Jetty

Documentation for Jetty

Audit Logs and Activity

Know what happened, when, and who did it. Jetty's audit logs provide a comprehensive record of organization activity for security monitoring, compliance, and debugging.

Overview

Audit logs are timestamped records of every significant action in your organization.

Each log entry includes:

  • Who -- The user who performed the action
  • What -- The specific action taken
  • When -- Precise timestamp
  • Where -- IP address and user agent
  • Target -- The resource affected (tunnel, team, user, etc.)

Plans and Retention

Plan Retention
Harbor (free) 30 days
Coastal 90 days
Fleet 1 year

Accessing Audit Logs

  • Organization-level: Organization > Settings > Audit Logs
  • Team-level: Team > Settings > Audit Logs
  • Personal activity: Profile > Security

Permissions

  • Organization Owner/Admin -- All organization and team logs
  • Team Owner/Admin -- Their team's logs only
  • Team Member -- Their own security logs only

What Gets Logged

Authentication and Security

  • Login (successful and failed), logout, password changes/resets
  • 2FA enabled/disabled, recovery codes regenerated
  • Sessions revoked
  • API token creation, revocation, and scope changes
  • Failed authentication attempts, account lockouts, unusual login locations

Profile

  • Name, email, avatar, and notification preference changes

Team Management

  • Team created, renamed, deleted, settings updated
  • Member invited, accepted, revoked, added, removed, role changed
  • Organization owner transferred

Tunnels

  • Tunnel created, deleted, started, stopped, settings updated
  • Subdomain reserved, released, assigned, removed
  • Custom domain added, verified, removed, settings updated
  • SSL certificate issued/renewed
  • Basic auth, IP allowlist, request inspection, redaction rules changed

Billing

  • Plan upgraded/downgraded, subscription cancelled/resumed
  • Payment method added/removed/updated
  • Payment succeeded/failed, invoice generated, refund issued

Understanding Log Entries

Each entry uses a resource.verb naming convention:

user.login, user.logout, user.updated
team.created, team.member_added
tunnel.created, tunnel.deleted, tunnel.started
billing.subscription_upgraded, billing.payment_failed
security.two_factor_enabled, security.api_token_created

Example entry (JSON):

{
  "id": "log_1a2b3c4d5e6f",
  "timestamp": "2024-01-15T14:32:18Z",
  "actor": {
    "id": "user_abc123",
    "name": "Alice Chen",
    "email": "alice@example.com"
  },
  "action": "tunnel.deleted",
  "target": {
    "type": "tunnel",
    "id": "tunnel_xyz789",
    "name": "api-staging.tunnels.usejetty.online"
  },
  "context": {
    "ip_address": "203.0.113.42",
    "user_agent": "Mozilla/5.0...",
    "team_id": "team_456def",
    "team_name": "Engineering"
  },
  "metadata": {
    "reason": "No longer needed for testing"
  }
}

Filtering and Searching

Available filters:

  • Date range -- Presets (24h, 7d, 30d) or custom range
  • Actor -- Actions by a specific user
  • Action type -- Authentication, tunnel, team, billing, or security events
  • Resource -- Tunnel name, team name, or user email

Free-text search works across actor names/emails, action types, resource names, IP addresses, and metadata.

Use Cases

Security Monitoring

Monitor for failed login attempts from unfamiliar locations, API tokens created outside normal hours, unexpected permission changes, and multiple failed auth attempts.

During incident response, audit logs help identify compromised accounts, determine scope of unauthorized access, track attacker actions, and verify remediation.

Compliance

Audit logs support SOC 2, GDPR, HIPAA, ISO 27001, and PCI DSS requirements. Export logs for the audit period filtered by security and access control events.

Debugging

Answer questions like "Who deleted that tunnel?", "When did we change the custom domain?", or "Why can't Bob access this anymore?" by filtering on the relevant action type or resource name.

Best Practices

  • Review cadence: Daily for failed logins, weekly for permission changes, monthly for API token activity, quarterly for comprehensive review
  • Assign responsibility for monitoring logs and investigating suspicious activity
  • Export regularly to maintain history beyond your plan's retention period
  • Store exports securely (encrypted, access-controlled)
  • Add context when possible -- comment on deletions, document permission change reasons, note API token purposes

Exporting Audit Logs

Dashboard Export

  1. Apply desired filters
  2. Click Export (top right)
  3. Choose CSV, JSON, or PDF

API Export

# Get logs for a date range
curl -X GET "https://usejetty.online/api/organization/audit-logs?from=2024-01-01&to=2024-01-31" \
  -H "Authorization: Bearer YOUR_API_TOKEN" \
  -H "Accept: application/json"

# Filter by action type
curl -X GET "https://usejetty.online/api/organization/audit-logs?action=tunnel.deleted" \
  -H "Authorization: Bearer YOUR_API_TOKEN"

# Filter by actor
curl -X GET "https://usejetty.online/api/organization/audit-logs?actor_id=user_abc123" \
  -H "Authorization: Bearer YOUR_API_TOKEN"

# Pagination
curl -X GET "https://usejetty.online/api/organization/audit-logs?page=1&per_page=100" \
  -H "Authorization: Bearer YOUR_API_TOKEN"

Automated Daily Backup

#!/bin/bash
DATE=$(date -d "yesterday" +%Y-%m-%d)
curl -X GET "https://usejetty.online/api/organization/audit-logs?from=${DATE}&to=${DATE}" \
  -H "Authorization: Bearer ${JETTY_API_TOKEN}" \
  -o "audit-logs-${DATE}.json"

# Run daily at 2 AM
0 2 * * * /path/to/export-audit-logs.sh

Troubleshooting

"You don't have permission to view audit logs"

You need Organization Owner/Admin for org logs, Team Owner/Admin for team logs. Personal logs are at Profile > Security.

Logs are missing or incomplete

  • Logs may have exceeded your plan's retention period -- export regularly
  • Events before audit logging was enabled are not available

Export is too large

Break into smaller date ranges, use API pagination, or apply filters. Export by month instead of year.

Can't find a specific event

Verify the date range includes when the event occurred, check retention limits, try broader filters, and ensure you are viewing the correct team context. Note: page views and button clicks are not logged -- only state changes, auth events, permission changes, and billing events.

API rate limits

Use pagination, add delays between requests, and narrow date filters. Contact support for higher limits if needed.

Questions? Email support@usejetty.online or visit the Jetty Community.

Send feedback

Found an issue or have a suggestion? Let us know.