After you fetch audit logs, you can analyze them with tools like Pandas, Amazon Redshift, Google BigQuery, or Microsoft Fabric. Some audit log analysis tools don’t support JSON. Refer to the documentation for your analysis tool for guidelines and requirements to transform the JSON-formatted audit logs before analysis.
For more details about the format of the logs, see Audit log schema and Actions.
Audit log retention
The following recommendations help you retain audit logs to meet your organization’s governance and compliance obligations:- If you must retain audit logs for a specific period of time, W&B recommends periodically transferring logs to long-term storage, either with storage buckets or the Audit Logging API.
- If you are subject to the Health Insurance Portability and Accountability Act of 1996 (HIPAA), you must retain audit logs for a minimum of 6 years in an environment where no internal or external actor can delete or modify them before the end of the mandatory retention period. For HIPAA-compliant Dedicated Cloud instances with BYOB, you must configure guardrails for your managed storage, including any long-term retention storage.
Audit log schema
Use this schema to interpret the fields returned in each audit log entry. The following table shows all keys that can appear in an audit log entry, ordered alphabetically. Depending on the action and the circumstances, a specific log entry may include only a subset of the possible fields.Personally identifiable information (PII)
Personally identifiable information (PII), such as email addresses and the names of projects, teams, and reports, is available only with the API endpoint option:- For Self-Managed and Dedicated Cloud, an organization admin can exclude PII when fetching audit logs.
- For Multi-tenant Cloud, the API endpoint always returns relevant fields for audit logs, including PII. This isn’t configurable.
Before you begin
Before you fetch audit logs, confirm that you meet the following prerequisites for your deployment type:-
Organization-level admins can fetch audit logs. If you receive a
403error, ensure that you or your service account has adequate permission. -
Multi-tenant Cloud: If you’re a member of multiple Multi-tenant Cloud organizations, you must configure the Default API organization, which determines where audit logging API calls are routed. Otherwise, you receive the following error:
To specify your default API organization:
- Click your profile image, then click User Settings.
- For Default API organization, select an organization.
Fetch audit logs
To retrieve audit logs from the W&B Audit Logging API, follow these steps. After you complete this procedure, you have a set of newline-separated JSON objects you can analyze using your preferred tooling.-
Determine the correct API endpoint for your instance:
- Self-Managed:
[WANDB-PLATFORM-URL]/admin/audit_logs - Dedicated Cloud:
[INSTANCE-NAME].wandb.io/admin/audit_logs - Multi-tenant Cloud (Enterprise required):
https://api.wandb.ai/audit_logs
[API-ENDPOINT]with your API endpoint. - Self-Managed:
-
Optional: Construct query parameters to append to the endpoint. In the following steps, replace
[PARAMETERS]with the resulting string.anonymize: If the URL includes the parameteranonymize=true, W&B removes any PII. Otherwise, PII is included. Refer to Exclude PII when fetching audit logs. Not supported for Multi-tenant Cloud, where all fields are included, including PII.- Configure the date window of logs to fetch with a combination of
numDaysandstartDate. Each parameter is optional, and they interact.- If neither parameter is included, only today’s logs are fetched.
numDays: An integer that indicates the number of days backward fromstartDateto fetch logs. If you omit it or set it to0, logs are fetched forstartDateonly. On Multi-tenant Cloud, you can fetch a maximum of 7 days of audit logs, even if you setnumDaysto a larger value.startDate: Optional. UsestartDate=YYYY-MM-DDto set the newest calendar day in the range. If you omit it or set it to today, the range ends today andnumDayscounts backward from that day.- Supported in Multi-tenant Cloud only with an Enterprise license.
- Supported in Dedicated Cloud and Self-Managed v0.80.0 and above.
-
Construct the fully qualified endpoint URL in the format
[API-ENDPOINT]?[PARAMETERS]. -
Execute an HTTP
GETrequest on the fully qualified API endpoint with a web browser or a tool like Postman, HTTPie, or cURL.
/wandb-audit-logs directory in your bucket.
Use basic authentication
You must authenticate each request to the audit logs API. To use basic authentication with your API key to access the audit logs API, set the HTTP request’sAuthorization header to the string Basic followed by a space, then the base64-encoded string in the format [USERNAME]:[API-KEY]. In other words, replace the username and API key with your values separated with a : character, then base64-encode the result. For example, to authorize as demo:p@55w0rd, set the header to Authorization: Basic ZGVtbzpwQDU1dzByZA==.
Exclude PII when fetching audit logs
For Self-Managed and Dedicated Cloud, a W&B organization or instance admin can exclude PII when fetching audit logs. For Multi-tenant Cloud, the API endpoint always returns relevant fields for audit logs, including PII. This isn’t configurable. To exclude PII, pass theanonymize=true URL parameter. For example, to get audit logs for user activity within the last week and exclude PII, if your W&B instance URL is https://mycompany.wandb.io, use an API endpoint like:
Actions
Each audit log entry records one of the following actions. Use this reference to interpret theaction field in a log entry. The following table describes possible actions that W&B can record, sorted alphabetically.
1: On Multi-tenant Cloud, audit logs are not collected for:
- Open or Public projects.
- The
report:readaction. Useractions that aren’t tied to a specific organization.