Audit Logs

When using Soracom in a multi-user organization, you may want to periodically check for indications of unauthorized access. Audit Logs provides detailed information about calls to the Soracom API performed against your Soracom account, including access to the User Console and Soracom CLI usage.

When combined with Soracom Access Management (SAM), Audit Logs can be used to check the behavior of SAM users.

Audit Logs record calls to the Soracom API made from your account. It is separate from the Napter Audit Logs feature, which records the connections made to your devices through the Napter on-demand remote access service.

Log Details

Audit Logs will record the following information:

Subscriptions

The following Audit Logs options are available:

Limitations


Viewing Logs

  1. Login to the User Console. From the Menu, open the Audit Logs screen. The latest Audit Logs will be visible.

    https://console.soracom.io

    Audit Logs

If you are subscribed to the Enterprise Option, you can use the API menu to filter the logs.


Downloading Logs

If you are subscribed to the Enterprise Option, you can also download a copy of the logs for easier auditing.

  1. Login to the User Console. For security, in order to download Audit Logs, you must login using your root account email address and password.

  2. From the Menu, open the Audit Logs screen.

  3. Click the Download button.

  4. Select the time range of logs that you want to download. Then click Get link.

    Download Audit Logs

    Depending on the amount of logs recorded within the specified time range, the log may take a few minutes to prepare.

    Once the log has been prepared, an email containing a download link will be sent to the account's primary email address.


Changing Subscription

Subscribing to the Audit Logs Enterprise Option will incur a monthly service fee until subscription is cancelled. Refer to the Pricing & Fee Schedule for more information.

  1. Login to the User Console. For security, in order to change your Audit Logs subscription, you must login using your root account email address and password.

  2. From the Menu, open the Audit Logs screen.

  3. A notification indicating your current Audit Logs option will be displayed above the list of logs.

    • To subscribe to the Enterprise Option, click the Subscribe link.
    • To unsubscribe from the Enterprise Option, click the Unsubscribe link.
  4. After reviewing the details of the subscription change, click the Subscribe or Unsubscribe button to confirm the change.

When changing subscriptions, the new option may take up to 20 minutes to take effect.


Programmatic Usage

You can also access Audit Logs using the Soracom API or CLI in order to integrate a periodic audit procedure as part of your operations.

Soracom API

To access the Soracom API, first use the auth API to obtain an API Key and Token. Refer to the API Reference Guide for instructions on how to use the API Key and Token in API requests.

Then, use the getApiAuditLogs API to retrieve logs:

curl -X GET \
>  -H 'X-Soracom-API-Key: <MY-API-KEY>' \
>  -H 'X-Soracom-Token: <MY-TOKEN>' \
>  -H 'Accept: application/json' \
>  https://g.api.soracom.io/v1/audit_logs/api

To limit the API to a specific time range, use the from_epoch_ms and to_epoch_ms query parameters in the request URL. You can also use the limit query parameter to limit the number of logs returned by the API.

If Audit Logs contains more log entries than the specified limit, the API response will also return a value link in the response header indicating the request URL to use to retrieve the next set of logs.

If you are subscribed to the Enterprise Option, you can also use the api_kind query parameter to filter the logs based on the API path. Ensure that the API path is URL encoded within the request URL.

Soracom CLI

To use the Soracom CLI, you must first configure it to authenticate with your account information, authorization key, or SAM user credentials.

Then, run the following command to retrieve logs:

soracom audit-logs api get --coverage-type g

Similar to the API, you can use the --from-epoch-ms and --to-epoch-ms flags to limit the response to a specific time range. You can also use the --limit flag to limit the number of logs returned by the CLI.

Compared to the API usage, you can use the --fetch-all flag to automatically perform pagination and return a all logs at once.

If you are subscribed to the Enterprise Option, you can also use the --api-kind flag to filter the logs based on the API path.