Audit Logs
API7 Control Plane provides a complete audit trail of all administrative actions. These audit logs are essential for security monitoring, troubleshooting, and meeting regulatory compliance requirements.
Capabilities
- Comprehensive Tracking: Record all changes to routes, services, plugins, and security policies.
- Detailed Context: Capture the identity of the user who made the change, the time of the action, and the specific modifications (diff).
- Long-Term Retention: Configure the retention period for audit data to meet your compliance needs.
- External Export: Export audit logs to SIEM platforms for centralized analysis.
Audit Log Contents
Each audit log entry includes:
| Field | Description |
|---|---|
| Timestamp | When the operation occurred. |
| Operator | The username or API key used to perform the action. |
| Operation | The type of action performed (e.g., CREATE, UPDATE, DELETE). |
| Resource | The target object (e.g., Route: 123, SSL: 456). |
| Details / Diff | A comparison of the object's state before and after the change. |
| Source IP | The IP address from which the request originated. |
Review Audit Logs in the Dashboard
To view the audit trail, log in to the API7 Dashboard and navigate to the RBAC > Audit Logs section. You can filter the logs by date range, operator, operation type, or specific resource.
Retention
By default, audit logs are retained for 60 days. The Control Plane runs a background cleanup job that deletes audit entries older than the configured retention period. To change the retention period, set audit.retention_days in your Control Plane configuration:
audit:
retention_days: 180
Set a longer retention period if your compliance framework requires extended audit history, or a shorter one to reduce database storage consumption.
Export to SIEM
For advanced security analysis and correlation, you can export your audit logs to external SIEM platforms such as Splunk, Elastic, or Datadog. See the Splunk Integration guide for a detailed walkthrough of connecting API7 logs to Splunk using the HEC (HTTP Event Collector). The same approach works for any log sink that exposes an HTTP ingestion endpoint. For high-volume environments, you can also query the underlying PostgreSQL database for audit data directly.
Compliance and Accountability
By maintaining a clear, immutable record of all administrative changes, API7 Gateway helps you demonstrate accountability and pass security audits. Audit logs ensure that every configuration change can be traced back to a specific individual and time.
Next Steps
- Configure RBAC to limit who can make administrative changes.
- Review our Trust Center for certifications and security reports.