HomeFeaturesAudit Log
Complete History User + IP + Timestamp Auto-Refreshes

Audit Log

A complete record of every action — who did what, when, and from where. Like a security camera for your server.

What is it?
A timestamped trail of everything that happens

When something goes wrong on a server — a container stopped, a file was deleted, someone logged in at 3am — the first question is always "who did this and when?". Without a log, you're guessing. DevMonk's Audit Log records every action automatically. Every login, every docker restart, every file upload, every settings change — written down with the username, their IP address, and the exact time. You can scroll back and see the whole history at any time.

Any Action in DevMonk 🔑User login VPN peer added Container restarted File deleted 👤User created Every action auto-logged fire & forget SQLite Audit Log user • ip • action resource • timestamp GET /api/audit Audit Log Dashboard alice login 192.168.1.1 ✓ alice vpn.add 192.168.1.1 ✓ bob docker.stop 10.0.0.5 ✓ anon login 5.9.8.7 ✗ fail alice file.delete 192.168.1.1 ✓ auto-refreshes every 30 seconds
Use Cases
Why use the Audit Log?
🔍
Investigate who stopped a container
Filter by container name or scroll to last night — see exactly who hit Stop and when.
🕐
See last login time
Check when a user last accessed the dashboard and from which IP address.
📑
Compliance and accountability
For teams or clients that need a record of who touched what — it's all there.
👥
Track team actions
When multiple people have access, the audit log makes collaboration transparent and safe.
Before You Start
Requirements checklist
Logged in as owner or admin (viewers cannot see the audit log)
DevMonk agent running — logging is automatic, no setup required
Step-by-Step
How to view the Audit Log
1
Click "Audit" in the DevMonk sidebar
The Audit Log page loads, showing the 100 most recent events in reverse chronological order (newest first).
┌──────────────────────────────────────────────────────────────┐ │ AUDIT LOG ↻ refresh every 30s │ │ ──────────────────────────────────────────────────────── │ │ 2026-03-17 14:32:01 alice 192.168.1.45 LOGIN │ │ 2026-03-17 14:28:44 you 127.0.0.1 DOCKER_RESTART │ │ container: nginx │ │ 2026-03-17 13:55:12 alice 192.168.1.45 FILE_UPLOAD │ │ path: /opt/app/ │ │ 2026-03-17 12:10:09 you 127.0.0.1 USER_CREATED │ │ username: alice │ └──────────────────────────────────────────────────────────────┘
2
Scroll to browse history
Events are shown newest-first. Scroll down to go further back in time. The page shows the 100 most recent events at once.
3
Use Ctrl+F to search
Use your browser's built-in Find (Ctrl+F on Windows/Linux, Cmd+F on Mac) to search for a username, IP, or action keyword.
4
The page auto-refreshes every 30 seconds
You don't need to manually reload. New events appear automatically at the top of the list.
1
Same steps — Audit Log works identically on VPS
Navigate to your DevMonk URL → Audit. The interface and functionality are identical.
2
For VPS: check login IPs for unusual access
VPS environments are publicly accessible. Use the Audit Log to spot unexpected logins from unfamiliar IP addresses — a quick security check you can do in seconds.
Try it now
View the Audit Log
Open DevMonk → click "Audit" in the sidebar. You'll see every action you've taken so far. Try restarting a container or uploading a file, then come back — the new event will appear at the top within 30 seconds.
# In DevMonk:
Dashboard → Audit → scroll to see all events

# Use Ctrl+F (or Cmd+F on Mac) to search:
# Type "LOGIN" to find all login events
# Type a username to see their actions
Common Questions
FAQ
Audit logs are kept indefinitely — all time. They're stored in a local database on your server. There's no automatic purge. If storage becomes a concern on a very busy server over many years, you can manually trim the database.
Advanced filtering is coming soon. For now, use your browser's built-in Find (Ctrl+F / Cmd+F) to search the visible page. The 100 most recent events are loaded — if you need to search further back, you can view the raw log file via the Web Terminal.
Only owner and admin accounts can view the audit log. Viewer accounts do not have access to this page — they see a "Permission denied" message if they try to navigate to it.
All significant actions: user logins and logouts, container start/stop/restart, file uploads and deletions, service adds/removes, user creation and deletion, role changes, VPN peer adds/removes, and settings changes. Regular read operations (viewing status, browsing files without downloading) are not logged.
Next Steps
Explore related features
👥
Users & Access
Learn more →
🖥️
Fleet Dashboard
Learn more →
🐳
Docker Dashboard
Learn more →
⌨️
Web Terminal
Learn more →
← Users & Access Fleet Dashboard →