Audit log
The audit log page gives you a complete, time-ordered record of every change made in your Port organization. Use it to understand who did what, when, and whether it succeeded - whether you are troubleshooting a broken integration, investigating an unexpected catalog change, or meeting compliance requirements.
Tracked resources
The audit log is organized into tabs, each covering a different type of resource. Every create, update, or delete operation on the following resources generates a log entry:
| Tab | What is tracked |
|---|---|
| Entities | Creation, updates, and deletion of catalog entities across all blueprints. |
| Blueprints | Changes to blueprint definitions and their permissions. |
| Actions | Changes to self-service action definitions and their permissions. |
| Automations | Changes to automation definitions. |
| Scorecards | Changes to scorecard definitions. |
| Runs | Execution records for self-service action and automation runs. |
| Integrations | Integration lifecycle events such as installation, configuration changes, and removal. |
| Secrets | Creation, updates, and deletion of Port secrets. |
In addition to explicit user and API operations, log entries are also created when Port's automation engine or a timer property triggers a change. These entries appear with the appropriate source indicator.
Log entry fields
Each row in the table represents one audit event. The columns shown depend on the active tab - for example, the Entities tab shows a Blueprint and an Entity column, while the Integrations tab shows an Integration column instead.
The following columns appear across all tabs:
| Column | Description |
|---|---|
| Date | The timestamp of the event, in your local timezone. |
| Source | Who or what triggered the change. This can be a specific user (shown with their name or email), an integration, or a webhook. |
| Operation | The type of change: Create, Update, Delete, or Timer Expired. |
| Type | The origin system that performed the change. See source types below. |
| Status | Whether the operation succeeded or failed. |
| Error | If the operation failed, a short description of the error. |
The Entities tab includes one additional column:
| Column | Description |
|---|---|
| Run ID | If the entity change was triggered by a self-service action run, this links directly to that run. |
Source types
The Type column identifies which system or integration performed the change. Possible values include:
UI- a change made directly through Port's user interface.API- a change made via Port's REST API (for example, from a CI/CD pipeline or script).WEBHOOK- a change triggered by an incoming webhook.K8S EXPORTER- a change synced from the Kubernetes exporter.GITHUB EXPORTER/BITBUCKET EXPORTER/GITLAB EXPORTER- a change synced from a Git exporter.GITHUB GITOPS/BITBUCKET GITOPS- a change synced via GitOps.GH ACTION- a change triggered from a GitHub Actions workflow.AWS EXPORTER- a change synced from the AWS exporter.TERRAFORM- a change applied using Port's Terraform provider.PULUMI- a change applied using Port's Pulumi provider.CODEFRESH- a change triggered from a Codefresh pipeline.AGGREGATION PROPERTY- a change computed by an aggregation property recalculation.PORT AUTOMATION- a change triggered by Port's automation engine.PORT INTERNAL- a change performed by Port's internal systems.
Viewing change details
Each log entry can be expanded to view a diff showing the exact state of the resource before and after the change. Click the expand icon at the left edge of a row to open the diff view.
The diff is not available for entries that represent read-only events or entries where Port did not capture a before/after snapshot.
Filtering and sorting
The audit log table supports standard table controls:
- Sort by any column by clicking the column header.
- Filter rows by clicking the filter icon in the table header and adding filter rules.
- Hide or reorder columns using the column settings.
Access control
The audit log page is accessible only to admin users. Admins can reach it via the Builder > Audit log menu in the sidebar.
Non-admin users cannot access the audit log page, but they can view the history of their own action runs:
- Click My inbox in the sidebar.
- In the modal that opens, select the Runs tab.
- The list shows all action runs initiated by the current user, along with their status and audit details.
Limitations
The audit log page displays the last 1,000 entries.
To query beyond this limit or run automated queries, use the API.
Data retention
Audit log entries are retained for 90 days by default. Entries older than 90 days are automatically removed.
Sign-in and account access logs are retained for 30 days. For more details on Port's data retention policies, see Security & compliance.
Querying via the API
You can retrieve audit log entries programmatically using Port's REST API.
For the full parameter reference and available filters, see Get audit logs.