# Audit logging

The Arcwise admin panel exposes a [Logs tab](https://admin.arcwise.app/#/event_history) which shows relevant changes to warehouse connections, API integrations, user roles, and more. Audit logs can also be exported as a CSV.

<figure><img src="https://803372693-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FlIfwCAQgoIa97JJYtlXQ%2Fuploads%2FBNhd0MC920W2266XcbTS%2FCleanShot%202024-01-10%20at%2016.32.58%402x.png?alt=media&#x26;token=3fd04761-61f6-429c-99cd-ea4e0fab6553" alt=""><figcaption></figcaption></figure>

### Logged events

Here is a (non-complete) list of events currently logged by Arcwise:

<table><thead><tr><th width="293">Event / Action</th><th>Description</th></tr></thead><tbody><tr><td>reindex_warehouse_all</td><td>Occurs nightly when Arcwise automatically re-indexes your warehouse. A failure event will be logged if any errors are encountered.</td></tr><tr><td>create_warehouse_connection<br>update_warehouse_connection</td><td>Logged when a new warehouse connection is created or one is updated.</td></tr><tr><td>create_role<br>delete_role<br>edit_role</td><td>Logged when a new user is added, deleted, or their permissions are edited</td></tr><tr><td>create_token<br>delete_token</td><td>Logged when a Personal Access Token is created or deleted by a user.</td></tr></tbody></table>

### Accessing audit logs via API

Arcwise's audit logs can be accessed via API. First, you'll need an administrator to create an API key ("personal access token").

#### Obtaining a Personal Access Token

1. Log into <https://admin.arcwise.app/>
2. Click your email / initials at the top right and select "My profile".

   <div align="left"><figure><img src="https://803372693-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FlIfwCAQgoIa97JJYtlXQ%2Fuploads%2F4D7WSPHhT2ERwAguwzdL%2FCleanShot%202024-01-30%20at%2010.05.20%402x.png?alt=media&#x26;token=10a1b800-f915-460b-92b0-423e86f3aeab" alt="" width="282"><figcaption></figcaption></figure></div>
3. Scroll down to the "Personal Access Tokens" section and click "+ Create"

   <div align="left"><figure><img src="https://803372693-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FlIfwCAQgoIa97JJYtlXQ%2Fuploads%2Fs2xdTrwsg1I1w6NlLAiA%2FCleanShot%202024-01-30%20at%2010.06.24%402x.png?alt=media&#x26;token=29411402-1e2b-4d9e-a425-26f95ac78a0a" alt="" width="375"><figcaption></figcaption></figure></div>
4. Provide a name for your token (e.g. "audit\_logs") and hit "Save". Your new token should now appear in the table. Click the "copy" or "view" buttons to obtain your API token and save it to a secure location.\
   ![](https://803372693-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FlIfwCAQgoIa97JJYtlXQ%2Fuploads%2FWo88XkAkzcxkgaQHz5OY%2FCleanShot%202024-01-30%20at%2010.08.32%402x.png?alt=media\&token=e58c779a-719b-414b-856e-6a083765ac70)<br>
5. At any time, you can click the delete button to permanently revoke a token, at which point it will immediately lose access to Arcwise.

#### Make an HTTP request to access the event logs

Now, you can make a HTTP GET request to <https://backend.arcwise.app/api/event_history> to obtain a JSON list of all log entries within a certain timeframe.

* Set the `Authorization` header to `Bearer: <your personal access token>` to   authenticate with this endpoint.
* You can optionally pass in the following query parameters through the URL:

| Parameter        | Description                                                                                  |
| ---------------- | -------------------------------------------------------------------------------------------- |
| `from_timestamp` | A UNIX timestamp or ISO date/time string to specify the start time for retrieved event logs. |
| `to_timestamp`   | A UNIX timestamp or ISO date/time string to specify the end time for retrieved event logs.   |
| `limit`          | An integer indicating the maximum number of logs to return. (Default: 1000)                  |

* The output will be a JSON list where each entry is an object with the following keys:

<table><thead><tr><th width="210">Key</th><th>Description</th></tr></thead><tbody><tr><td><code>event</code></td><td>Name of the event (e.g. <code>add_role</code>, <code>edit_role</code>, <code>delete_role</code>)</td></tr><tr><td><code>message</code></td><td>A description of the event with more details. (may be null)</td></tr><tr><td><code>timestamp</code></td><td>The UNIX timestamp when the event took place.</td></tr><tr><td><code>severity</code></td><td>One of <code>info</code>, <code>warning</code>, or <code>error</code>.</td></tr><tr><td><code>user_id</code></td><td>The Arcwise user ID that initiated the event (may be null)</td></tr></tbody></table>

**Example cURL API request/response**

```basic
# Request
curl 'https://backend.arcwise.app/api/event_history?limit=1&from_timestamp=1700000000' \
  -H 'Authorization: Bearer 12345678-9012-3456-7890-123456789012' -X GET

# Response: 200 OK
[
  {
    "event": "create_token",
    "timestamp": 1706599957,
    "severity": "info",
    "message": "User 0000-1111-2222 created personal access token 3333-4444-5555",
    "user_id": "0000-1111-2222"
  }
]
```