mirror/formbricks
1
0
Fork 0
mirror of https://github.com/formbricks/formbricks.git synced 2026-05-08 02:43:06 -05:00
Code Issues Packages Projects Releases 171 Wiki Activity
Files
bbdc6da6348948a58f5932e20299b3b840e12b7c
formbricks/docs/self-hosting/advanced/enterprise-features/audit-logging.mdx
T
Johannes 654539d320 fix: removed dead menu item & theme import (#7909) 
Co-authored-by: Dhruwang <dhruwangjariwala18@gmail.com>
2026-04-30 08:09:40 +00:00

87 lines
4.5 KiB
Plaintext
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
---
title: Audit Logging
sidebarTitle: Audit Logging
description: Enable comprehensive audit logs for your Formbricks instance.
icon: file-shield
---
Audit logs record **who** did **what**, **when**, **from where**, and **with what outcome** across your Formbricks instance.
---
## Benefits of audit logging
- **Compliance readiness** — Many regulatory frameworks such as GDPR and SOC 2 require immutable records of user activity.
- **Security investigation support** — Audit logs provide clear visibility into user and system actions, helping teams respond quickly and confidently during security incidents.
- **Operational accountability** — Track changes across the system to answer common questions like "_who modified this?_" or "_when was this deleted?_".
---
## Enabling audit logging
1. Set the following environment variables in your deployment (Docker Compose, Kubernetes, etc.):
```bash title=".env"
# --- Audit logging ---
AUDIT_LOG_ENABLED=1
AUDIT_LOG_GET_USER_IP=1 # set to 1 to include user IP address in audit logs, 0 to omit (default: 0)
```
2. Redeploy your containers.
3. Confirm you can see audit logs in the output of your containers.
Audit logs are printed to **stdout** as JSON Lines format, making them easily accessible through your container logs or log aggregation systems.
---
## Understanding the log format
Audit logs are **JSON Lines** (one JSON object per line). A typical entry looks like this:
```json
{"level":"audit","time":1749207302158,"pid":20023,"hostname":"Victors-MacBook-Pro.local","name":"formbricks","actor":{"id":"cm90t4t7l0000vrws5hpo5ta5","type":"api"},"action":"created","target":{"id":"cmbkov4dn0000vrg72i7oznqv","type":"webhook"},"timestamp":"2025-06-06T10:55:02.145Z","organizationId":"cm8zovtbm0001vr3efa4n03ms","status":"success","ipAddress":"unknown","apiUrl":"http://localhost:3000/api/v1/webhooks","changes":{"id":"cmbkov4dn0000vrg72i7oznqv","name":"********","createdAt":"2025-06-06T10:55:02.123Z","updatedAt":"2025-06-06T10:55:02.123Z","url":"https://eoy8o887lmsqmhz.m.pipedream.net","source":"user","environmentId":"cm8zowv0b0009vr3ec56w2qf3","triggers":["responseCreated","responseUpdated","responseFinished"],"surveyIds":[]}}
```
Key fields:
| Field | Description |
|-------|-------------|
| `level` | Log level, always `"audit"` for audit events |
| `time` | Unix timestamp in milliseconds |
| `pid` | Process ID of the logging instance |
| `hostname` | Hostname of the server generating the log |
| `name` | Application name, typically `"formbricks"` |
| `timestamp` | ISO8601 time of the action |
| `actor` | User or API key responsible (object with `id` and `type`) |
| `action` | Constant verbnoun string (`survey.updated`, `login.failed`, …) |
| `target` | The resource affected (object with `id` and `type`) |
| `status` | `success` or `failure` |
| `organizationId` | Organization identifier where the action occurred |
| `ipAddress` | User IP address, present only if `AUDIT_LOG_GET_USER_IP=1`, otherwise `"unknown"` |
| `apiUrl` | (Optional) API endpoint URL if the logs was generated through an API call |
| `eventId` | (Optional) Available on error logs. You can use it to refer to the system log with this eventId for more details on the error |
| `changes` | (Optional) Only the fields that actually changed (sensitive values redacted) |
---
## Centralized logging and compliance
Formbricks audit logs are designed to work with modern centralized logging architectures:
- **Stdout delivery**: Logs are written to stdout for immediate collection by log forwarding agents
- **Centralized integrity**: Log integrity and immutability are handled by your centralized logging platform (ELK Stack, Splunk, CloudWatch, etc.)
- **Platform-level security**: Access controls and tamper detection are provided by your logging infrastructure
- **SOC2 compliance**: Most SOC2 auditors accept centralized logging without application-level integrity mechanisms
## Additional details
- **Redacted secrets:** Sensitive fields (emails, access tokens, passwords…) are replaced with `"********"` before being written.
- **Failure events count:** Both successful *and* failed operations are logged.
- **Single source of truth:** The same logs power the `Formbricks` UI and API endpoints.
- **Scope limitation:** For now, **only events triggered inside the `Formbricks` application** are audited. This means:
- **Embed and Link Surveys** are **not** included in the audit logs.
- **Survey responses** created via the client API or client-side SDKs are **not** audited.
---
Reference in New Issue View Git Blame Copy Permalink