Audit Log
Immutable, searchable audit trail of every significant action in your organization.
Every significant action on Drok is recorded in an immutable audit log. Who did what, when, and from where — for every repository change, permission modification, authentication event, and administrative action.
Viewing the Audit Log
Web Interface
Navigate to Organization Settings > Audit Log. The log displays events in reverse chronological order with filtering and search.
CLI
drok audit-log my-org
drok audit-log my-org --since 2024-01-01 --until 2024-01-31
drok audit-log my-org --actor @alice
drok audit-log my-org --action "repo.*"API
curl "https://drok.us/api/v1/orgs/my-org/audit-log?per_page=100" \
-H "Authorization: Bearer $Drok_TOKEN"Event Categories
Repository Events
| Event | Description |
|---|---|
repo.create | Repository created |
repo.delete | Repository deleted |
repo.visibility_change | Repository visibility changed |
repo.transfer | Repository transferred to another owner |
repo.archive | Repository archived or unarchived |
repo.settings_change | Repository settings modified |
Access Events
| Event | Description |
|---|---|
access.collaborator_add | Collaborator added to repository |
access.collaborator_remove | Collaborator removed from repository |
access.permission_change | Permission level changed |
access.team_repo_add | Team granted repository access |
access.team_repo_remove | Team repository access revoked |
Authentication Events
| Event | Description |
|---|---|
auth.login | User login (method: password, SSO, token) |
auth.login_failure | Failed login attempt |
auth.logout | User logout |
auth.token_create | Personal access token created |
auth.token_revoke | Personal access token revoked |
auth.ssh_key_add | SSH key added |
auth.ssh_key_remove | SSH key removed |
Organization Events
| Event | Description |
|---|---|
org.member_add | Member added to organization |
org.member_remove | Member removed from organization |
org.role_change | Member role changed |
org.team_create | Team created |
org.team_delete | Team deleted |
org.sso_configure | SSO configuration changed |
org.settings_change | Organization settings modified |
Security Events
| Event | Description |
|---|---|
security.branch_protection_change | Branch protection rule modified |
security.secret_create | Pipeline secret created |
security.secret_delete | Pipeline secret deleted |
security.vulnerability_detected | Security vulnerability found in package |
Event Format
Each audit log entry contains:
{
"id": "evt_01H8XYZABC123",
"timestamp": "2024-03-15T14:30:22Z",
"actor": {
"id": "usr_01H8ABC",
"username": "alice",
"ip_address": "203.0.113.42"
},
"action": "repo.visibility_change",
"target": {
"type": "repository",
"id": "repo_01H8XYZ",
"name": "my-org/my-repo"
},
"details": {
"old_visibility": "private",
"new_visibility": "public"
},
"user_agent": "drok-cli/1.4.2",
"geo": {
"country": "US",
"region": "MA",
"city": "Boston"
}
}Filtering and Search
Filter by Actor
drok audit-log my-org --actor @aliceFilter by Action
drok audit-log my-org --action "repo.*"
drok audit-log my-org --action "auth.login_failure"Filter by Target
drok audit-log my-org --target repo:my-org/my-repo
drok audit-log my-org --target team:my-org/backendFilter by Date Range
drok audit-log my-org --since 2024-03-01 --until 2024-03-31Full-Text Search
drok audit-log my-org --search "visibility_change"Retention
| Plan | Retention |
|---|---|
| Free | 30 days |
| Pro | 180 days |
| Organization | 1 year |
| Enterprise | Unlimited |
Export
Export audit logs for external analysis or compliance:
# JSON export
drok audit-log my-org --since 2024-01-01 --format json > audit-2024.json
# CSV export
drok audit-log my-org --since 2024-01-01 --format csv > audit-2024.csvStreaming Export
For real-time audit log streaming to external SIEM systems:
drok org edit my-org \
--audit-stream-url "https://your-siem.com/ingest" \
--audit-stream-token "your-token"Drok streams audit events via HTTPS POST as they occur, with at-least-once delivery guarantees.
Immutability
Audit log entries are append-only. They cannot be modified or deleted by any user, including organization owners. This guarantees that the audit trail is a faithful record of all actions taken on the platform.