Skip to content
ANCHOR

Logs API

The Logs API supports investigation, review, and integration with external reporting workflows. Logs are most valuable when they explain privileged activity with user, resource, account, policy, result, and correlation context.

Query Dimensions

Section titled “Query Dimensions”

Useful filters include actor, actor type, resource, account, scope, policy, operation, status, result, event type, correlation ID, and time range.

Event Logs and Audit Logs

Section titled “Event Logs and Audit Logs”

Anchor separates operational events from audit records while keeping them connected through the same object model.

  • Event logs help operators troubleshoot activity such as verification, rotation, reconciliation, system activity, target failures, and workflow outcomes.
  • Audit logs preserve security-relevant actions such as secret reveal, machine retrieval, policy changes, session launch, component trust changes, setting updates, and administrative operations.
  • Log summaries turn raw activity into a quick operational picture: volume, severity, target types, error signals, security events, and health state.

Audit records are append-only and carry redacted metadata so evidence remains useful without exposing secret material.

Representative Examples

Section titled “Representative Examples”

The examples below use version-neutral shapes that illustrate the integration pattern.

Representative audit events can include authentication, policy, account, session, component, system setting, verification, rotation, reconciliation, and privileged-material activity.

Record Canonical event

Security-relevant records carry stable actor, target, result, and time context.

Signature Signed material

Integrity metadata helps reviewers see whether the record still deserves trust.

Chain Hash chain

Important events can be linked so quiet rewrite becomes harder to hide.

Review Review

The integrity story supports audit review without exposing secret material.

Sensitive Data

Section titled “Sensitive Data”

Logs should preserve operational context without exposing secrets. Audit metadata should support review while keeping secret material out of evidence payloads.

Useful metadata includes actor, actor type, target, target type, policy, scope, resource, account, component, result, reason, request ID, correlation ID, source IP, user agent, and timestamp. Sensitive metadata such as passwords, tokens, signatures, private keys, raw recording data, and plaintext secrets should stay out of logs and evidence exports.

Export

Section titled “Export”

Useful exports start with a review question, not a raw dump. Anchor’s strongest audit story comes from evidence that maps to operational decisions: who acted, which policy applied, what changed, what failed, what was denied, and which integrity signals support the record.