Audit logs provide a complete, tamper-evident record of every action taken inside your Dokploy instance. Every time a user creates a project, deploys an application, updates server settings, adds a domain, or even logs in or out, an entry is written to the audit log with the actor’s identity, what they did, and when they did it. This makes it straightforward to answer questions like “who deleted the production database?” or “which user changed the Traefik configuration last Tuesday?” — essential for compliance audits, security investigations, and operational debugging.Documentation Index
Fetch the complete documentation index at: https://mintlify.com/Nettalco/dokploy/llms.txt
Use this file to discover all available pages before exploring further.
Requirements
Access to the audit log API is protected by two independent checks:- The caller must have the
auditLog: readpermission (granted toownerandadminroles by default, and configurable on custom roles). - The active organization must have a valid Dokploy Enterprise license. Requests from unlicensed organizations receive a
FORBIDDENerror with the message"Valid enterprise license required".
What Is Logged
Audit entries are written automatically by the server whenever a mutating operation completes successfully. The following action types are tracked:| Action | Description |
|---|---|
create | A new resource was created. |
update | An existing resource was modified. |
delete | A resource was deleted. |
deploy | A service or application was deployed. |
redeploy | A service was redeployed (e.g. forced rebuild). |
cancel | An in-progress deployment was cancelled. |
login | A user authenticated to the instance. |
logout | A user session ended. |
restore | A backup was restored. |
run | A one-off command or job was executed. |
start / stop / reload / rebuild | Lifecycle operations on services or servers. |
move | A resource was moved between projects. |
project · service · application · compose · environment · deployment · previewDeployment · domain · redirect · port · security · certificate · registry · server · sshKey · gitProvider · notification · settings · session · user · customRole · destination · schedule · backup · volumeBackup · docker · swarm · cluster · mount · organization
Accessing Audit Logs
Navigate to Audit Logs
In the Dokploy dashboard, go to Settings → Audit Logs. The page lists the most recent entries in descending chronological order.
Apply filters
Use the filter controls to narrow results by user, date range, action type, or resource type. All filter parameters are optional and can be combined freely.
Querying Audit Logs — auditLog.all
The auditLog.all query accepts the following input and returns { logs, total } — an array of log entries and the total matching count for pagination:
action filter (as exposed by the API): create, update, delete, deploy, cancel, redeploy, login, logout.
Permitted values for the resourceType filter: project, service, environment, deployment, user, customRole, domain, certificate, registry, server, sshKey, gitProvider, notification, settings, session.
Audit Log Entry Fields
Each entry in thelogs array returned by auditLog.all has the following shape:
| Field | Type | Description |
|---|---|---|
id | string | Unique identifier for this log entry (nanoid). |
organizationId | string | null | The organization in which the action occurred. null if the organization was subsequently deleted. |
userId | string | null | The user who performed the action. null if the user was subsequently deleted (the userEmail field still preserves the original address). |
userEmail | string | Email address of the actor at the time of the action. Always populated even if the user no longer exists. |
userRole | string | Role of the actor at the time of the action (e.g. owner, admin, member, or a custom role name). |
action | string | The action that was performed (see action table above). |
resourceType | string | Category of the affected resource (e.g. service, domain, server). |
resourceId | string | null | Identifier of the specific resource. May be null for actions that do not target a specific record. |
resourceName | string | null | Human-readable name of the resource at the time of the action. |
metadata | string | null | JSON-encoded object with additional context, such as triggered-by information, configuration snapshots, or request details. |
createdAt | timestamp | ISO 8601 timestamp of when the action occurred. Indexed for efficient date-range filtering. |
Filtering and Search
All filter parameters toauditLog.all are optional and combinable. Common patterns:
from and to parameters accept JavaScript Date objects or ISO 8601 strings (the Zod schema coerces either). The date filter is applied to the createdAt column, which is indexed for performance.
Log Retention
Dokploy does not automatically prune audit log entries. Retention is governed by the storage capacity of your Dokploy instance’s PostgreSQL database. For long-running installations, consider:- Scheduling a periodic export and archival of old log records.
- Configuring PostgreSQL table partitioning or time-based retention policies at the database level.
- Monitoring database disk usage via the Monitoring panel in Dokploy.
Exporting Logs
TheauditLog.all endpoint supports pagination up to 500 records per request, which can be used to programmatically export logs to an external SIEM, logging platform, or CSV file. Iterate through pages using offset until fewer records than limit are returned:
Audit log entries are read-only. There is no API procedure to modify or delete individual log entries. The
userId and organizationId foreign keys use SET NULL on delete, so entries are preserved even when a user or organization is removed — the userEmail and userRole fields ensure the actor is always identifiable.