Enterprise Audit Logs
Every action, attributed and immutable
Enterprise Audit Logs sit underneath every privileged action in LLM Gateway. When an admin rotates a provider key, removes a teammate, changes routing config, or downloads logs — it lands in an append-only audit stream with the actor, timestamp, IP, user-agent, and a structured diff of before/after state. Logs are filterable by user, resource, action, or time, exportable as CSV/JSON, and forwardable to your SIEM (Splunk, Datadog, Elastic) via webhook. Retention defaults to forever for enterprise plans.
Why teams turn it on
Append-only by design
Audit rows can't be edited or deleted from the dashboard — even by org owners. Cryptographic chaining detects tampering at the storage layer.
Actor + resource + diff
Every event records who, what, when, where, and a structured before/after diff — not just an action name.
SIEM forwarding
Stream audit events to Splunk, Datadog, Elastic, or any HTTPS endpoint. Replay any window on demand.
Compliance-ready exports
One-click CSV/JSON exports scoped to a date range, user, or resource — formatted for SOC 2 and HIPAA auditors.
How it works
From decision to deployed in three short steps
- 01
Enable on your org
Audit logging is enabled on every enterprise org by default. No code changes — every privileged route is already instrumented.
- 02
Query in the dashboard
Filter by user, action, resource, or time range. Each row expands into the full structured diff.
- 03
Forward to your SIEM
Add a webhook URL in org settings. Events are POSTed in real time with retries and signed payloads.
Real-world use cases
Why customers actually adopt this
Security investigations
A key was rotated at 3:14 UTC. Who did it, from which IP, and what did the request look like? One query.
SOC 2 / HIPAA evidence
Hand your auditor a scoped export with full attribution — no screenshots, no reconstruction.
Insider-risk monitoring
Alert when admins access prod keys outside working hours or from unfamiliar geographies.
Frequently asked
- How long are audit logs retained?
- Enterprise plans get unlimited retention by default. We do not auto-prune. You can export and delete on your own schedule if needed for data-residency.
- Can audit logs be deleted?
- No — not by org owners, not by admins, not by support. Logs are append-only in storage. The only way to remove an entry is a full org-data deletion under our DPA.
- Do audit logs include LLM request bodies?
- Audit logs capture privileged-action metadata, not user prompts. Prompt/response logging is a separate setting under Activity Logs, which you control independently.
More enterprise capabilities
The rest of the enterprise stack
Per-Project Routing Overrides
Override global routing rules at the project level — region, provider order, fallback chain, and cost ceilings. Production stays pinned; experimental teams stay flexible.
Enterprise Guardrails
Server-side detection for prompt injection, PII, secrets, and policy violations. Configured centrally, enforced at the gateway, auditable per-request.
Discord & Slack Alerts
Native webhook integrations for Discord and Slack. Get the enterprise contact-sales form, billing events, guardrail trips, and SLA breaches in the channels your team already monitors.
Single Sign-On (SAML / OIDC)
SAML 2.0 and OIDC SSO with SCIM provisioning, group-based role mapping, and enforced-only access. No local credentials, no shared passkeys, no off-boarding gaps.
White-Label Chat & Playground
Embed or stand up a fully white-labeled chat app and playground under your own domain. Customize branding, default models, system prompts, and feature toggles.
See enterprise audit logs on your real workloads
Bring a sample workload to a 30-minute call. We'll wire it up live and show you the actual experience your team will get.