> ## Documentation Index
> Fetch the complete documentation index at: https://docs.withorb.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Audit logs

<Info>
  Audit logs are currently available in **private preview**. Contact your Orb representative to enable this feature for your account.
</Info>

Audit logs provide a comprehensive record of actions taken within your Orb account, helping you maintain security compliance, investigate incidents, and meet regulatory requirements.

## What audit logs capture

Each audit log entry records detailed information about an action performed in Orb:

| Field           | Description                                                                             |
| :-------------- | :-------------------------------------------------------------------------------------- |
| **Action**      | The specific operation performed (e.g., `customer.created`, `subscription.cancelled`)   |
| **Occurred at** | Timestamp of when the action took place                                                 |
| **Actor**       | Who performed the action, including their type (e.g., `api_key`, `user`) and identifier |
| **Targets**     | The resources affected by the action (e.g., customer ID, subscription ID)               |
| **Context**     | Request metadata including IP address and user agent                                    |
| **Environment** | Whether the action occurred in live mode or test mode                                   |

### Tracked actions

Audit logs are generated for:

* **Authentication events**: User logins and provisioning events
* **Write operations**: Create, update, and delete actions across core Orb resources including customers, subscriptions, invoices, plans, and metrics

### Sample audit log event

```json theme={null}
{
  "action": "subscription.cancelled",
  "occurred_at": "2025-01-15T14:30:00Z",
  "actor": {
    "type": "api_key",
    "id": "api_key_12345",
    "name": "Production API Key"
  },
  "targets": [
    {
      "type": "subscription",
      "id": "sub_abc123"
    }
  ],
  "context": {
    "location": "192.0.2.1",
    "user_agent": "orb-python/1.0.0"
  },
  "metadata": {
    "account_id": "acct_xyz789",
    "environment": "live"
  }
}
```

## Data privacy

Audit logs capture metadata about actions, not the content of those actions. Specifically, API request and response bodies are **not** included in audit log entries. This ensures sensitive customer data remains protected while still providing a complete audit trail of operations.

## SIEM integration

Audit logs can be streamed in real-time to your Security Information and Event Management (SIEM) provider of choice. This allows you to:

* Centralize security monitoring across all your systems
* Set up alerts for suspicious activity
* Correlate Orb events with other security data
* Meet compliance requirements for log aggregation

Contact your Orb representative to configure streaming to your SIEM provider.

## Retention

Audit log retention is configurable based on your compliance and operational needs. Work with your Orb representative to set up a retention policy that meets your requirements.
