Skip to main content

Audit logs

Audit logs in Chef 360 Platform are automatically generated for requests that change application state (create, update, or delete actions). Each log entry contains contextual information such as user, organization, and request path. Audit logs provide traceability for key operations, detailing who did what, when, and with what effect. Use audit logs to monitor and investigate security-sensitive events.

Note

You can retrieve a maximum of 10 days of audit log history in a single request.

Access audit logs for users

Prerequisites

To retrieve audit logs for specific users or all users within your tenant, you must have tenant admin privileges. Both CLI commands and API calls for accessing multi-user audit logs require authentication with a tenant admin user account. Regular users can only access their own audit logs using the self audit log methods.

Retrieve user audit logs with the CLI

To retrieve audit logs for users within your tenant, use the log-service audit get-admin-logs subcommand:

chef-platform-auth-cli log-service audit get-admin-logs \
  --users "<USER_EMAIL_LIST>" \
  --from "<START_TIMESTAMP>" \
  --to "<END_TIMESTAMP>" \
  --order "<SORT_ORDER>" \
  --file-name "<OUTPUT_FILE_PATH>" \
  --profile <PROFILE_NAME>

Replace the following:

  • <USER_EMAIL_LIST> (optional): A comma-separated list of user email addresses to filter logs, for example, user1@example.com,user2@example.com. If not specified, retrieves logs for all users in the tenant.
  • <START_TIMESTAMP> (optional): The start timestamp for log retrieval in ISO 8601 format, for example, 2025-10-09T09:00:00Z. Defaults to 1 hour ago.
  • <END_TIMESTAMP> (optional): The end timestamp for log retrieval in ISO 8601 format, for example, 2025-10-09T17:00:00Z. Defaults to the current time.
  • <SORT_ORDER> (optional): The sort order for log entries by timestamp. Use asc for oldest logs first or desc for newest logs first. Defaults to desc.
  • <OUTPUT_FILE_PATH> (optional): The path to the file to write the response body to, for example, admin-audit-logs.json. If not specified, the output is written to stdout.
  • <PROFILE_NAME>: The name of the profile to use for authentication (the profile must have tenant admin privileges).

Retrieve user audit logs with the API

To retrieve audit logs for administrative oversight within your tenant, use the following API command:

curl -X GET "https://<YOUR_DOMAIN>/api/log-service/audit/admin?users=<USER_EMAIL_LIST>&from=<START_TIMESTAMP>&to=<END_TIMESTAMP>&order=<SORT_ORDER>" \
  -H "Authorization: Bearer <JWT_TOKEN>"

Replace the following:

  • <YOUR_DOMAIN>: Your Chef 360 Platform domain, for example, chef-platform.example.com.
  • <USER_EMAIL_LIST> (optional): A comma-separated list of user email addresses to filter the logs, for example, user1@example.com,user2@example.com.
  • <START_TIMESTAMP> (optional): The start timestamp in ISO 8601 format, for example, 2025-10-09T09:00:00Z. Defaults to 1 hour ago.
  • <END_TIMESTAMP> (optional): The end timestamp in ISO 8601 format, for example, 2025-10-09T12:00:00Z. Defaults to the current time.
  • <SORT_ORDER> (optional): The sort order for log entries. Use asc or desc, for example, desc. Defaults to desc.
  • <JWT_TOKEN>: A valid JWT authentication token (must have tenant admin privileges).

Access audit logs for the currently-authenticated user

Retrieve audit logs for the current user with the CLI

To retrieve audit logs for the currently-authenticated user, use the log-service audit get-self-logs subcommand:

chef-platform-auth-cli log-service audit get-self-logs \
  --from "<START_TIMESTAMP>" \
  --to "<END_TIMESTAMP>" \
  --order "<SORT_ORDER>" \
  --file-name "<OUTPUT_FILE_PATH>" \
  --profile <PROFILE_NAME>

Replace the following:

  • <START_TIMESTAMP> (optional): The start timestamp for log retrieval in ISO 8601 format, for example, 2025-10-09T00:00:00Z. Defaults to 1 hour ago.
  • <END_TIMESTAMP> (optional): The end timestamp for log retrieval in ISO 8601 format, for example, 2025-10-09T23:59:59Z. Defaults to the current time.
  • <SORT_ORDER> (optional): The sort order for log entries by timestamp. Use asc for oldest logs first or desc for newest logs first. Defaults to desc.
  • <OUTPUT_FILE_PATH> (optional): The path to the file to write the response body to, for example, my-audit-logs.json. If not specified, the output is written to stdout.
  • <PROFILE_NAME>: The name of the profile to use for authentication.

Retrieve audit logs for the current user with the API

To retrieve audit logs for the currently authenticated user, use the following API command:

curl -X GET "https://<YOUR_DOMAIN>/api/log-service/audit/self?from=<START_TIMESTAMP>&to=<END_TIMESTAMP>&order=<SORT_ORDER>" \
  -H "Authorization: Bearer <JWT_TOKEN>"

Replace the following:

  • <YOUR_DOMAIN>: Your Chef 360 Platform domain, for example, chef-platform.example.com.
  • <START_TIMESTAMP> (optional): The start timestamp in ISO 8601 format, for example, 2025-10-09T09:00:00Z. Defaults to 1 hour ago.
  • <END_TIMESTAMP> (optional): The end timestamp in ISO 8601 format, for example, 2025-10-09T12:00:00Z. Defaults to the current time.
  • <SORT_ORDER> (optional): The sort order for log entries. Use asc or desc, for example, desc. Defaults to desc.
  • <JWT_TOKEN>: A valid JWT authentication token.

More information

Thank you for your feedback!

×