Skip to main content
Tenant logs provide a detailed audit trail of events in your Auth0 tenant, including authentication attempts, configuration changes, and errors.

List Logs

Retrieve tenant logs with optional filtering. 
func (c *Client) List(
    ctx context.Context,
    request *management.ListLogsRequestParameters,
    opts ...option.RequestOption,
) (*core.Page[*int, *management.Log, *management.ListLogOffsetPaginatedResponseContent], error)
request
*management.ListLogsRequestParameters
Optional query parameters for filtering logs
*core.Page[*int, *management.Log, *management.ListLogOffsetPaginatedResponseContent]
Paginated list of log entries

Example

page, err := managementClient.Logs.List(context.Background(), &management.ListLogsRequestParameters{
    PerPage: auth0.Int(50),
    Sort:    auth0.String("date:-1"), // Most recent first
})
if err != nil {
    // Handle error
}

for _, log := range page.Results {
    fmt.Printf("%s: %s - %s\n", 
        log.GetDate(), 
        log.GetType(), 
        log.GetDescription())
}

Get Log

Retrieve a specific log entry by ID. 
func (c *Client) Get(
    ctx context.Context,
    id string,
    opts ...option.RequestOption,
) (*management.GetLogResponseContent, error)
id
string
required
Unique identifier for the log entry
*management.GetLogResponseContent
Detailed log entry

Example

log, err := managementClient.Logs.Get(context.Background(), "90020221114154433068001111111111111")
if err != nil {
    // Handle error
}

fmt.Printf("Event: %s\n", log.GetType())
fmt.Printf("User: %s\n", log.GetUserName())
fmt.Printf("IP: %s\n", log.GetIP())
fmt.Printf("Description: %s\n", log.GetDescription())

Filtering Logs with Queries

Use Lucene query syntax to filter logs:

Filter by Event Type

page, err := managementClient.Logs.List(context.Background(), &management.ListLogsRequestParameters{
    Q: auth0.String("type:s"), // Successful login
})

Filter by User

page, err := managementClient.Logs.List(context.Background(), &management.ListLogsRequestParameters{
    Q: auth0.String("user_id:\"auth0|123456\""),
})

Filter by Date Range

page, err := managementClient.Logs.List(context.Background(), &management.ListLogsRequestParameters{
    Q: auth0.String("date:[2024-01-01 TO 2024-01-31]"),
})

Filter by Client

page, err := managementClient.Logs.List(context.Background(), &management.ListLogsRequestParameters{
    Q: auth0.String("client_id:\"abc123\""),
})

Multiple Filters

page, err := managementClient.Logs.List(context.Background(), &management.ListLogsRequestParameters{
    Q: auth0.String("type:f AND connection:\"Username-Password-Authentication\""),
})

Common Log Event Types

Authentication

  • s: Successful login
  • f: Failed login
  • fp: Failed login (incorrect password)
  • fu: Failed login (invalid email/username)
  • flo: Failed logout
  • slo: Success logout

Registration

  • ss: Success signup
  • fs: Failed signup

Password

  • pwd_leak: Breached password
  • pwd: Password change

API & Management

  • api_limit: Rate limit exceeded
  • mgmt_api_read: Management API read operation
  • mgmt_api_write: Management API write operation

Security

  • limit_wc: Blocked account
  • limit_ui: Too many calls to /userinfo
  • limit_mu: Blocked IP address

Complete Example: Monitoring Failed Logins

package main

import (
    "context"
    "fmt"
    "log"
    "time"
    
    "github.com/auth0/go-auth0/v2"
    "github.com/auth0/go-auth0/v2/management"
)

func main() {
    managementClient, err := management.New(
        "yourtenant.auth0.com",
        management.WithClientCredentials(clientID, clientSecret),
    )
    if err != nil {
        log.Fatal(err)
    }
    
    ctx := context.Background()
    
    // Get failed login attempts from the last hour
    oneHourAgo := time.Now().Add(-1 * time.Hour).Format(time.RFC3339)
    query := fmt.Sprintf("type:f AND date:[%s TO *]", oneHourAgo)
    
    page, err := managementClient.Logs.List(ctx, &management.ListLogsRequestParameters{
        Q:       auth0.String(query),
        PerPage: auth0.Int(100),
        Sort:    auth0.String("date:-1"),
    })
    if err != nil {
        log.Fatal(err)
    }
    
    fmt.Printf("Failed login attempts in the last hour: %d\n\n", len(page.Results))
    
    // Group by user
    userAttempts := make(map[string]int)
    for _, logEntry := range page.Results {
        username := logEntry.GetUserName()
        if username != "" {
            userAttempts[username]++
        }
    }
    
    // Show users with multiple failed attempts
    fmt.Println("Users with multiple failed attempts:")
    for username, count := range userAttempts {
        if count > 1 {
            fmt.Printf("  %s: %d attempts\n", username, count)
        }
    }
    
    // Show recent failed attempts with details
    fmt.Println("\nRecent failed login details:")
    for i, logEntry := range page.Results {
        if i >= 5 {
            break // Show only first 5
        }
        fmt.Printf("\n%s\n", logEntry.GetDate())
        fmt.Printf("  User: %s\n", logEntry.GetUserName())
        fmt.Printf("  IP: %s\n", logEntry.GetIP())
        fmt.Printf("  Client: %s\n", logEntry.GetClientName())
        fmt.Printf("  Reason: %s\n", logEntry.GetDescription())
    }
}

Best Practices

  1. Use Specific Queries: Filter logs to reduce data transfer and improve performance
  2. Implement Pagination: Process logs in batches for large result sets
  3. Monitor Critical Events: Set up alerts for security-relevant events (failed logins, rate limits)
  4. Archive Logs: Export and store logs for compliance and long-term analysis
  5. Rate Limiting: Be aware of API rate limits when retrieving large numbers of logs

Log Retention

Log retention periods vary by plan:
  • Free: 2 days
  • Developer: 2 days
  • Developer Pro: 10 days
  • Enterprise: 30 days or custom
For longer retention, export logs to external storage using the Management API or log streaming.

Build docs developers (and LLMs) love

Get started for freeTalk to us