What gets logged
Layer automatically records events across these categories:
Each event captures:
- Who — the user (or system process) that performed the action, including their email and IP address.
- What — the event type, category, action, and whether it succeeded or failed.
- What it affected — the resource type, identifier, and a human-readable path.
- When — a UTC timestamp.
- Context — free-form metadata such as old and new values, affected scopes, or error details.
View the audit log
Go to Settings → Audit log in your Layer dashboard. The log displays the most recent events first and includes columns for time, action, resource, actor, and details. You can filter events by:- Action — narrow to a specific event type (e.g.
integration.connected). - Search — free-text search across action names, resource types, and resource identifiers.
Event types
The following event types are currently tracked. New event types are added as Layer features expand.Integration events
Integration events
Asset events
Asset events
User events
User events
Other events
Other events
Data retention
Audit log entries are retained for six years in accordance with HIPAA requirements. Entries cannot be edited or deleted by any user — only automated retention processes remove records after the retention period expires.Permissions
All members of your organization can view the audit log. Only the application layer (running with elevated privileges) can write new events. No user can insert, update, or delete audit log entries directly.The audit log is designed for compliance and investigations. If you need to export audit data for a specific review, use the CSV export on the Settings → Audit log page or contact support@axiomancer.io for bulk export assistance.