Skip to main content
The audit log records every significant action in your Layer workspace — integration connections, asset changes, user role updates, data exports, and more. Every entry is scoped to your organization and immutable once written, so you have a tamper-proof trail for security investigations, compliance audits, and internal reviews.

What gets logged

Layer automatically records events across these categories:
CategoryExample events
IntegrationsConnected, disconnected, sync started, sync completed, sync failed, re-auth required
AssetsCreated, updated, deleted
UsersInvited, role changed, removed
ContractsUploaded
ExportsCSV generated
WorkspaceSettings changed
Each event captures:
  • Who — the user (or system process) that performed the action, including their email and IP address.
  • What — the event type, category, action, and whether it succeeded or failed.
  • What it affected — the resource type, identifier, and a human-readable path.
  • When — a UTC timestamp.
  • Context — free-form metadata such as old and new values, affected scopes, or error details.

View the audit log

Go to Settings → Audit log in your Layer dashboard. The log displays the most recent events first and includes columns for time, action, resource, actor, and details. You can filter events by:
  • Action — narrow to a specific event type (e.g. integration.connected).
  • Search — free-text search across action names, resource types, and resource identifiers.

Event types

The following event types are currently tracked. New event types are added as Layer features expand.
Event typeDescription
integration.connectedA new integration was connected
integration.disconnectedAn integration was removed
integration.sync_startedA sync cycle began
integration.sync_completedA sync cycle finished successfully
integration.sync_failedA sync cycle failed
integration.reauth_requiredAn integration needs re-authorization
Event typeDescription
asset.createdA new asset was added to the inventory
asset.updatedAn asset record was modified
asset.deletedAn asset was removed from the inventory
Event typeDescription
user.invitedA new user was invited to the workspace
user.role_changedA user’s role was changed
user.removedA user was removed from the workspace
Event typeDescription
contract.uploadedA contract document was uploaded
export.csv_generatedA CSV export was generated
workspace.settings_changedWorkspace settings were modified

Data retention

Audit log entries are retained for six years in accordance with HIPAA requirements. Entries cannot be edited or deleted by any user — only automated retention processes remove records after the retention period expires.

Permissions

All members of your organization can view the audit log. Only the application layer (running with elevated privileges) can write new events. No user can insert, update, or delete audit log entries directly.
The audit log is designed for compliance and investigations. If you need to export audit data for a specific review, use the CSV export on the Settings → Audit log page or contact support@axiomancer.io for bulk export assistance.