← Back to Blog
engineering · compliance

Zero-Config Audit Logging: Compliance Without the Pain

Flux TeamMarch 08, 20263 min read

The compliance conversation follows a predictable script. Your enterprise prospect asks: “Do you have audit logs?” You say “yes” — because you have logs, technically — and then you spend the next two weeks scrambling to make them actually useful.

Auditors don’t want your application logs. They want a structured, queryable record of who did what, when, from where, and what the result was. They want to be able to ask “show me every privileged action taken by any user in the last 90 days” and get a clean answer. They want evidence that the log itself hasn’t been tampered with. And increasingly, they want to be able to pull a report without filing a support ticket with your engineering team.

What Auditors Actually Want

When a SOC 2 auditor reviews your audit logging controls, they’re looking for specific properties:

  • Structured events — not free-text log lines, but machine-readable records with consistent fields: timestamp, actor, action, resource, outcome, IP address
  • Completeness — coverage of security-relevant operations (auth events, permission changes, data exports, admin actions)
  • Immutability — evidence that the log cannot be silently edited or deleted
  • Exportability — the ability to pull logs into your SIEM, send them to a reviewer, or attach them to an audit report
  • Tenant scoping — for multi-tenant systems, the ability to produce a per-customer activity report on demand

What Most Teams Build

The typical implementation is an audit_logs database table. It has columns for user_id, action, resource_id, timestamp, and maybe a metadata JSON blob. Engineers remember to insert into it when they remember to — which is most of the time, except for the cases auditors actually care about.

The result: partial coverage, inconsistent structure, no tamper evidence, and a painful manual process every time someone needs to generate a report.

Flux’s Approach: Automatic, Structured, Always On

Because Flux handles auth, billing, feature flags, and configuration — the exact operations that matter for compliance — every Flux operation is automatically logged with full context. There is no instrumentation to add. There is no table to maintain.

A typical Flux audit event looks like:

{
  "timestamp": "2026-03-08T14:32:01Z",
  "actor": { "user_id": "usr_abc123", "email": "alice@acme.com" },
  "organization": { "id": "org_xyz", "name": "Acme Corp" },
  "action": "feature_flag.override.create",
  "resource": { "type": "flag", "id": "new-billing-flow" },
  "outcome": "success",
  "ip_address": "203.0.113.42",
  "user_agent": "Mozilla/5.0 ..."
}

Every auth event, billing operation, flag evaluation override, config change, API key creation, and permission modification is logged in this format — automatically.

Export, Query, and Integrate

Audit logs are queryable via the Flux API with filters for time range, organization, actor, and action type. They’re exportable as JSON or CSV for attaching to audit reports. And they can be streamed to your SIEM via webhook or OTLP export — so they land in Splunk, Datadog, or wherever your security team already lives.

The Flux dashboard also provides a compliance-ready audit log viewer, filterable by tenant. When a customer asks “show me every action taken in our account,” you have an answer in seconds, not days.

What This Means for Your Compliance Team

Your compliance team will stop asking engineering for spreadsheets. The audit evidence is already there, already structured, already exportable. SOC 2 Type II prep goes from a multi-week scramble to a checkbox.

And when GDPR’s right-to-erasure requests come in, you have a per-tenant activity history that makes identifying and removing personal data a tractable problem — not a guesswork exercise across a dozen systems.

See the audit log API reference and check the compliance guide for SOC 2 and GDPR mapping.