Events & Audit Logs
The Events system in Recoger provides a comprehensive, immutable record of every action taken within your tenant. Whether it's a user logging in, a device being updated, or a setting being changed, Recoger creates an event to track it.
Why Audit Logs Matter
- Security Auditing — Investigate suspicious activity or potential breaches
- Compliance — Meet requirements for SOC 2, GDPR, and ISO 27001
- Troubleshooting — Understand who changed a configuration and when
Accessing Audit Logs
You can view your organization's event history in the Audit Logs section of the Admin Dashboard.
- Log in to the Recoger Dashboard
- Navigate to Admin → Audit Logs in the sidebar
Understanding the Interface
The Audit Logs table displays the following information for each event:
| Column | Description |
|---|---|
| Event Name | A human-readable description of the action (e.g., "User Login Success", "Device Created") |
| Actor | The user or system component that performed the action |
| IP Address | The IP address from which the request originated |
| Location | Estimated geographic location based on the IP address |
| Date | Exact timestamp of when the event occurred (in your local time) |
Viewing Event Details
Clicking on any row in the table opens a detailed view pane. This provides:
- Event ID — A unique identifier for the specific event (useful for support)
- User Agent — Details about the browser and operating system used
- Metadata — Specific details about the change (e.g., "Field 'lockout_threshold' changed from '5' to '3'")
Filtering & Searching
To find specific events, use the filters at the top of the Audit Logs page:
- Date Range — Select a specific period (e.g., "Last 24 Hours", "Last 30 Days", or a custom range)
- Actor — Filter by a specific user email to see all actions performed by that person
- Event Type — Filter by category (e.g., "Authentication", "Device Management", "Settings")
- IP Address — Search for all activity from a specific IP
Data Retention
Recoger stores your audit logs for a specific period based on your subscription plan. Once an event exceeds this retention period, it is securely and permanently deleted.
| Plan | Retention Period |
|---|---|
| Free | 1 Day |
| Startup | 30 Days |
| Scaleup | 90 Days (extendable) |
Extending Retention (Scaleup Only)
Customers on the Scaleup plan can purchase retention add-ons to extend their audit log history.
- Go to Settings → Billing
- Click Extend Retention
- Each add-on adds 90 days of retention for €20/month
For example, to retain 1 year of audit logs, you would need 3 add-ons (90 base + 90×3 = 360 days) at €60/month extra.
Webhooks
For real-time monitoring, you can stream events to your own systems using Webhooks.
- Go to Settings → Webhooks
- Create a webhook endpoint to receive JSON payloads whenever an event occurs
- Secure your webhook using the provided Signing Secret to verify authenticity
Webhooks enable you to:
- Send alerts to Slack when critical changes occur
- Create tickets in Jira or other issue trackers
- Ingest events into your SIEM for centralized monitoring
- Trigger custom automation workflows
Event Types
Recoger tracks a wide range of events across different categories:
Authentication
- User login success/failure
- Password changes
- MFA enrollment and verification
- Passkey registration
- Session logout
Device Management
- Device created/updated/deprecated
- Compliance status changes
- Agent check-ins
Service Management
- Service created/updated/deleted
- Security reviews submitted
- Owner assignments changed
User Management
- User invited/created
- Role changes
- Account deactivation
Settings
- Tenant settings changed
- API key created/revoked
- Webhook configured
- Billing changes
API Access
You can also query audit logs programmatically via the API. See the API Reference for details on the /audit-logs endpoint.
Support
Need help investigating an event? Contact our security support team at security@recoger.app.