Audit Logs
Learn how to track and analyze your team members' activities.Audit Logs are available in Beta on Enterprise plans
Those with the owner role can access this feature
Audit logs help you track and analyze your team members' activity. They can be accessed by team members with the owner role, and are available to customers on enterprise plans.
To export and download audit logs:
- Go to Team Settings > Security > Audit Log
- Select a timeframe to export a Comma Separated Value (CSV) file containing all events occurred during that time period
- Click the Export CSV button to download the file
The team owner requesting an export will then receive an email with a link containing the report. This link is used to access the report and is valid for 24 hours.
Note that reports can be generated for the last 90 days (three months) and will not impact your billing.
In addition to the standard audit log functionalities, Vercel supports custom log streaming to your Security Information and Event Management (SIEM) system of choice. This allows you to integrate Vercel audit logs with your existing observability and security infrastructure.
We support the following SIEM options out of the box:
- AWS S3
- Splunk
- Datadog
- Google Cloud Storage
We also support streaming logs to any HTTP endpoint, secured with a custom header.
If your SIEM requires IP allowlisting, please use the following IP addresses:
23.21.184.92
34.204.154.149
44.213.245.178
44.215.236.82
50.16.203.9
52.1.251.34
52.21.49.187
174.129.36.47To set up custom log streaming to your SIEM, please contact your Customer Success Manager (CSM). They will guide you through the configuration process to ensure a smooth and secure integration.
The CSV file can be opened using any spreadsheet-compatible software, and includes the following fields:
| Property | Description |
|---|---|
| timestamp | Time and date at which the event occurred |
| action | Name for the specific event. E.g, project.created, team.member.left, project.transfer_out.completed, auditlog.export.downloaded, auditlog.export.requested, etc. Learn more about it here. |
| actor_vercel_id | User ID of the team member responsible for an event |
| actor_name | Account responsible for the action. For example, username of the team member |
| actor_email | Email address of the team member responsible for a specific event |
| location | IP address from where the action was performed |
| user_agent | Details about the application, operating system, vendor, and/or browser version used by the team member |
| previous | Custom metadata (JSON object) showing the object's previous state |
| next | Custom metadata (JSON object) showing the object's updated state |
Vercel logs the following list of actions performed by team members.
Maps a custom domain or subdomain to a specific deployment or URL of a project. To learn more, see the vercel alias docs.
| Action Name | Description |
|---|---|
alias.created | Indicates that a new alias was created |
alias.deleted | Indicates that an alias was deleted |
alias.protection-user-access-request-requested | An external user requested access to a protected deployment alias URL |
Refers to the audit logs of your Vercel team account.
| Action Name | Description |
|---|---|
auditlog.export.downloaded | Indicates that an export of the audit logs was downloaded |
auditlog.export.requested | Indicates that an export of the audit logs was requested |
A digital certificate to manage SSL/TLS certificates for your custom domains through the vercel certs command. It is used to authenticate the identity of a server and establish a secure connection.
| Action Name | Description |
|---|---|
cert.created | Indicates that a new certificate was created |
cert.deleted | Indicates that a new certificate was deleted |
cert.renewed | Indicates that a new certificate was renewed |
Create URLs that accept HTTP POST requests to trigger deployments and rerun the build step. To learn more, see the Deploy Hooks docs.
| Action Name | Description |
|---|---|
deploy_hook.deduped | A deploy hook is de-duplicated which means that multiple instances of the same hook have been combined into one |
Refers to a successful build of your application. To learn more, see the deployment docs.
| Action Name | Description |
|---|---|
deployment.deleted | Indicates that a deployment was deleted |
deployment.job.errored | Indicates that a job in a deployment has failed with an error |
A unique name that identifies your website. To learn more, see the domains docs.
| Action Name | Description |
|---|---|
domain.auto_renew.changed | Indicates that the auto-renew setting for a domain was changed |
domain.buy | Indicates that a domain was purchased |
domain.created | Indicates that a new domain was created |
domain.delegated | Indicates that a domain was delegated to another account |
domain.deleted | Indicates that a domain was deleted |
domain.move_out.requested | Indicates that a request was made to move a domain out of the current account |
domain.moved_in | Indicates that a domain was moved into the current account |
domain.moved_out | Indicates that a domain was moved out of the current account |
domain.record.created | Indicates that a new domain record was created |
domain.record.deleted | Indicates that a new domain record was deleted |
domain.record.updated | Indicates that a new domain record was updated |
domain.transfer_in | Indicates that a request was made to transfer a domain into the current account |
domain.transfer_in.canceled | Indicates that a request to transfer a domain into the current account was canceled |
domain.transfer_in.completed | Indicates that a domain was transferred into the current account |
A key-value data store associated with your Vercel account that enables you to read data at the edge without querying an external database. To learn more, see the Edge Config docs.
| Action Name | Description |
|---|---|
edge_config.created | Indicates that a new edge configuration was created |
edge_config.deleted | Indicates that a new edge configuration was deleted |
edge_config.updated | Indicates that a new edge configuration was updated |
Helps you pair Vercel's functionality with a third-party service to streamline installation, reduce configuration, and increase productivity. To learn more, see the integrations docs.
| Action Name | Description |
|---|---|
integration.deleted | Indicates that an integration was deleted |
integration.installed | Indicates that an integration was installed |
integration.updated | Indicates that an integration was updated |
Password Protection allows visitors to access preview deployments with a password to manage team-wide access.
| Action Name | Description |
|---|---|
password_protection.disabled | Indicates that password protection was disabled |
password_protection.enabled | Indicates that password protection was enabled |
Customize the appearance of your preview deployment URLs by adding a valid suffix. To learn more, see the preview deployment suffix docs.
| Action Name | Description |
|---|---|
preview_deployment_suffix.disabled | Indicates that the preview deployment suffix was disabled |
preview_deployment_suffix.enabled | Indicates that the preview deployment suffix was enabled |
preview_deployment_suffix.updated | Indicates that the preview deployment suffix was updated |
Refers to actions performed on your Vercel projects.
| Action Name | Description |
|---|---|
project.analytics.disabled | Indicates that analytics were disabled for the project |
project.analytics.enabled | Indicates that analytics were enabled for the project |
project.deleted | Indicates that a project was deleted |
project.env_variable | This field refers to an environment variable within a project |
project.env_variable.created | Indicates that a new environment variable was created for the project |
project.env_variable.deleted | Indicates that a new environment variable was deleted for the project |
project.env_variable.updated | Indicates that a new environment variable was updated for the project |
Refers to the password protection settings for a project.
| Action Name | Description |
|---|---|
project.password_protection.disabled | Indicates that password protection was disabled for the project |
project.password_protection.enabled | Indicates that password protection was enabled for the project |
project.password_protection.updated | Indicates that password protection was updated for the project |
Refers to the Single Sign-On (SSO) protection settings for a project.
| Action Name | Description |
|---|---|
project.sso_protection.disabled | Indicates that SSO protection was disabled for the project |
project.sso_protection.enabled | Indicates that SSO protection was enabled for the project |
project.sso_protection.updated | Indicates that SSO protection was updated for the project |
Refers to the transfer of a project between Vercel accounts.
| Action Name | Description |
|---|---|
project.transfer_in.completed | Indicates that a project transfer into the current account was completed successfully |
project.transfer_in.failed | Indicates that a project transfer into the current account was failed |
project.transfer_out.completed | Indicates that a project transfer out of the current account was completed successfully |
project.transfer_out.failed | Indicates that a project transfer out of the current account was |
project.transfer.started | Indicates that a project transfer was initiated |
Refers to the generation of web analytics for a Vercel project.
| Action Name | Description |
|---|---|
project.web-analytics.disabled | Indicates that web analytics were disabled for the project |
project.web-analytics.enabled | Indicates that web analytics were enabled for the project |
Refers to environment variables defined at the team level. To learn more, see the shared environment variables docs.
| Action Name | Description |
|---|---|
shared_env_variable.created | Indicates that a new shared environment variable was created |
shared_env_variable.decrypted | Indicates that a new shared environment variable was decrypted |
shared_env_variable.deleted | Indicates that a new shared environment variable was deleted |
shared_env_variable.updated | Indicates that a new shared environment variable was updated |
Refers to actions performed by members of a Vercel team.
| Action Name | Description |
|---|---|
team.avatar.updated | Indicates that the avatar (profile picture) associated with the team was updated |
team.created | Indicates that a new team was created |
team.deleted | Indicates that a new team was deleted |
team.name.updated | Indicates that the name of the team was updated |
team.slug.updated | Indicates that the team's unique identifier, or "slug," was updated |
Refers to actions performed by any team member.
| Action Name | Description |
|---|---|
team.member.access_request.confirmed | Indicates that an access request by a team member was confirmed |
team.member.access_request.declined | Indicates that an access request by a team member was declined |
team.member.access_request.requested | Indicates that a team member has requested access to the team |
team.member.added | Indicates that a new member was added to the team |
team.member.deleted | Indicates that a member was removed from the team |
team.member.joined | Indicates that a member has joined the team |
team.member.left | Indicates that a new member has left the team |
team.member.role.updated | Indicates that the role of a team member was updated |
Was this helpful?