LLM governance / policy control planeCompliance

Export Policy Gateway audit logs to Azure Monitor / Log Analytics

Send Policy Gateway audit logs to Azure Monitor or Log Analytics workspaces for enterprise compliance.

Send Policy Gateway audit logs into Azure Monitor / Log Analytics so security teams can run KQL queries against AI decisions.

Exports are available on enterprise plans; contact help@abliteration.ai to enable a log export sink.

Updated Jan 16, 2026Compliance integrations

Quick start

Example request
{
  "destination": "azure_monitor",
  "workspace_id": "WORKSPACE_ID",
  "log_type": "PolicyGatewayAudit"
}

Service notes

  • Pricing model: Usage-based pricing (~$5 per 1M tokens) billed on total tokens (input + output). See the API pricing page for current plans.
  • Data retention: No prompt/output retention by default. Operational telemetry (token counts, timestamps, error codes) is retained for billing and reliability.
  • Compatibility: OpenAI-style /v1/chat/completions request and response format with a base URL switch.
  • Latency: Depends on model size, prompt length, and load. Streaming reduces time-to-first-token.
  • Throughput: Team plans include priority throughput. Actual throughput varies with demand.
  • Rate limits: Limits vary by plan and load. Handle 429s with backoff and respect any Retry-After header.

What gets exported

#

Policy Gateway audit logs include consistent decision metadata for compliance reviews.

  • policy_id, decision, effective_decision, reason_code
  • policy_user, project_id, policy_target for audit trails
  • rollout_mode, enforced for rollout tracking
  • triggered_categories, allowlist_hits, denylist_hits
  • model, created_at, and optional data classification tags

Export configuration

#

Use the Log Analytics Data Collector API with a workspace ID and shared key.

  • Create or reuse a Log Analytics workspace for audit logs.
  • Choose a custom log type like PolicyGatewayAudit.
  • Send JSON objects in an array to the Data Collector endpoint.

Sample Log Analytics payload

#

The Data Collector API accepts an array of JSON objects.

Sample Log Analytics payload
[
  {
    "TimeGenerated": "2026-01-16T18:22:11Z",
    "PolicyId": "support-guardrails",
    "Decision": "rewrite",
    "EffectiveDecision": "rewrite",
    "ReasonCode": "REWRITE",
    "PolicyUser": "user-12345",
    "ProjectId": "support-bot",
    "PolicyTarget": "support-bot",
    "RolloutMode": "enforced",
    "Enforced": true,
    "TriggeredCategories": ["self-harm/intent"],
    "AllowlistHits": ["refund policy"],
    "DenylistHits": [],
    "Model": "abliterated-model"
  }
]

Verification checklist

#
  • Query the custom table for Decision and PolicyId.
  • Build KQL alerts for spikes in refusal or escalation decisions.
  • Confirm workspace retention matches your compliance policy.

Common errors & fixes

  • 401 Unauthorized: Check that your API key is set and sent as a Bearer token.
  • 404 Not Found: Make sure the base URL ends with /v1 and you call /chat/completions.
  • 400 Bad Request: Verify the model id and that messages are an array of { role, content } objects.
  • 429 Rate limit: Back off and retry. Use the Retry-After header for pacing.

Related links