Skip to main content

ZITADEL's In-built Audit Trail

ZITADEL provides you with an built-in audit trail to track all changes and events over an unlimited period of time. Most other solutions replace a historic record and track changes in a separate log when information is updated. ZITADEL only ever appends data in an Eventstore, keeping all historic record. The audit trail itself is identical to the state, since ZITADEL calculates the state from all the past changes.

Example of events that happen for a profile change and a login

This form of audit log has several benefits over storing classic audit logs. You can view past data in-context of the whole system at a single point in time. Reviewing a past state of the application can be important when tracing an incident that happened months back. Moreover the eventstore provides a truly complete and clean audit log.

Future Plans

There will be three major areas for future development on the audit data

Accessing the Audit Log

Last changes of an object

You can check the last changes of most objects in the Console. In the following screenshot you can see an example of last changes on an user. The same view is available on several other objects such as organization or project.

Profile Self Manage

Event View

Administrators can see all events across an instance and filter them directly in Console. Go to your default settings and then click on the Tab Events to open the Event Viewer or browse to $CUSTOM-DOMAIN/ui/console/events

Event viewer

Event API

Since everything that is available in Console can also be called with our APIs, you can access all events and audit data trough our APIs:

Access to the API is possible with a Service User account, allowing you to integrate the events with your own business logic.

Using logs in external systems

You can use the events from the audit log in external systems such as a SOC/SIEM solution.

Follow our guide on how to integrate ZITADEL with external systems for streaming events and audit logs.