Skip to main content
The audit log records every significant action in your Layer workspace — integration connections, asset changes, user role updates, data exports, and more. Every entry is scoped to your organization and immutable once written, so you have a tamper-proof trail for security investigations, compliance audits, and internal reviews.

What gets logged

Layer automatically records events across these categories: Each event captures:
  • Who — the user (or system process) that performed the action, including their email and IP address.
  • What — the event type, category, action, and whether it succeeded or failed.
  • What it affected — the resource type, identifier, and a human-readable path.
  • When — a UTC timestamp.
  • Context — free-form metadata such as old and new values, affected scopes, or error details.

View the audit log

Go to Settings → Audit log in your Layer dashboard. The log displays the most recent events first and includes columns for time, action, resource, actor, and details. You can filter events by:
  • Action — narrow to a specific event type (e.g. integration.connected).
  • Search — free-text search across action names, resource types, and resource identifiers.

Event types

The following event types are currently tracked. New event types are added as Layer features expand.

Data retention

Audit log entries are retained for six years in accordance with HIPAA requirements. Entries cannot be edited or deleted by any user — only automated retention processes remove records after the retention period expires.

Permissions

All members of your organization can view the audit log. Only the application layer (running with elevated privileges) can write new events. No user can insert, update, or delete audit log entries directly.
The audit log is designed for compliance and investigations. If you need to export audit data for a specific review, use the CSV export on the Settings → Audit log page or contact support@axiomancer.io for bulk export assistance.