that performed the action. If a user performed the action, this will be their User ID.

    - `email: Optional[str]`

      The email of the user that performed the action.

    - `ip: Optional[str]`

      The IP address of the request that performed the action.

    - `type: Optional[Literal["user", "admin", "Cloudflare"]]`

      The type of actor, whether a User, Cloudflare Admin, or an Automated System.

      - `"user"`

      - `"admin"`

      - `"Cloudflare"`

  - `interface: Optional[str]`

    The source of the event.

  - `metadata: Optional[object]`

    An object which can lend more context to the action being logged. This is a flexible value and varies between different actions.

  - `new_value: Optional[str]`

    The new value of the resource that was modified.

  - `old_value: Optional[str]`

    The value of the resource before it was modified.

  - `owner: Optional[Owner]`

    - `id: Optional[str]`

      Identifier

  - `resource: Optional[Resource]`

    - `id: Optional[str]`

      An identifier for the resource that was affected by the action.

    - `type: Optional[str]`

      A short string that describes the resource that was affected by the action.

  - `when: Optional[datetime]`

    A UTC RFC3339 timestamp that specifies when the action being logged occured.

### Example

```python
import os
from cloudflare import Cloudflare

client = Cloudflare(
    api_token=os.environ.get("CLOUDFLARE_API_TOKEN"),  # This is the default and can be omitted
)
page = client.audit_logs.list(
    account_id="023e105f4ecef8ad9ca31a8372d0c353",
)
page = page.result[0]
print(page.id)
```

#### Response

```json
{
  "errors": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "messages": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "result": [
    {
      "id": "d5b0f326-1232-4452-8858-1089bd7168ef",
      "action": {
        "result": true,
        "type": "change_setting"
      },
      "actor": {
        "id": "f6b5de0326bb5182b8a4840ee01ec774",
        "email": "michelle@example.com",
        "ip": "198.41.129.166",
        "type": "user"
      },
      "interface": "API",
      "metadata": {
        "name": "security_level",
        "type": "firewall",
        "value": "high",
        "zone_name": "example.com"
      },
      "newValue": "low",
      "oldValue": "high",
      "owner": {
        "id": "023e105f4ecef8ad9ca31a8372d0c353"
      },
      "resource": {
        "id": "023e105f4ecef8ad9ca31a8372d0c353",
        "type": "zone"
      },
      "when": "2017-04-26T17:31:07Z"
    }
  ],
  "success": true
}
```