Audit Logs & Telemetry

Ephos provides comprehensive visibility into agent activity through immutable forensic logs, ensuring that every non-human interaction with your credentials is accounted for.

What is Logged?

For every request routed through the Ephos Gateway, we record:

• Timestamp: Precise ISO-8601 execution time.
• Identity: The specific Ephos Token ID used.
• Destination: The target hostname and path.
• Status: HTTP response code from the target API.
• Attribution: Agent labels and metadata provided in the request.

Forensic Snapshots (Plus/Pro)

Subscribers on higher tiers can enable Forensic Snapshots, which store the full request and response body in our secure R2 storage for 30 days. This allows for detailed post-incident analysis.

Agent Attribution

You can tag your requests with an optional X-Ephos-Agent-ID header to group logs by specific agent instances. This is critical for debugging complex multi-agent workflows.

Audit Tab

The Audit tab in your dashboard provides a real-time feed of these events. You can filter logs by token, domain, or date range to investigate suspicious activity or monitor usage patterns.

Exporting Logs

Pro and Enterprise users can export audit logs in JSON or CSV format via the dashboard or stream them directly to external SIEM tools (e.g., Datadog, Splunk) via our Webhook integration.