advanced
Audit Logs
A tamper-evident log of every action taken in your Restore Hub account and on your Discord servers.
Overview
The Audit Log records every significant action: member verifications, pulls, backup operations, team member changes, settings updates, and security events. Each entry includes who performed the action, when, what changed, and from which IP address.
Accessing the Audit Log
Go to dashboard → Audit Log. The log is searchable and filterable. Entries are retained for 90 days on all plans.
Log Entry Fields
| Field | Description |
|---|---|
| Timestamp | Date and time of the action (UTC) |
| Action | The type of action (see Action Types below) |
| Actor | The Restore Hub user who performed the action |
| Server | The Discord server the action relates to (if applicable) |
| Target | The specific entity affected (member ID, backup ID, etc.) |
| Metadata | Additional context (old values, new values, error details) |
| IP Address | The IP address of the actor at the time |
Action Types
Account
- ACCOUNT_UPDATED — Profile settings changed (display name, email, password)
- PLAN_UPGRADED / PLAN_DOWNGRADED — Subscription changed
- API_KEY_REGENERATED — API key was rotated
- MFA_ENABLED / MFA_DISABLED — Two-factor auth toggled
Servers & Bots
- SERVER_ADDED / SERVER_REMOVED — Discord server connected or disconnected
- BOT_ADDED / BOT_REMOVED — Custom bot created or deleted
- BOT_UPDATED — Bot credentials or settings changed
- SERVER_SETTINGS_UPDATED — Server security or verification settings changed
Members
- MEMBER_VERIFIED — A member completed verification
- MEMBER_KICKED — A member was kicked via the dashboard
- MEMBER_BLACKLISTED — A member was added to the blacklist
- MEMBER_UNBLACKLISTED — A member was removed from the blacklist
- MASS_VERIFY — The mass verify action was run on a server
Backups
- BACKUP_CREATED — A manual or scheduled backup was created
- BACKUP_RESTORED — A backup was restored to a server
- BACKUP_DELETED — A backup was deleted
Pulls
- PULL_STARTED — A member pull job was initiated
- PULL_COMPLETED — A pull job finished
- PULL_CANCELLED — A pull job was cancelled
Security
- FIREWALL_RULE_ADDED / FIREWALL_RULE_REMOVED — Firewall rule changed
- WHITELIST_RULE_ADDED / WHITELIST_RULE_REMOVED — Whitelist rule changed
- ANTI_NUKE_TRIGGERED — Anti-nuke protection fired
- ANTI_RAID_TRIGGERED — Anti-raid protection fired
Team
- TEAM_MEMBER_INVITED — A team invite was sent
- TEAM_MEMBER_ADDED — A team invite was accepted
- TEAM_MEMBER_REMOVED — A team member was removed
- TEAM_PERMISSIONS_UPDATED — Team member permissions changed
Filtering & Search
Filter the audit log by:
- Date range
- Action type
- Actor (team member)
- Server
Search by target ID (Discord user ID, backup ID, etc.) to trace the full history of a specific entity.
Exporting
Export the audit log as CSV for any date range. Useful for compliance, incident investigation, or sharing with a security auditor.