Skip to main content

Overview

Audit logs give you a 90-day history of who did what in your cloud, when, where, and with what result. It spans resource actions such as create/start/stop/delete, administrative actions such as role changes or successful/failed logins, and billing actions such as managing reservations.

Details

Audit logs are currently available via our API. You can find more details about the response, and how to filter it, in the API spec here.

The audit log exposes actions taken through our control plane; for example, via our Console, API, CLI, Terraform, etc. It does not report on actions taken from within a resource. Note that the audit log does not have entries for data access events (i.e. GET/view/list-like actions from users in your organization).

We do not currently charge for audit log generation.

info

If you would like to request access to audit logs, please contact our support team.

Example: Audit log entry

Below is an example entry for starting a VM. This gives you readable visibility into who did the action (actor) on what resource (target) in what environment (organization, project, location). There are other helpful details such as the actor's control plane surface, error message if there was one, and their IP.

{
    "action": "Start",
    "action_detail": "",
    "actor_id": "ab4a6b00-aa5f-408e-a9fb-ac6de5eb45ab",
    "actor_email": "[email protected]",
    "actor_type": "User",
    "client_ip": "10.192.200.155:12345",
    "end_time": "2024-07-21T23:10:29.157Z",
    "error_message": "",
    "locations": "[us-northcentral1-a]",
    "organization_id": "804bf3a2-81f2-4d78-9a9e-dc6a55ed33d8",
    "organization_name": "My Company",
    "project_id": "ca39e669-47ee-456b-968d-303234fbf99f",
    "project_name": "renewable-ocean-807",
    "target_ids": "[123e4567-e89b-12d3-a456-426614174000]",
    "target_names": "[my-vm]",
    "target_type": "VM",
    "result": "OK",
    "start_time": "2024-07-21T23:10:11.982Z",
    "surface": "Console"
}

Example: Querying audit logs

Below is an example of calling the audit log API endpoint via Python. You can learn more about authenticated API requests here.

import hmac
import hashlib
import base64
import datetime
import requests
import json

# AT MINIMUM, FILL OUT THESE 3 VARIABLES AND RUN THE SCRIPT
# BY DEFAULT YOU WILL GET 1-DAY HISTORY OF AUDIT LOGS
api_access_key = ""
api_secret_key = ""
org_id = ""


# OPTIONAL: TO FILTER OUTPUT WITH QUERY PARAMS
#  1. add them to query_params_dict
#  2. sort them alphabetically, seperate by &, and add to query_params_string
#
# Example:
# query_params_dict = {
#     "target_types" : "VM",
#     "project_ids" : "fc9hyy16-305c-k8fg-8d70-b474fec1f009"
# }
# query_params_string = "project_ids=fc9hyy16-305c-k8fg-8d70-b474fec1f009&target_types=VM"
#
# See all supported query parameters at https://docs.crusoecloud.com/api/index.html

query_params_dict = {}
query_params_string = ""


########################################
# ----- DON'T EDIT BELOW THIS  ------- #
########################################


request_path = "/organizations/" + org_id + "/audit-logs"
request_verb = "GET"
signature_version = "1.0"
api_version = "/v1alpha5"

dt = str(datetime.datetime.now(datetime.timezone.utc).replace(microsecond=0))
dt = dt.replace(" ", "T")

payload = api_version + request_path + "\n" + query_params_string + "\n" + request_verb + "\n{0}\n".format(dt)
decoded = base64.urlsafe_b64decode(api_secret_key + '=' * (-len(api_secret_key) % 4))
signature = base64.urlsafe_b64encode(hmac.new(decoded, msg = bytes(payload, 'ascii'), digestmod=hashlib.sha256).digest()).decode('ascii').rstrip("=")

response = requests.get(
    'https://api.crusoecloud.com' + api_version + request_path,
    headers={
        'X-Crusoe-Timestamp': dt,
        'Authorization': 'Bearer {0}:{1}:{2}'.format(signature_version, api_access_key, signature)
        },
    params=query_params_dict
)
data = response.text
mydata = json.loads(data)
print(json.dumps(mydata, indent=4))