# Zucms ## Audit Log > Category: Organization --- ## Pages - [Introduction](https://docs.zucms.co/introduction) ### API - [RESTful API](https://docs.zucms.co/api/rest) - [Typescript SDK](https://docs.zucms.co/api/typescript) ### Getting Started - [Quick Start](https://docs.zucms.co/getting-started/quick-start) - [Core Concepts](https://docs.zucms.co/getting-started/core-concepts) ### Models - [Overview](https://docs.zucms.co/models/overview) - [Field Types](https://docs.zucms.co/models/field-types) - [Relations](https://docs.zucms.co/models/relations) ### Content - [Working with Entries](https://docs.zucms.co/content/working-with-entries) - [Localization](https://docs.zucms.co/content/localization) ### Access & Security - [Roles](https://docs.zucms.co/access-security/roles) - [Access Policies](https://docs.zucms.co/access-security/access-policies) ### Organization - [Members & Roles](https://docs.zucms.co/organization/members-roles) - [Audit Log](https://docs.zucms.co/organization/audit-log) - [Billing & Plans](https://docs.zucms.co/organization/billing-plans) --- # Audit Log The audit log is an immutable record of every significant action taken inside your organization. Use it to investigate incidents, track changes, and meet compliance requirements. ## What gets logged | Category | Example actions | |---|---| | `auth` | Login, logout, failed login attempt | | `content` | Entry created, updated, deleted, duplicated, bulk-deleted | | `schema` | Model created/updated/deleted, field created/updated/deleted, relation changed, migration applied | | `files` | File uploaded, replaced, deleted, storage limit exceeded | | `access` | Access policy created/updated/deleted, policy assigned to user or API key | | `billing` | Plan changed, billing settings updated | | `organization` | Organization settings updated, i18n settings updated | | `api` | API key created, API key revoked | | `mcp` | Actions triggered via the MCP integration | ## Severity levels | Level | Meaning | |---|---| | `info` | Routine operation (e.g. entry read, login) | | `warning` | Notable change that may need review (e.g. role changed) | | `critical` | Destructive or high-impact action (e.g. model deleted, API key revoked) | ## Viewing the audit log Go to **Organization → Audit Log**. The table shows the most recent events first. Each row shows: - The **action** that was taken. - The **actor** (user, API key, or system). - The **target** (which entry, model, user, etc. was affected). - The **timestamp**. - The **severity** badge. Click a row to open the detail sheet, which shows the full diff (before/after values) and request context (IP address, user agent). ## Filtering | Filter | Description | |---|---| | **Search** | Free-text search on the event summary | | **Category** | Filter by one of the categories above | | **Severity** | Filter by `info`, `warning`, or `critical` | | **Date range** | Show only events between two dates | ## Retention Audit log retention depends on your plan: | Plan | Retention | |---|---| | Free | 30 days | | Start-Up | 90 days | Events older than the retention window are automatically purged.