Skip to content

advanced

Audit Logs

A tamper-evident log of every action taken in your Restore Hub account and on your Discord servers.

Overview

The Audit Log records every significant action: member verifications, pulls, backup operations, team member changes, settings updates, and security events. Each entry includes who performed the action, when, what changed, and from which IP address.

Accessing the Audit Log

Go to dashboard → Audit Log. The log is searchable and filterable. Entries are retained for 90 days on all plans.

Log Entry Fields

| Field | Description |
|---|---|
| Timestamp | Date and time of the action (UTC) |
| Action | The type of action (see Action Types below) |
| Actor | The Restore Hub user who performed the action |
| Server | The Discord server the action relates to (if applicable) |
| Target | The specific entity affected (member ID, backup ID, etc.) |
| Metadata | Additional context (old values, new values, error details) |
| IP Address | The IP address of the actor at the time |

Action Types

Account

  • ACCOUNT_UPDATED — Profile settings changed (display name, email, password)
  • PLAN_UPGRADED / PLAN_DOWNGRADED — Subscription changed
  • API_KEY_REGENERATED — API key was rotated
  • MFA_ENABLED / MFA_DISABLED — Two-factor auth toggled

Servers & Bots

  • SERVER_ADDED / SERVER_REMOVED — Discord server connected or disconnected
  • BOT_ADDED / BOT_REMOVED — Custom bot created or deleted
  • BOT_UPDATED — Bot credentials or settings changed
  • SERVER_SETTINGS_UPDATED — Server security or verification settings changed

Members

  • MEMBER_VERIFIED — A member completed verification
  • MEMBER_KICKED — A member was kicked via the dashboard
  • MEMBER_BLACKLISTED — A member was added to the blacklist
  • MEMBER_UNBLACKLISTED — A member was removed from the blacklist
  • MASS_VERIFY — The mass verify action was run on a server

Backups

  • BACKUP_CREATED — A manual or scheduled backup was created
  • BACKUP_RESTORED — A backup was restored to a server
  • BACKUP_DELETED — A backup was deleted

Pulls

  • PULL_STARTED — A member pull job was initiated
  • PULL_COMPLETED — A pull job finished
  • PULL_CANCELLED — A pull job was cancelled

Security

  • FIREWALL_RULE_ADDED / FIREWALL_RULE_REMOVED — Firewall rule changed
  • WHITELIST_RULE_ADDED / WHITELIST_RULE_REMOVED — Whitelist rule changed
  • ANTI_NUKE_TRIGGERED — Anti-nuke protection fired
  • ANTI_RAID_TRIGGERED — Anti-raid protection fired

Team

  • TEAM_MEMBER_INVITED — A team invite was sent
  • TEAM_MEMBER_ADDED — A team invite was accepted
  • TEAM_MEMBER_REMOVED — A team member was removed
  • TEAM_PERMISSIONS_UPDATED — Team member permissions changed

Filtering & Search

Filter the audit log by:

  • Date range
  • Action type
  • Actor (team member)
  • Server

Search by target ID (Discord user ID, backup ID, etc.) to trace the full history of a specific entity.

Exporting

Export the audit log as CSV for any date range. Useful for compliance, incident investigation, or sharing with a security auditor.