> ## Documentation Index > Fetch the complete documentation index at: https://formbricks.com/docs/llms.txt > Use this file to discover all available pages before exploring further. # Audit Logging > Enable comprehensive audit logs for your Formbricks instance. Audit logs record **who** did **what**, **when**, **from where**, and **with what outcome** across your Formbricks instance. *** ## Benefits of audit logging * **Compliance readiness** — Many regulatory frameworks such as GDPR and SOC 2 require immutable records of user activity. * **Security investigation support** — Audit logs provide clear visibility into user and system actions, helping teams respond quickly and confidently during security incidents. * **Operational accountability** — Track changes across the system to answer common questions like "*who modified this?*" or "*when was this deleted?*". *** ## Enabling audit logging 1. Set the following environment variables in your deployment (Docker Compose, Kubernetes, etc.): ```bash title=".env" theme={null} # --- Audit logging --- AUDIT_LOG_ENABLED=1 AUDIT_LOG_GET_USER_IP=1 # set to 1 to include user IP address in audit logs, 0 to omit (default: 0) ``` 2. Redeploy your containers. 3. Confirm you can see audit logs in the output of your containers. Audit logs are printed to **stdout** as JSON Lines format, making them easily accessible through your container logs or log aggregation systems. *** ## Understanding the log format Audit logs are **JSON Lines** (one JSON object per line). A typical entry looks like this: ```json theme={null} {"level":"audit","time":1749207302158,"pid":20023,"hostname":"Victors-MacBook-Pro.local","name":"formbricks","actor":{"id":"cm90t4t7l0000vrws5hpo5ta5","type":"api"},"action":"created","target":{"id":"cmbkov4dn0000vrg72i7oznqv","type":"webhook"},"timestamp":"2025-06-06T10:55:02.145Z","organizationId":"cm8zovtbm0001vr3efa4n03ms","status":"success","ipAddress":"unknown","apiUrl":"http://localhost:3000/api/v1/webhooks","changes":{"id":"cmbkov4dn0000vrg72i7oznqv","name":"********","createdAt":"2025-06-06T10:55:02.123Z","updatedAt":"2025-06-06T10:55:02.123Z","url":"https://eoy8o887lmsqmhz.m.pipedream.net","source":"user","environmentId":"cm8zowv0b0009vr3ec56w2qf3","triggers":["responseCreated","responseUpdated","responseFinished"],"surveyIds":[]}} ``` Key fields: | Field | Description | | ---------------- | ----------------------------------------------------------------------------------------------------------------------------- | | `level` | Log level, always `"audit"` for audit events | | `time` | Unix timestamp in milliseconds | | `pid` | Process ID of the logging instance | | `hostname` | Hostname of the server generating the log | | `name` | Application name, typically `"formbricks"` | | `timestamp` | ISO‑8601 time of the action | | `actor` | User or API key responsible (object with `id` and `type`) | | `action` | Constant verb‑noun string (`survey.updated`, `login.failed`, …) | | `target` | The resource affected (object with `id` and `type`) | | `status` | `success` or `failure` | | `organizationId` | Organization identifier where the action occurred | | `ipAddress` | User IP address, present only if `AUDIT_LOG_GET_USER_IP=1`, otherwise `"unknown"` | | `apiUrl` | (Optional) API endpoint URL if the logs was generated through an API call | | `eventId` | (Optional) Available on error logs. You can use it to refer to the system log with this eventId for more details on the error | | `changes` | (Optional) Only the fields that actually changed (sensitive values redacted) | *** ## Centralized logging and compliance Formbricks audit logs are designed to work with modern centralized logging architectures: * **Stdout delivery**: Logs are written to stdout for immediate collection by log forwarding agents * **Centralized integrity**: Log integrity and immutability are handled by your centralized logging platform (ELK Stack, Splunk, CloudWatch, etc.) * **Platform-level security**: Access controls and tamper detection are provided by your logging infrastructure * **SOC2 compliance**: Most SOC2 auditors accept centralized logging without application-level integrity mechanisms ## Additional details * **Redacted secrets:** Sensitive fields (e‑mails, access tokens, passwords…) are replaced with `"********"` before being written. * **Failure events count:** Both successful *and* failed operations are logged. * **Single source of truth:** The same logs power the `Formbricks` UI and API endpoints. * **Scope limitation:** For now, **only events triggered inside the `Formbricks` application** are audited. This means: * **Embed and Link Surveys** are **not** included in the audit logs. * **Survey responses** created via the client API or client-side SDKs are **not** audited. ***