{"id":283,"date":"2026-03-10T00:00:00","date_gmt":"2026-03-10T00:00:00","guid":{"rendered":"https:\/\/wordpress.securinsight.ca\/index.php\/2026\/03\/10\/audit-logs-audit-logs-version-2-general-availability-2\/"},"modified":"2026-03-10T00:00:00","modified_gmt":"2026-03-10T00:00:00","slug":"audit-logs-audit-logs-version-2-general-availability-2","status":"publish","type":"post","link":"https:\/\/wordpress.securinsight.ca\/index.php\/2026\/03\/10\/audit-logs-audit-logs-version-2-general-availability-2\/","title":{"rendered":"Audit Logs &#8211; Audit logs (version 2) &#8211; General Availability"},"content":{"rendered":"<p>Audit Logs v2 is now generally available to all Cloudflare customers.<\/p>\n<p><img decoding=\"async\" src=\"https:\/\/developers.cloudflare.com\/_astro\/auditlogsv2.C3pqAR33_1uw2Y3.webp\" alt=\"Audit Logs v2 GA\" \/><\/p>\n<p>Audit Logs v2 provides a unified and standardized system for tracking and recording all user and system actions across Cloudflare products. Built on Cloudflare&#8217;s API Shield \/ OpenAPI gateway, logs are generated automatically without requiring manual instrumentation from individual product teams, ensuring consistency across ~95% of Cloudflare products.<\/p>\n<p><strong>What&#8217;s available at GA:<\/strong><\/p>\n<ul>\n<li><strong>Standardized logging<\/strong> \u2014 Audit logs follow a consistent format across all Cloudflare products, making it easier to search, filter, and investigate activity.<\/li>\n<li><strong>Expanded product coverage<\/strong> \u2014 ~95% of Cloudflare products covered, up from ~75% in v1.<\/li>\n<li><strong>Granular filtering<\/strong> \u2014 Filter by actor, action type, action result, resource, raw HTTP method, zone, and more. Over 20 filter parameters available via the API.<\/li>\n<li><strong>Enhanced context<\/strong> \u2014 Each log entry includes authentication method, interface (API or dashboard), Cloudflare Ray ID, and actor token details.<\/li>\n<li><strong>18-month retention<\/strong> \u2014 Logs are retained for 18 months. Full history is accessible via the API or Logpush.<\/li>\n<\/ul>\n<p><strong>Access:<\/strong><\/p>\n<ul>\n<li><strong>Dashboard<\/strong>: Go to <strong>Manage Account<\/strong> &gt; <strong>Audit Logs<\/strong>. Audit Logs v2 is shown by default.<\/li>\n<li><strong>API<\/strong>: <code>GET https:\/\/api.cloudflare.com\/client\/v4\/accounts\/{account_id}\/logs\/audit<\/code><\/li>\n<li><strong>Logpush<\/strong>: Available via the <code>audit_logs_v2<\/code> account-scoped dataset.<\/li>\n<\/ul>\n<p><strong>Important notes:<\/strong><\/p>\n<ul>\n<li>Approximately 30 days of logs from the Beta period (back to ~February 8, 2026) are available at GA. These Beta logs will expire on ~April 9, 2026. Logs generated after GA will be retained for the full 18 months. Older logs remain available in Audit Logs v1.<\/li>\n<li>The UI query window is limited to 90 days for performance reasons. Use the API or Logpush for access to the full 18-month history.<\/li>\n<li><code>GET<\/code> requests (view actions) and <code>4xx<\/code> error responses are not logged at GA. <code>GET<\/code> logging will be selectively re-enabled for sensitive read operations in a future release.<\/li>\n<li>Audit Logs v1 continues to run in parallel. A deprecation timeline will be communicated separately.<\/li>\n<li>Before and after values \u2014 the ability to see what a value changed from and to \u2014 is a highly requested feature and is on our roadmap for a post-GA release. In the meantime, we recommend using Audit Logs v1 for before and after values. Audit Logs v1 will continue to run in parallel until this feature is available in v2.<\/li>\n<\/ul>\n<p>For more details, refer to the <a href=\"https:\/\/developers.cloudflare.com\/fundamentals\/account\/account-security\/audit-logs\/\">Audit Logs v2 documentation<\/a>.<\/p>","protected":false},"excerpt":{"rendered":"<p>Audit Logs v2 is now generally available to all Cloudflare customers. Audit Logs v2 provides a unified and standardized system for tracking and recording all user and system actions across Cloudflare products. Built on Cloudflare&#8217;s API Shield \/ OpenAPI gateway, logs are generated automatically without requiring manual instrumentation from individual product teams, ensuring consistency across [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-283","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/wordpress.securinsight.ca\/index.php\/wp-json\/wp\/v2\/posts\/283","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/wordpress.securinsight.ca\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/wordpress.securinsight.ca\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/wordpress.securinsight.ca\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/wordpress.securinsight.ca\/index.php\/wp-json\/wp\/v2\/comments?post=283"}],"version-history":[{"count":0,"href":"https:\/\/wordpress.securinsight.ca\/index.php\/wp-json\/wp\/v2\/posts\/283\/revisions"}],"wp:attachment":[{"href":"https:\/\/wordpress.securinsight.ca\/index.php\/wp-json\/wp\/v2\/media?parent=283"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/wordpress.securinsight.ca\/index.php\/wp-json\/wp\/v2\/categories?post=283"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/wordpress.securinsight.ca\/index.php\/wp-json\/wp\/v2\/tags?post=283"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}