Organization Audit Logs

Collects and ingests organization audit logs from Sentry, providing visibility into significant organization activities including user actions, configuration changes, and security events.

Sync Type: Incremental

Details

This input collects organization audit logs from the Sentry API. It supports incremental sync with automatic pagination and handles rate limiting. The input tracks the last processed event timestamp to ensure only new events are collected on subsequent runs. Key features include:

• Incremental sync with state management
• Rate limiting compliance (40 requests per second)
• Support for both Sentry.io and self-hosted Sentry instances

Prerequisites

1. A Sentry organization with appropriate permissions
2. An Internal Integration with Organization permissions
3. An authentication token from the integration

Setup Instructions

1. Determine your Organization Slug:

   • Navigate to Settings > Organization > General Settings in your Sentry dashboard
   • Under General, find the Organization Slug
   • Copy this value for use when configuring the input

2. Create an Internal Integration:

   • In Sentry, navigate to Settings > Integrations
   • Click Create New Integration
   • Select Internal Integration

3. Configure Integration Details:

   • Choose a descriptive name (e.g., "Monad Audit Log Connector")
   • Set Permissions:
     • Organization: Read & Write
     • All other permissions should be set to: No Access
   • Leave all other settings as default
   • Click Save Changes

4. Generate Authentication Token:

   • Once the integration is created, scroll to the Tokens section
   • Click Add New Token
   • This will automatically generate a new token for the integration
   • Copy this token - you'll need it for configuring the input

Important: Store the authentication token securely and never commit it to version control.

Configuration

The following configuration defines the input parameters. Each field's specifications, such as type, requirements, and descriptions, are detailed below.

Settings

Setting	Type	Required	Default	Description
Organization Slug	string	Yes	-	The ID or slug of the organization
Host Name	string	No	"sentry.io"	For self-hosted instances, specify your hostname here. For Sentry.io, leave as default
Backfill Start Time	string	No	The date to start fetching data from. If not specified, no past records will be fetched.

Secrets

Secret	Type	Required	Description
Authentication Token	string	Yes	The authentication token from your Sentry Internal Integration

Note on Collection Behavior

The input follows an incremental collection pattern:

• First run: Collects all available audit logs
• Subsequent runs: Collects only new audit logs since the last successful run
• Rate limiting: Respects Sentry's API rate limits with built-in throttling

Data Collected

The audit logs include information about:

• Organization configuration changes
• User management activities (invitations, additions, removals)
• Project creation, modification, and deletion
• Team management operations
• API key and integration management
• Security-related events
• Member permission changes

Each audit log entry includes:

• Event type and description
• Actor information (user who performed the action)
• Target object details
• Timestamp of the event
• IP address of the action
• Additional contextual data

Troubleshooting

Common issues and their solutions:

1. Authentication failures

   • Verify the authentication token is correct and hasn't expired
   • Ensure the Internal Integration has proper Organization permissions
   • Check that the organization slug matches your Sentry organization

2. Connection issues

   • For self-hosted Sentry, verify the hostname is correct
   • Check network connectivity and firewall rules
   • Ensure proper SSL/TLS configuration

3. Rate limiting

   • The input implements automatic rate limiting handling
   • If you encounter rate limit errors, the input will automatically retry with appropriate delays
   • Consider adjusting collection frequency if needed

4. Missing events

   • Verify the Internal Integration has Organization read permissions
   • Check that the organization slug is correct
   • Ensure the integration token has sufficient privileges

Related Articles

• Sentry Internal Integrations Documentation
• Sentry API Documentation
• Organization Audit Logs API Reference

Sample Record

{
  "id": "198021612",
  "actor": {
    "id": "3842560",
    "name": "Peter Brown",
    "username": "john.doe@example.com",
    "email": "mike.brown@example.com",
    "avatarUrl": "https://gravatar.com/avatar/dcc6113cac6264c2221e40e1701550a04bda25ad1db205ddb44a0a0c042d7ad6?s=32&d=mm",
    "isActive": false,
    "hasPasswordAuth": true,
    "isManaged": false,
    "dateJoined": "2025-08-11T23:46:59.165714Z",
    "lastLogin": "2025-08-11T23:46:59.165719Z",
    "has2fa": true,
    "lastActive": "2025-08-11T23:46:59.165734Z",
    "isSuperuser": false,
    "isStaff": false,
    "emails": [
      {
        "id": "4021211",
        "email": "john.doe@example.com",
        "is_verified": true
      }
    ],
    "experiments": {},
    "avatar": {
      "avatarType": "gravatar",
      "avatarUuid": "06fbd07f-9fc2-cfe5-53b1-a22a90e91b50",
      "avatarUrl": "https://example.com/avatar/41f453a5-8078-5bac-aa3f-8b121d73e279"
    }
  },
  "event": "team.remove",
  "ipAddress": "73.221.75.16",
  "note": "edited the organization setting: disable_member_invite to True",
  "targetObject": 4509666605727747,
  "targetUser": "3842558",
  "data": {},
  "dateCreated": "2025-08-11T23:46:59.165961Z"
}