โจ Audit Logs
As a Proxy Admin, you can check if and when a entity (key, team, user, model) was created, updated, deleted, or regenerated, along with who performed the action. This is useful for auditing and compliance.
LiteLLM tracks changes to the following entities and actions:
- Entities: Keys, Teams, Users, Models
- Actions: Create, Update, Delete, Regenerate
Requires Enterprise License, Get in touch with us here
Usageโ
1. Switch on audit Logsโ
Add store_audit_logs to your litellm config.yaml and then start the proxy
litellm_settings:
  store_audit_logs: true
2. Make a change to an entityโ
In this example, we will delete a key.
curl -X POST 'http://0.0.0.0:4000/key/delete' \
    -H 'Authorization: Bearer sk-1234' \
    -H 'Content-Type: application/json' \
    -d '{
        "key": "d5265fc73296c8fea819b4525590c99beab8c707e465afdf60dab57e1fa145e4"
    }'
3. View the audit log on LiteLLM UIโ
On the LiteLLM UI, navigate to Logs -> Audit Logs. You should see the audit log for the key deletion.
Advancedโ
Attribute Management changes to Usersโ
Call management endpoints on behalf of a user. (Useful when connecting proxy to your development platform).
1. Set LiteLLM-Changed-By in request headersโ
Set the 'user_id' in request headers, when calling a management endpoint. View Full List.
- Update Team budget with master key.
- Attribute change to 'krrish@berri.ai'.
๐ Key change: Passing -H 'LiteLLM-Changed-By: krrish@berri.ai'
curl -X POST 'http://0.0.0.0:4000/team/update' \
    -H 'Authorization: Bearer sk-1234' \
    -H 'LiteLLM-Changed-By: krrish@berri.ai' \
    -H 'Content-Type: application/json' \
    -d '{
        "team_id" : "8bf18b11-7f52-4717-8e1f-7c65f9d01e52",
        "max_budget": 2000
    }'
2. Emitted Audit Logโ
{
   "id": "bd136c28-edd0-4cb6-b963-f35464cf6f5a",
   "updated_at": "2024-06-08 23:41:14.793",
   "changed_by": "krrish@berri.ai", # ๐ CHANGED BY
   "changed_by_api_key": "88dc28d0f030c55ed4ab77ed8faf098196cb1c05df778539800c9f1243fe6b4b",
   "action": "updated",
   "table_name": "LiteLLM_TeamTable",
   "object_id": "8bf18b11-7f52-4717-8e1f-7c65f9d01e52",
   "before_value": {
     "spend": 0,
     "max_budget": 0,
   },
   "updated_values": {
     "team_id": "8bf18b11-7f52-4717-8e1f-7c65f9d01e52",
     "max_budget": 2000 # ๐ CHANGED TO
   },
 }
API SPEC of Audit Logโ
idโ
- Type: String
- Description: This is the unique identifier for each audit log entry. It is automatically generated as a UUID (Universally Unique Identifier) by default.
updated_atโ
- Type: DateTime
- Description: This field stores the timestamp of when the audit log entry was created or updated. It is automatically set to the current date and time by default.
changed_byโ
- Type: String
- Description: The user_idthat performed the audited action. IfLiteLLM-Changed-ByHeader is passed thenchanged_by=<value passed for LiteLLM-Changed-By header>
changed_by_api_keyโ
- Type: String
- Description: This field stores the hashed API key that was used to perform the audited action. If left blank, it defaults to an empty string.
actionโ
- Type: String
- Description: The type of action that was performed. One of "create", "update", or "delete".
table_nameโ
- Type: String
- Description: This field stores the name of the table that was affected by the audited action. It can be one of the following values: LiteLLM_TeamTable,LiteLLM_UserTable,LiteLLM_VerificationToken
object_idโ
- Type: String
- Description: This field stores the ID of the object that was affected by the audited action. It can be the key ID, team ID, user ID
before_valueโ
- Type: Json?
- Description: This field stores the value of the row before the audited action was performed. It is optional and can be null.
updated_valuesโ
- Type: Json?
- Description: This field stores the values of the row that were updated after the audited action was performed