Skip to main content
DataRaven records every meaningful action that happens within your team — whether triggered by a user, an API key, or the system itself. The audit log gives you full visibility into who did what, when, and from where.

User Actions

Every create, update, and delete performed through the dashboard or API.

System Events

Scheduled task executions, transfer completions, and failures — logged automatically.

Request Context

IP address, user agent, and request ID captured with every user-initiated event.

Viewing the Audit Log

The audit log is accessible in two places within the dashboard:
  • Activity Feed — The dashboard homepage shows the 10 most recent events at a glance, so you can quickly see what’s been happening.
  • Event Log — A dedicated page at Event Log in the sidebar provides the full audit trail with filtering, pagination, and CSV export.
Any team member with Viewer role or higher can access the audit log.

Filtering & Export

The Event Log page supports filtering by:
FilterDescription
Resource typeNarrow to a specific resource — tasks, executions, secrets, locations, members, notifications, or vault connections.
Actor typeShow only events from users, the system, or API keys.
Date rangeFilter events to a specific time window.
You can export the current view to CSV for compliance reporting, incident investigation, or offline analysis. The export includes all fields: timestamp, event type, resource, actor, summary, IP address, user agent, and request ID.

What Gets Recorded

Every audit log entry captures a core set of fields, plus optional context depending on who triggered the action.

Common Fields

Every event includes:
FieldDescription
Event typeWhat happened (e.g., task_created, execution_completed).
Resource typeWhat was affected — task, execution, secret, location, member, notification, or vault_connection.
Resource IDThe unique identifier of the affected resource.
Resource nameA human-readable name for the resource (where applicable).
Actor typeWho did it — user, system, or api_key.
Actor nameThe name or email of the person or system that triggered the event.
SummaryA plain-English description of what happened.
MetadataStructured key-value data specific to the event (see tables below).
TimestampWhen the event occurred (UTC).

Request Context (User Actions Only)

When an event is triggered by a user or API key through the dashboard or API, additional request context is captured:
FieldDescription
IP addressThe originating IP, resolved via cf-connecting-ip (Cloudflare) or x-forwarded-for.
User agentThe browser or HTTP client used.
Request IDA unique correlation ID for the HTTP request, useful for debugging.
System events (scheduled executions, background workers) do not have request context since they originate from internal processes, not HTTP requests.

Event Reference

Below is a complete reference of every event type recorded by the audit log, organized by resource.

Task Events

Recorded when transfer tasks are created, modified, or removed.
Event TypeTriggerSummary ExampleMetadata
task_createdUserCreated task “Daily S3 Backup”task_type (copy, sync)
task_updatedUserUpdated task “Daily S3 Backup”updated_fields — list of changed fields
task_enabledUserEnabled task “Daily S3 Backup”status: enabled
task_disabledUserDisabled task “Daily S3 Backup”status: disabled
task_archivedUserArchived task “Daily S3 Backup”status: archived
task_deletedUserDeleted task “Daily S3 Backup”

Execution Events

Recorded across the full lifecycle of a transfer execution — from submission through completion or failure. Execution events come from both user actions and the system.
These events are initiated by a user through the dashboard or API and include full request context (IP, user agent, request ID).
Event TypeSummary ExampleMetadata
execution_submittedSubmitted execution for task “Daily S3 Backup”trigger (manual, api), is_dry_run
execution_cancelledCancelled execution for task “Daily S3 Backup”
Scheduled task executions are logged with trigger: scheduled and actor name “Scheduled”, making it easy to distinguish automated runs from manual ones.

Secret Events

Recorded when cloud provider credentials are created, modified, or removed.
Event TypeTriggerSummary ExampleMetadata
secret_createdUserCreated secret “Production AWS”secret_type (e.g., aws_s3, azure_blob)
secret_updatedUserUpdated secret “Production AWS”updated_fields — list of changed fields (credentials excluded)
secret_deletedUserDeleted secret “Production AWS”
For security, the updated_fields metadata for secret updates intentionally excludes the credentials field — you’ll see which fields changed, but credential values are never logged.

Location Events

Recorded when storage locations are created, verified, modified, or removed.
Event TypeTriggerSummary ExampleMetadata
location_createdUserCreated location “s3-prod-bucket”location_type (e.g., aws_s3, gcs)
location_updatedUserUpdated location “s3-prod-bucket”
location_verifiedUserVerified location “s3-prod-bucket”verified (true/false), error (if failed)
location_deletedUserDeleted location “s3-prod-bucket”

Vault Connection Events

Recorded when external vault integrations (1Password, Doppler, Infisical) are managed.
Event TypeTriggerSummary ExampleMetadata
vault_connection_createdUserCreated vault connection “1Password Prod”
vault_connection_testedUserTested vault connection “1Password Prod”success, message, plus provider-specific stats
vault_connection_updatedUserUpdated vault connection “1Password Prod”updated_fields — list of changed fields
vault_connection_token_rotatedUserRotated token for vault connection “1Password Prod”
vault_connection_deletedUserDeleted vault connection “1Password Prod”

Notification Events

Recorded when webhook or notification configurations are managed.
Event TypeTriggerSummary ExampleMetadata
notification_createdUserCreated notification “Slack Alerts”event_type — the execution event this notification listens to
notification_updatedUserUpdated notification “Slack Alerts”
notification_deletedUserDeleted notification “Slack Alerts”

Member Events

Recorded when team membership changes — invitations, joins, role changes, and removals.
Event TypeTriggerSummary ExampleMetadata
member_invitedUserInvited member “[email protected]role (viewer, operator, admin)
member_joinedUserMember joined the teamrole
member_role_changedUserChanged role for member “[email protected]new_role
member_removedUserRemoved member “[email protected]

Actor Types

Every event is attributed to an actor. DataRaven distinguishes three types:
Actor TypeDescriptionRequest Context
UserA team member acting through the dashboard or API. Identified by name and email.IP address, user agent, request ID
SystemAn internal process such as the task scheduler or execution worker.None — internal origin
API KeyAn external integration authenticating via API key.IP address, user agent, request ID

Scheduled Execution Tracking

When a task has a cron schedule configured, DataRaven’s scheduler automatically submits executions at the defined intervals. These scheduled runs are fully tracked in the audit log:
  • execution_submitted is logged with trigger: scheduled and actor name “Scheduled”
  • execution_started, execution_completed, and execution_failed are logged as the execution progresses through its lifecycle
  • Transfer statistics (files transferred, bytes moved, errors) are captured in the stats metadata field on completion
This means you can audit the complete history of your automated transfers — when they ran, whether they succeeded, and how much data was moved — without any manual intervention.

Data Retention

Audit logs are retained for the lifetime of the team. When a team is deleted, all associated audit log entries are permanently removed.

API Access

Audit logs are available via the REST API at: 
GET /teams/{team_id}/audit-logs
Query parameters:
ParameterTypeDescription
resource_typestringFilter by resource type
event_typestringFilter by event type
actor_typestringFilter by actor type
start_dateISO 8601Filter events from this date
end_dateISO 8601Filter events until this date
pageintegerPage number (default: 1)
limitintegerItems per page (default: 25, max: 250)
Requires Viewer role or higher on the team.