> ## Documentation Index
> Fetch the complete documentation index at: https://docs.replit.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Audit Logs

> Track and monitor security-relevant actions in your Replit Enterprise organization with comprehensive audit logs and SIEM integration.

## Introduction

<Note>
  Audit logs are available exclusively for Enterprise customers. Contact our sales team at [sales@replit.com](mailto:sales@replit.com) to enable this feature for your organization.
</Note>

Audit logs provide a detailed record of security-relevant actions within your Replit organization. They allow you to track who did what, when, and where — giving your security and compliance teams the visibility they need to monitor and investigate activity.

Replit's audit log system is powered by [WorkOS](https://workos.com/), ensuring enterprise-grade reliability and security for log storage, retrieval, and streaming.

## Key Features

<CardGroup cols={2}>
  <Card title="Comprehensive Event Tracking" icon="list-check">
    Monitor user lifecycle events including provisioning, deprovisioning, invitations, and role changes
  </Card>

  <Card title="Audit Log Portal" icon="magnifying-glass">
    Search, filter, and review audit events through a dedicated log viewer portal
  </Card>

  <Card title="SIEM Integration" icon="arrow-right-arrow-left">
    Stream audit logs in real time to your existing security tools via log streaming
  </Card>

  <Card title="Admin-Only Access" icon="shield">
    Only organization admins can view audit logs and configure streaming, keeping your security data protected
  </Card>
</CardGroup>

## Getting Started

<Steps>
  <Step title="Enable Audit Logs">
    Navigate to **Settings** > **Advanced** > **Audit Logs** and select **Enable audit logs**. You must be an organization admin to enable this feature.

    <Warning>
      Audit logs are supported for single-workspace accounts only. Enabling audit logs will disable additional workspace creation for your organization.
    </Warning>
  </Step>

  <Step title="View Audit Logs">
    Once enabled, select **View audit logs** to open the audit log portal
  </Step>

  <Step title="Set Up SIEM Integration (Optional)">
    Select **Set up SIEM integration** to configure real-time log streaming to your security tools
  </Step>
</Steps>

## Tracked Events

Audit logs capture security-relevant events across your organization, including user lifecycle actions such as provisioning, deprovisioning, and invitation management. The set of tracked events is actively expanding.

For a full list of currently tracked events, contact your Replit account representative or reach out to [sales@replit.com](mailto:sales@replit.com).

<Note>
  Audit log events are designed with privacy in mind. Only customer-facing identifiers like email addresses and organization slugs are recorded — internal system IDs are never exposed.
</Note>

## Viewing Audit Logs

To view your organization's audit logs:

1. Go to **Settings** > **Advanced**
2. In the **Audit Logs** section, select **View audit logs**
3. The audit log portal opens, where you can search, filter, and review events

The portal provides:

* **Search** — Find specific events by keyword
* **Filters** — Narrow results by event type, date range, actor, or target
* **Export** — Download log data for offline analysis or compliance reporting

## SIEM Integration

SIEM (Security Information and Event Management) integration allows you to stream audit log events in real time to your existing security tools. This is useful for:

* Centralizing security monitoring across all your enterprise tools
* Setting up automated alerts based on audit log patterns
* Meeting compliance requirements for log retention and analysis

### Setting Up Log Streaming

1. Go to **Settings** > **Advanced**
2. In the **Audit Logs** section, select **Set up SIEM integration**
3. The log streaming configuration portal opens
4. Follow the instructions to connect your SIEM provider

Replit supports streaming to any destination compatible with WorkOS Log Streams, including:

* **Datadog**
* **Splunk**
* **Amazon S3**
* **Generic HTTP endpoint (webhook)**

<Note>
  Log streaming is configured through the WorkOS portal. Changes to your streaming configuration take effect immediately.
</Note>

## FAQs

### Who can view audit logs?

Only organization admins can access audit logs and configure SIEM integration. Non-admin members do not have access to any audit log data.

### Do I need SCIM enabled to use audit logs?

No. SCIM is not required to use audit logs. However, if your organization has [SCIM](/teams/identity-and-access-management/scim) configured, audit logs will also capture SCIM-related user lifecycle events such as provisioning and deprovisioning.

### What happens if an audit log event fails to record?

Audit log recording is designed to never interfere with the underlying operation. If an event fails to be recorded, the original action (such as user provisioning) still completes successfully. Failed events are logged internally for investigation.

### How long are audit logs retained?

Audit log retention is managed through WorkOS. By default, logs are retained in the audit log portal for viewing and search. For longer retention, set up SIEM integration to stream logs to your own storage.

### Can I export audit logs?

Yes. You can export audit log data directly from the audit log portal or by configuring a SIEM integration to stream events to your preferred storage destination.

## Related Resources

<CardGroup cols={2}>
  <Card title="SCIM" icon="key" href="/teams/identity-and-access-management/scim">
    Set up automated user provisioning with SCIM integration
  </Card>

  <Card title="SAML SSO" icon="lock" href="/teams/identity-and-access-management/saml">
    Configure single sign-on authentication for your organization
  </Card>

  <Card title="Groups & Permissions" icon="shield" href="/teams/identity-and-access-management/groups-and-permissions">
    Manage user roles and access controls
  </Card>

  <Card title="Enterprise Privacy Settings" icon="eye-slash" href="/teams/enterprise-privacy-settings">
    Configure organization-wide privacy and security settings
  </Card>
</CardGroup>