Exporting Audit Logs
This guide explains how to export audit logs for your organisation in Thalassa Cloud. Audit logs provide a record of all actions performed within your organisation for compliance, security monitoring, and troubleshooting use cases.
Prerequisites
tcloudCLI installed and configured- Authenticated with a personal access token or OIDC credentials
- Appropriate permissions to access audit logs in your organisation
For CLI installation and authentication, see the Installing tcloud CLI guide.
Overview
The tcloud audit export command allows you to export organisation audit logs to JSON files. You can filter logs by time range, actions, resources, users, and more. Exports can be split into daily, weekly, or monthly files for easier management.
Basic Export
Step 1: Export Recent Logs
Export audit logs from the past 7 days:
tcloud audit export --since 7d --output audit-logs.jsonThis creates a JSON file named audit-logs.json containing all audit logs from the past 7 days.
Step 2: Export to stdout
Export logs directly to stdout (useful for piping to other commands):
tcloud audit export --since 1d --output -Step 3: Verify Export
Check the exported file:
cat audit-logs.json | jq '. | length' # Count total entries
cat audit-logs.json | jq '.[0]' # View first entryTime Range Options
Using Duration (–since)
Export logs from a specific duration in the past:
# Last 24 hours
tcloud audit export --since 24h
# Last 7 days
tcloud audit export --since 7d
# Last 4 weeks
tcloud audit export --since 4w
# Last month
tcloud audit export --since 1mo
# Last year
tcloud audit export --since 1yUsing Date Range (–from and –to)
Export logs for a specific date range:
tcloud audit export \
--from 2024-01-01 \
--to 2024-01-31 \
--output january-2024-logs.jsonSplit Exports
Split large exports into separate files by time period:
Daily Split
tcloud audit export --since 30d --dailyThis creates separate files for each day (e.g., audit-logs-2024-01-01.json, audit-logs-2024-01-02.json).
Weekly Split
tcloud audit export --since 364d --weeklyThis creates separate files for each week.
Monthly Split
tcloud audit export --since 1y --monthlyThis creates separate files for each month.
Filtering Options
Filtering Options
You can filter exported audit logs using a variety of options. The table below summarizes the available filters:
| Filter Option | Description | Example Usage |
|---|---|---|
--action | Filter by action type (e.g., create, delete) | --action create |
--resource-type | Filter by resource types (e.g., virtual-machine) | --resource-type virtual-machine |
--user-identity | Filter by user identity ID | --user-identity <id> |
--service-account | Filter by service account ID | --service-account <id> |
--resource-identity | Filter by specific resource ID | --resource-identity <id> |
--response-status | Filter by HTTP response status (e.g., 200, 400) | --response-status 200 |
Below is a sample command that filters for specific actions (“create” and “delete”) from the past 7 days and outputs the results to a file:
tcloud audit export \
--since 7d \
--action create \
--action delete \
--output create-delete-logs.jsonRefer to the table above to combine different filters for your use case.
Search Text Filter
Search for specific text in audit logs:
tcloud audit export \
--since 7d \
--search-text "database" \
--output database-logs.jsonAdvanced Options
Custom Page Size
By default, audit log exports retrieve data in pages of 100 results. You may want to increase the page size to speed up exports for large result sets, or decrease it if you are experiencing timeout errors or unstable network conditions.
tcloud audit export \
--since 7d \
--page-size 500 \
--output audit-logs.jsonChunk Download Timeout
If you are exporting very large sets of logs and some downloads are timing out, you can increase the chunk download timeout to allow more time for each batch of results to be fetched from the server. This is useful for slow or unreliable network connections, or very large datasets.
tcloud audit export \
--since 1y \
--chunk-download-timeout 10m \
--output yearly-logs.jsonReferences
- tcloud CLI Reference — Complete CLI documentation for audit export
- Audit Logs Overview — Understanding audit logs in Thalassa Cloud
- Compliance Documentation — Compliance and security best practices