Enterprise Audit Logs
Every action, attributed and immutable
Enterprise Audit Logs sit underneath every privileged action in LLM Gateway. When an admin rotates a provider key, removes a teammate, changes routing config, or downloads logs — it lands in an append-only audit stream with the actor, timestamp, IP, user-agent, and a structured diff of before/after state. Logs are filterable by user, resource, action, or time, exportable as CSV/JSON, and forwardable to your SIEM (Splunk, Datadog, Elastic) via webhook. Retention defaults to forever for enterprise plans.
Why teams turn it on
Append-only by design
Audit rows can't be edited or deleted from the dashboard — even by org owners. Cryptographic chaining detects tampering at the storage layer.
Actor + resource + diff
Every event records who, what, when, where, and a structured before/after diff — not just an action name.
SIEM forwarding
Stream audit events to Splunk, Datadog, Elastic, or any HTTPS endpoint. Replay any window on demand.
Compliance-ready exports
One-click CSV/JSON exports scoped to a date range, user, or resource — formatted for SOC 2 and HIPAA auditors.
How it works
From decision to deployed in three short steps
- 01
Enable on your org
Audit logging is enabled on every enterprise org by default. No code changes — every privileged route is already instrumented.
- 02
Query in the dashboard
Filter by user, action, resource, or time range. Each row expands into the full structured diff.
- 03
Forward to your SIEM
Add a webhook URL in org settings. Events are POSTed in real time with retries and signed payloads.
Real-world use cases
Why customers actually adopt this
Security investigations
A key was rotated at 3:14 UTC. Who did it, from which IP, and what did the request look like? One query.
SOC 2 / HIPAA evidence
Hand your auditor a scoped export with full attribution — no screenshots, no reconstruction.
Insider-risk monitoring
Alert when admins access prod keys outside working hours or from unfamiliar geographies.
Frequently asked
- How long are audit logs retained?
- Enterprise plans get unlimited retention by default. We do not auto-prune. You can export and delete on your own schedule if needed for data-residency.
- Can audit logs be deleted?
- No — not by org owners, not by admins, not by support. Logs are append-only in storage. The only way to remove an entry is a full org-data deletion under our DPA.
- Do audit logs include LLM request bodies?
- Audit logs capture privileged-action metadata, not user prompts. Prompt/response logging is a separate setting under Activity Logs, which you control independently.
More enterprise capabilities
The rest of the enterprise stack
Per-Project Routing Overrides
Override global routing rules at the project level — region, provider order, fallback chain, and cost ceilings. Production stays pinned; experimental teams stay flexible.
Enterprise Guardrails
Server-side detection for prompt injection, PII, secrets, and policy violations. Configured centrally, enforced at the gateway, auditable per-request.
Discord & Slack Alerts
Native webhook integrations for Discord and Slack. Get the enterprise contact-sales form, billing events, guardrail trips, and SLA breaches in the channels your team already monitors.
Single Sign-On (SAML / OIDC)
SAML 2.0 and OIDC SSO with SCIM provisioning, group-based role mapping, and enforced-only access. No local credentials, no shared passkeys, no off-boarding gaps.
White-Label Chat & Playground
Embed or stand up a fully white-labeled chat app and playground under your own domain. Customize branding, default models, system prompts, and feature toggles.
Provider Compliance Policies
Define the certifications and data policies your providers must meet — SOC 2, ISO 27001, GDPR, no prompt training, no prompt logging — and the gateway refuses to route to anything that doesn't qualify.
See enterprise audit logs on your real workloads
Bring a sample workload to a 30-minute call. We'll wire it up live and show you the actual experience your team will get.