---
title: Audit Logs
---

# Audit Logs

Audit Logs provide a complete, tamper-evident history of actions performed across all TIR services in your account. They are essential for security reviews, compliance audits, and troubleshooting unexpected changes.

---

## What Audit Logs Track

Audit Logs capture events such as:

- User additions, updates, and removals
- Project creation or deletion
- Resource provisioning and deprovisioning (notebooks, endpoints, datasets, etc.)
- Policy changes and permission updates
- Authentication and access events

---

## Accessing Audit Logs

1. In the TIR sidebar, click **Audit Logs**.
2. Use the **Service** dropdown to filter events by a specific TIR service.
3. Use the **Period** selector to filter by time range.
4. The log table will update to show all matching events.

---

## Reading Log Entries

Each log entry typically includes:

| Field | Description |
|-------|-------------|
| **Timestamp** | When the event occurred |
| **User** | Who performed the action |
| **Service** | Which TIR service was involved |
| **Action** | What operation was performed |
| **Status** | Whether the action succeeded or failed |

---

## Best Practices

- Review audit logs regularly to detect unauthorized access or unexpected changes.
- Export or archive logs periodically if your compliance policy requires long-term retention.
- Combine audit log reviews with [IAM Panel](/docs/tir/GettingStarted/iam/iam_panel/) checks to ensure role assignments remain appropriate.


---