What Gets Logged

Authentication Actions:

  • Login (email and Google OAuth)
  • Logout
  • Failed login attempts
  • MFA setup, verification, and backup code usage

Content Actions:

  • Content created
  • Content updated
  • Content deleted
  • Content published
  • Content unpublished

Brief Actions:

  • Brief created
  • Brief updated
  • Brief deleted
  • Brief generated (AI content generation)

Approval Workflow Actions:

  • Submitted for approval
  • Approved
  • Rejected
  • Requested changes
  • Approval cancelled

Settings Changes:

  • Settings updated
  • Connector created/updated/deleted
  • API key created/revoked

Team Management:

  • User invited
  • User removed
  • Role changed

Data Export/Import:

  • Data exported (CSV, JSON, PDF)
  • Data imported

What's Captured in Each Log Entry

User Attribution:

  • User email (preserved even if user deleted)
  • User role at time of action
  • IP address (tracks original client IP, not proxy)
  • User agent (browser/device information)

Action Details:

  • Action type (create, update, delete, etc.)
  • Resource type (content, brief, connector, etc.)
  • Resource ID and human-readable name
  • Request path and HTTP method

Context & Changes:

  • Details JSON field (before/after values for updates)
  • Metadata (workflow stage, export format, etc.)
  • Status (success, failure, denied)
  • Error message (if action failed)

Timestamp:

  • Created timestamp (auto-set, immutable, indexed)

Viewing Audit Logs

Navigate: Settings → Audit Logs

Dashboard View:

  • Recent activity timeline (last 7, 30, 90 days)
  • Summary statistics:
  • Total actions today
  • Total actions in selected period
  • Failed login attempts
  • Unique active users
  • Filter by:
  • Action type (login, content_create, settings_update, etc.)
  • User email (search by name)
  • Resource type (content, brief, user, connector, etc.)
  • Status (success, failure, denied)
  • Date range
  • 50 logs per page with pagination
  • Click any log to view full details

Log Detail View:

  • Full action information
  • Request context (IP, path, user agent)
  • JSON details (field changes, metadata)
  • Related logs (other actions on same resource)

Resource History

View all changes to a specific resource:

Navigate: Audit Logs → Resource History → [Resource Type] → [Resource ID]

Or click "View History" link from:

  • Content detail page → See all edits, publishes, deletes
  • Brief detail page → See creation, updates, generation events
  • Connector settings → See all configuration changes

Example Use Cases:

  • "Who published this article last week?"
  • "What changed in our brand voice settings?"
  • "When was this brief created and by whom?"

User Activity Tracking

View all actions by a specific user:

Navigate: Audit Logs → User Activity → [User Email]

Or view your own activity: Settings → Audit Logs → My Activity

Shows:

  • All actions by user in last 30 days (configurable)
  • Authentication events (logins, logouts)
  • Content creation and edits
  • Settings changes
  • Exports and data access

Example Use Cases:

  • Review team member contributions
  • Investigate suspicious account activity
  • Compliance audit: "Show me all actions by John in Q4"

Exporting Audit Logs

Navigate: Settings → Audit Logs → Export

Export Options:

  • CSV format (for spreadsheet analysis)
  • JSON format (for API/automation)
  • Date range: 7, 30, 90 days or custom range

CSV Columns:

  • Timestamp
  • User Email
  • User Role
  • Action (human-readable)
  • Resource Type
  • Resource ID
  • Resource Name
  • Status
  • IP Address
  • Request Path
  • Details (JSON string)

Use Cases:

  • Compliance audits (SOC 2, GDPR, HIPAA)
  • Security investigations
  • Activity reports for management
  • Evidence collection for disputes

Configuring Audit Log Settings

Navigate: Settings → Audit Logs → Settings

Retention Policy:

  • Default: 365 days (1 year)
  • Configurable per tenant
  • Old logs automatically deleted after retention period
  • Cleaned up nightly by scheduled task

What to Log (toggles for each category):

  • Authentication events (default: on)
  • Content changes (default: on)
  • Brief changes (default: on)
  • Approval actions (default: on)
  • Settings changes (default: on)
  • Team changes (default: on)
  • API access (default: on)

Suspicious Activity Detection:

  • Enable email notifications for suspicious activity
  • Failed login threshold (default: 10 failures in 1 hour)
  • Alerts sent to tenant admins
  • Helps detect brute force attacks

Security Features

Immutability:

  • Logs cannot be edited after creation
  • Logs cannot be deleted manually
  • Prevents tampering and ensures audit trail integrity
  • Enforced at database and application level

IP Address Tracking:

  • Captures original client IP (not proxy/load balancer)
  • Handles X-Forwarded-For headers correctly
  • Useful for detecting unauthorized access from unusual locations

Failed Access Detection:

  • Logs permission denied attempts
  • Tracks unauthorized access attempts
  • Identifies compromised accounts
  • Triggers notifications after threshold exceeded

User Email Preservation:

  • Email stored separately from user record
  • Preserved even if user account deleted
  • Maintains complete audit trail after user removal

Compliance & Use Cases

SOC 2 Compliance:

  • Complete audit trail of all user access and changes
  • 365+ day retention (configurable)
  • Shows who accessed sensitive data (briefs, content, settings)
  • Exportable for external auditors

GDPR Right to Access:

  • Users can request all actions taken on their data
  • Export audit logs related to specific user
  • Shows data access, edits, exports

Security Incident Investigation:

  • Detect unusual activity (user deleting many briefs)
  • Track unauthorized access attempts
  • Identify compromised accounts
  • Timeline of events leading to incident

Governance & Accountability:

  • See who approved/rejected content
  • Track changes to brand voice or strategy
  • Identify who exported sensitive data
  • Resolve disputes about content edits

Forensic Analysis:

  • Complete history of resource changes
  • Who made each edit and when
  • Before/after values for updates
  • Request context (IP, browser, time)

Statistics & Monitoring

Dashboard Stats (refreshed daily):

  • Total actions today
  • Total actions in selected period (7, 30, 90 days)
  • Failed login attempts
  • Unique active users

Activity Patterns:

  • Most active users
  • Most common actions
  • Peak activity times
  • Resource types most frequently modified

Anomaly Detection:

  • Unusual number of deletions
  • Failed login spikes
  • Access from new locations
  • Bulk export activity

Performance Notes

Logging Overhead:

  • <10ms per action
  • Never blocks main operations
  • Errors logged silently (never breaks functionality)
  • Asynchronous where possible

Database Indexing:

  • Indexed on tenant + created_at
  • Indexed on tenant + user
  • Indexed on tenant + action
  • Indexed on tenant + resource_type + resource_id
  • Fast queries even with millions of logs

Retention & Cleanup:

  • Scheduled cleanup runs nightly
  • Deletes logs older than retention period
  • Configurable per tenant
  • Can export before cleanup for archival

Viewing Logs by Context

From Content Hub:

  • Click content → View Details → Activity History
  • Shows all actions on that content piece
  • Create, edit, publish, unpublish, delete events

From Brief Detail Page:

  • Scroll to Activity section
  • Shows brief creation, updates, generation events
  • Links to full audit log entries

From Settings Pages:

  • Changes to settings automatically logged
  • View history of connector configurations
  • Track API key creation/revocation

From Team Management:

  • User invites, removals, role changes logged
  • View who made team changes and when

FAQs

Q: Can I delete audit logs? A: No. Audit logs are immutable for compliance reasons. They're automatically cleaned up after the retention period (default 365 days) via scheduled task.

Q: What happens to logs when I delete a user? A: Logs are preserved. The user_email field is stored separately, so the audit trail remains intact even after user deletion. The user foreign key is set to NULL, but the email and action details remain.

Q: Can I see logs from before enabling audit logging? A: No. Only actions after audit logging was enabled are recorded.

Q: Who can view audit logs? A: Admin and Owner roles can view all audit logs. Other roles can view their own activity via "My Activity" page. Configurable via role permissions.

Q: Are failed login attempts logged? A: Yes. Failed logins are logged with action=login_failed, including IP address and user email (even if account doesn't exist, for security monitoring).

Q: Do audit logs impact performance? A: Minimal impact (<10ms per action). Logging is wrapped in try/catch to never break main functionality. Database is indexed for fast queries.

Q: Can I export logs for compliance audits? A: Yes. Export as CSV or JSON with custom date ranges. Export action itself is logged for audit trail completeness.

Q: What's the difference between audit logs and activity history? A: Same data, different views. Audit logs show all actions across all resources. Activity history shows actions for a specific resource (content, brief, etc.).

Q: Do API requests get logged? A: API key creation and revocation are logged. Individual API requests are not logged by default (would generate excessive logs). Enable via settings if needed for compliance.

Q: Can I get email notifications for suspicious activity? A: Yes. Enable "Notify on suspicious activity" in Audit Log Settings. Set failed login threshold (default: 10 in 1 hour). Notifications sent to tenant admins.

Q: Are webhook events logged? A: Connector creation/updates/deletes are logged. Individual webhook payloads are not logged by default (excessive volume). Check webhook-specific logs if debugging integrations.

Q: How long are logs retained? A: Default 365 days. Configurable per tenant in Audit Log Settings. Logs older than retention period are automatically deleted by nightly cleanup task.

More in Account & Settings

User Roles & Permissions

Control what each team member can access and modify. ILLIXIS uses role-based access control RBAC to ensure team members have appropriate permissions for their responsibilities.

Approval Workflows

Control who reviews and approves content before it goes live. ILLIXIS approval workflows let you build multi-stage review chains with role-based approvers, deadlines, and automatic escalation.

White-Label Branding

Replace ILLIXIS branding with your own across the entire platform. Perfect for agencies delivering client work or businesses wanting a fully branded experience.

Two-Factor Authentication (2FA) Setup

Two-factor authentication 2FA adds an extra layer of security to your ILLIXIS account. When enabled, you'll need both your password and a verification code from your phone to sign in.

Zapier Integration

Last Updated: February 5, 2026

← Back to Help Center

Ready to lose the stack?

One platform. You approve. ILLIXIS executes. Marketing that just happens.

Join the waitlistNo spam, everUnsubscribe anytime
First 20 founding members: 50% off any plan for your first year.

Marketing, Unstacked.