Skip to main content
Every file read and tool call is logged. Use audit logs to understand agent behavior, debug issues, and maintain compliance.

What’s logged

EventDescription
file.readAgent read a file
file.listAgent listed a directory
tool.callAgent invoked a tool
tool.errorTool call failed
permission.deniedAccess was blocked

View logs

airstore logs

2024-01-15 10:30:00  file.read   sources/gmail/inbox/001.eml         agent=claude
2024-01-15 10:30:01  file.read   sources/gmail/inbox/002.eml         agent=claude
2024-01-15 10:30:05  tool.call   github/create-issue                 agent=claude
2024-01-15 10:30:06  file.list   sources/linear/bugs/                agent=claude

Filter logs

# By time range
airstore logs --since="1 hour ago"
airstore logs --since="2024-01-15" --until="2024-01-16"

# By event type
airstore logs --type=tool.call
airstore logs --type=file.read

# By path
airstore logs --path="sources/gmail/*"

# By agent
airstore logs --agent=claude

# Combine filters
airstore logs --type=tool.call --since="1 hour ago"

Dashboard view

The Airstore dashboard provides a visual log viewer:
  1. Open the dashboard
  2. Go to Audit Logs
  3. Filter by time, type, path, or agent
  4. Click any entry for details

Log details

Get full details for a specific event: 
airstore logs --id=evt_abc123 --verbose

id: evt_abc123
timestamp: 2024-01-15T10:30:05Z
type: tool.call
tool: github
command: create-issue
arguments:
  repo: acme/api
  title: "Bug: Login fails"
  body: "Steps to reproduce..."
result:
  id: 142
  url: https://github.com/acme/api/issues/142
agent: claude
session: sess_xyz789
duration_ms: 234

Export logs

Export logs for external analysis: 
# JSON format
airstore logs --since="7 days ago" --format=json > logs.json

# CSV format
airstore logs --since="7 days ago" --format=csv > logs.csv

Log retention

PlanRetention
Free7 days
Pro30 days
Enterprise1 year
For self-hosted deployments, configure retention in config.yaml: 
audit:
  retention_days: 90

Alerts

Set up alerts for specific events: 
# Alert on tool errors
airstore alerts create \
  --name="tool-errors" \
  --type=tool.error \
  --webhook="https://your-webhook.com"

# Alert on permission denied
airstore alerts create \
  --name="access-denied" \
  --type=permission.denied \
  --webhook="https://your-webhook.com"

Compliance

For compliance requirements:
  • Immutable logs: Logs cannot be modified or deleted
  • Timestamps: UTC with millisecond precision
  • Integrity: Logs are cryptographically signed
  • Export: Full export available for auditors

Next steps

Hiding folders

Control what agents can see.

Self-hosting

Run your own Airstore instance.