Audit Log
Review who changed what in your organization, with field-level diffs and SIEM forwarding
Last updated
The Audit page (/audit) records every consequential action in your organization — who did it, what changed, and when. It's your accountability trail for security reviews and compliance.
What's logged
Audit events span the actions that matter for governance:
- API keys — create, update, rotate, delete
- Members — invite, accept, role change, remove
- Teams — create, update, delete
- Organization — deletion
- Budgets — create and changes
- Guardrails — update, delete
- Plan tier — changes
- Settings — router settings, data policy
- Profile — updates and password changes
Reading an event
Each row shows:
| Column | Meaning |
|---|---|
| Timestamp | When the action happened |
| Action | The event, e.g. key.created, member.invited |
| Actor | The user who performed it |
| Resource | What was affected |
| Details | A before/after diff |
Open an event to see a field-level diff — unchanged values are dimmed and changed values are highlighted, so you can see exactly what moved.
Filtering and export
Filter by action category (API Keys, Members, Teams, Organization, Budgets, Guardrails, Plan, Settings, Data Policy, Profile, Password) and by date range. Export the trail to CSV for offline review.
Forwarding to a SIEM
For continuous monitoring, create a webhook destination to forward audit events to an external SIEM system as they happen.
Next steps
- Team Management — The member and role actions audited here
- Settings — The settings changes that generate audit events
- API Key Management — Key lifecycle events appear in the audit log
Organization Settings
Configure your workspace — general info, branding, privacy, security, localization, and the danger zone
API Consumers (the `user` field)
How NemoRouter identifies the downstream consumers behind your API key, what to put in the OpenAI-spec `user` field, how to tag and set per-consumer limits, and the five step-by-step workflows you will use most.