How to View Audit Logs in Slack?

You need an Enterprise Grid subscription

Reading time icon 3 min. read


Readers help support Windows Report. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help Windows Report sustain the editorial team. Read more

View Audit Logs in Slack

If you need to track message edits, app integrations, or user permissions, you need to access and interpret Slack’s audit logs. This can help you maintain security within your Slack workspace and allows the admins to access detailed record of user actions so that they can monitor changes and ensure compliance with organization policies.

 You can check the audit logs directly in Slack or export the information as CSV or use the Audit logs API to develop customised monitoring tools.  In this guide, we’ll walk you through the steps for all.

How do I check audit logs on Slack?

1. View audit logs in Slack

  1. Launch Slack, then click your organization name from the sidebar.click organisation name in the sidebar. View Audit Logs in Slack
  2. Go to Tools & settings, then click Organization settings.
  3. From the left sidebar, click Security, then select Audit logs.
  4. You can filter the log entries by Acting userEventAffects or Date range from the drop-down menus and review the log entries as you like.

2. Download a CSV file

  1. Launch Slack, then click your organization name from the sidebar.
  2. Navigate to Tools & settings, then select Organization settings.
  3. From the left side pane, click Security, then choose Audit logs.
  4. Now, filter the log entries by Acting userEventAffects or Date range from the drop-down menus and review the log entries as you like.
  5. Click Export logs from the upper-right corner, then choose the formatting option from the drop-down menu to download the logs on your device.

3. Use the Audit Logs API

Note icon NOTE
The audit logs can be accessed by organization owners, administrators who have e Audit logs admin system role. Also, you need an Enterprise Grid subscription.

To monitor the audit events happening in an Enterprise Grid organization to make sure continued compliance and safeguard the workspace from any misuse.

To collect the Audit logs, you need a slack User token with auditlogs:read scope. And, to get this token, an application needs to be installed by the Owner of an Enterprise Grid organization .

Once the app is created and installed on the organizarion, you need to grant the auditlogs:read scope. Then, you can get Slack User Token from the apps OAuth page. You can get the detailed instructions on  Slack API Documentation.

In case you have issues like Slack won’t open on your device it could ne due the Slack servers, missing data files or outdated app; read this guide to learn more.

If you are not able to send a message from Slack, the reason could be corrupt cache file, or firewall interference; check out this guide to get quick solutions.

Were you able to get the audit logs on Slack? If so, share your experiences expressing how it was helpful for the ogranization in the comments section below.

More about the topics: Slack

User forum

0 messages