How to access Audit logs to get user actions traceback?

Hi,
I’m trying to get user actions that (supposedly) renamed an Organization and removed it after few hours.

I found some Audit logs on (Django) Admin area but isn’t enough to confirm what really happened.

I’m running a on-premise setup with docker containers (and nginx as proxy).

Thanks.

Would Sentry logs themselves suffice: docker-compose logs web?

Docker logs are too verbose to get specific actions occurred over a Project or an Organization.

I’m searching for a practical way/tool to reach it, like over interface and/or SQL queries.

Until now, what I get from logs is something like this:

11:57:24 [INFO] sentry.audit.api: org.remove (actor_label=u’user@corp.org’ object_id=146L organization_id=146L entry_id=3737L actor_id=331 ip_address=u’10.1.2.3’ transaction_id=u’02050bd425ad48efb0ff09f7255f0999’)

Is there a way to get more details about this action once entry ‘3737L’ isn’t available on Audit logs (Django admin)?

Thanks in advance.

The best thing to do would be to change the logging format to JSON, then ingest them into something like Elasticsearch or Stackdriver or whatever. If you set the environment variable SENTRY_LOG_FORMAT=machine everything will be JSON and be better to ingest with other tools.

1 Like