Admin activity logs
Admin activity logs record configuration changes made by members of your Cloudflare account. These logs are useful for auditing who changed a policy or setting and investigating unexpected configuration changes. Use these logs to monitor when a member creates, updates, or deletes configurations in your Zero Trust organization.
To view admin activity logs, log in to the Cloudflare dashboard ↗ and go to Zero Trust > Insights > Logs > Admin activity logs.
| Field | Description | Example Value |
|---|---|---|
| User who performed the action | josephli@cloudflare.com | |
| Product | Cloudflare product being modified | Tunnel |
| Resource | Specific resource type within the product | Route |
| Event | Action performed (Create, Update, Delete) | Create |
| Date | Timestamp of when the action occurred | April 30, 2026 • 12:19 AM |
| User IP Address | IP address of the user who made the change | 2a09:bac6:6447:523::83:30 |
| Interface | How the change was initiated | API |
| Audit record | Unique identifier for the audit log entry | caf1a547-17cc-484a-b4ce-5d3b32771a8f |
| Old value | Previous configuration state (empty for creates) | |
| New value | New configuration state after the change | JSON object with fields like comment, network, tun_type, tunnel_id, virtual_network_id |
Enterprise users can export admin activity logs to a third-party storage destination or SIEM using Logpush. For a list of all available fields, refer to Audit Logs V2.