Read your audit log

Audit log records every meaningful action: logins, role changes, impersonation, API key activity. Filter, export CSV, retain per plan.

Written By Salvatore Sinigaglia

Last updated About 5 hours ago

Audit log records every meaningful action: logins, role changes, impersonation, API key activity. Filter, export CSV, retain per plan.

Read your audit log

The audit log tracks every meaningful action in your workspace: logins, role changes, member invites, impersonation, API key creation, settings changes, campaign actions. View at Settings β†’ Team β†’ Audit Log. Filter by date, action, user, or resource. Export to CSV. Retention depends on your plan.

Who is this for

Admins running monthly security reviews, owners investigating an incident, compliance officers preparing for an audit, anyone diagnosing "who changed what when".

What gets logged

Action names use dot-notation (e.g. member.role-change, campaign.publish, rule.create), not underscores. The audit log captures actions such as:

CategoryExample action names
Team managementmember.role-change, member.status-change, member.remove, invite.create, invite.cancel, team.transfer-ownership
Impersonationadmin.impersonate.start, admin.impersonate.stop
Campaignscampaign.publish, campaign.toggle, campaign.budget_edit, campaign.duplicate, campaign.multi_publish
Rulesrule.create, rule.delete, rule.toggle, rule.duplicate
Billingsubscription.cancel, subscription.reactivate
Deletion lifecycleteam.delete-schedule, team.cancel-deletion

Read-only actions (viewing a page, opening a campaign) are not logged β€” that would create too much noise. Only meaningful mutations are recorded.

Log entry schema

Each entry in the audit_log table has:

{  "id": "uuid",  "user_id": "uuid",         // who triggered the action  "owner_id": "uuid",        // workspace owner (for org-level filter)  "action": "string",        // dot-notation, e.g. "member.role-change", "campaign.publish"  "resource_type": "string", // e.g. "team_membership", "campaign"  "resource_id": "string",   // ID of the affected resource  "metadata": {},            // JSON detail (old/new values, params)  "ip_address": "string",  "user_agent": "string",  "product": "wevion",       // brand for cross-product debugging  "created_at": "timestamp"}

Indexes: (owner_id, created_at desc), (user_id, created_at desc), (action) for fast filtering.

How to view the log

Step 1: Open the audit log page

Navigate to Settings β†’ Team β†’ Audit Log (URL: /settings/team/audit-log).

Step 2: Browse recent entries

The page loads the most recent 50 entries by default. Each row shows:

  • Timestamp (in workspace TZ, toggle to UTC)
  • User (avatar + name + email)
  • Action (dot-notation, e.g. member.role-change, campaign.publish)
  • Resource (type + ID + name when available)
  • IP / location (from IP)
  • Expand arrow to see full metadata JSON

Step 3: Apply filters

Top of the page:

  • Date range (last 7 days / 30 days / 90 days / custom)
  • Action (multi-select from known action types)
  • User (multi-select from workspace members)
  • Resource type (multi-select)
  • Free-text search in metadata

Combine for "Who changed roles in the last 30 days?":

  • Action = member.role-change
  • Date range = last 30 days

For "What did Sara do yesterday?":

  • User = Sara
  • Date range = yesterday

Step 4: Pagination

50 per page. Use prev/next or jump to date. For longer scrolls, use CSV export.

Export to CSV

Click Export CSV at top-right. Choose:

  • Current filter result (whatever filter is applied)
  • Full date range (override filter)
  • Specific date range (custom picker)

Wevion calls GET /api/v1/audit-log/export and streams a CSV download. Columns:

id, timestamp, user_id, user_email, action, resource_type, resource_id,metadata, ip_address, user_agent

Useful for spreadsheet analysis, regulatory submission, or feeding into your SIEM.

Export is rate-limited (large workspaces with millions of entries should chunk by date).

Retention

Audit log retention depends on your plan. Check /settings/team/billing for your current retention window. Pro and Enterprise plans typically have longer windows than Starter. Enterprise can negotiate custom retention.

After retention window:

  • Entries are deleted from the active database
  • Backups may retain copies per standard backup policy

If you need long-term retention for compliance, export regularly to your own storage.

Common investigation patterns

"Who paused my campaign last night?"

  1. Filter: Action = campaign.toggle, Date range = yesterday
  2. Find the entry; user column = who, metadata = which campaign + IP

"Has anyone impersonated recently?"

  1. Filter: Action = admin.impersonate.start
  2. Each entry shows who started impersonation and the target user

"Trace a role change chain"

  1. Filter: Action = member.role-change, User = the affected user
  2. Returns a chronological list of all role changes on that user
  3. Metadata shows the previous and new role progression

What's NOT logged

For pragmatism + scale:

  • Read operations on UI (page views, dashboard loads)
  • Wavo chat messages (separate logging for AI conversations)
  • Real-time data sync events from ad platforms (only failures are logged)
  • Frontend-only state changes (UI prefs, filter selections)

If you need richer logging for an Enterprise compliance need, talk to your CSM about custom audit configuration.

Special: impersonation entries

Starting and stopping impersonation are recorded as admin.impersonate.start and admin.impersonate.stop, targeting the impersonated user. Actions taken during an impersonation session are attributed so you can see who acted and on whose behalf. Filter by admin.impersonate.start to review impersonation activity.

What you'll see

A typical audit log session for a healthy workspace:

  • Lots of routine entries: campaign edits, rule firings, member logins
  • Occasional configuration changes: role updates, integration connects
  • Rare sensitive events: ownership transfers, impersonation sessions, API key creates

If you see entries that surprise you (unexpected role changes, unfamiliar IPs, unrequested impersonation), investigate immediately.

Common issues

  • Page slow to load: large workspace with millions of entries. Narrow the date range first.
  • Missing entries I expected to see: check the action type filter; some sub-actions are logged under different action names.
  • Export CSV times out: split into smaller date ranges and concatenate.
  • Entry shows action with no description: legacy entry from a previous Wevion version. Look at metadata for context.
  • Timestamps look wrong: switch between workspace TZ and UTC; verify your workspace TZ is correct (team-106).
  • Cannot see entries from a workspace I left: by design β€” removed members lose visibility of that workspace's audit log.

Compliance use cases

  • GDPR: subject access requests can be answered with filtered exports per user
  • SOC 2: audit log feeds SOC 2 evidence requirements (logged access, logged changes)
  • HIPAA / similar: depending on data flowing through Wevion, may apply β€” talk to your CSM
  • Internal audits: monthly export + review covers most internal audit needs

FAQ

Where do I find the audit log in Wevion?

Open the audit log at Settings β†’ Team β†’ Audit Log (/settings/team/audit-log). Wevion's audit log tracks meaningful actions in your workspace β€” role changes, member invites, impersonation start/stop, campaign and rule actions, and subscription changes β€” with dot-notation action names like member.role-change and campaign.publish. The page loads the most recent entries by default, each showing timestamp, user, action, and affected resource.

Can I export the Wevion audit log to CSV?

Yes. Click Export CSV at the top-right of the audit log page and choose the current filter result, the full date range, or a specific custom date range. Wevion streams a CSV download with columns such as id, timestamp, user_email, action, and resource_type. Export is rate-limited, so large workspaces should chunk by date.

Are page views recorded in Wevion's audit log?

No. Wevion's audit log records only mutations and sensitive reads β€” read-only actions like viewing a page or opening a campaign are not logged, to avoid noise. Wavo chat messages, frontend-only state changes, and successful real-time sync events are also excluded; only sync failures get recorded.

How long are audit log entries kept?

Audit log retention depends on your plan β€” check /settings/team/billing for your current retention window, with Pro and Enterprise plans typically longer than Starter. After the window, entries are deleted from the active database. If you need long-term retention for compliance, export to CSV regularly to your own storage.