LLM governance / policy control planeCompliance

Export Policy Gateway audit logs to Datadog Logs

Send Policy Gateway audit logs to Datadog Logs for SIEM search, dashboards, and retention.

Route Policy Gateway audit logs into Datadog Logs so security teams can monitor AI decisions in their existing dashboards.

Exports are available on enterprise plans; contact help@abliteration.ai to enable a log export sink.

Updated Jan 16, 2026Compliance integrations

Quick start

Example request
{
  "destination": "datadog_logs",
  "endpoint": "https://http-intake.logs.datadoghq.com/api/v2/logs",
  "api_key": "$DD_API_KEY",
  "service": "policy-gateway",
  "ddsource": "policy-gateway",
  "tags": ["env:prod", "team:platform"]
}

Service notes

  • Pricing model: Usage-based pricing (~$5 per 1M tokens) billed on total tokens (input + output). See the API pricing page for current plans.
  • Data retention: No prompt/output retention by default. Operational telemetry (token counts, timestamps, error codes) is retained for billing and reliability.
  • Compatibility: OpenAI-style /v1/chat/completions request and response format with a base URL switch.
  • Latency: Depends on model size, prompt length, and load. Streaming reduces time-to-first-token.
  • Throughput: Team plans include priority throughput. Actual throughput varies with demand.
  • Rate limits: Limits vary by plan and load. Handle 429s with backoff and respect any Retry-After header.

What gets exported

#

Policy Gateway audit logs include consistent decision metadata for compliance reviews.

  • policy_id, decision, effective_decision, reason_code
  • policy_user, project_id, policy_target for audit trails
  • rollout_mode, enforced for rollout tracking
  • triggered_categories, allowlist_hits, denylist_hits
  • model, created_at, and optional data classification tags

Export configuration

#

Use the Datadog logs HTTP intake endpoint with an API key.

  • Create a Datadog API key for log intake.
  • Choose the regional intake endpoint for your Datadog site.
  • Set service, ddsource, and ddtags for routing and dashboards.
  • Send each audit log as a JSON object in the request body.

Sample Datadog log payload

#

Datadog logs accept JSON objects with a message plus structured fields.

Sample Datadog log payload
{
  "message": "policy decision: rewrite",
  "service": "policy-gateway",
  "ddsource": "policy-gateway",
  "ddtags": "env:prod,team:platform,project:support-bot",
  "policy": {
    "policy_id": "support-guardrails",
    "decision": "rewrite",
    "effective_decision": "rewrite",
    "reason_code": "REWRITE",
    "policy_user": "user-12345",
    "project_id": "support-bot",
    "policy_target": "support-bot",
    "rollout_mode": "enforced",
    "enforced": true,
    "triggered_categories": ["self-harm/intent"],
    "allowlist_hits": ["refund policy"],
    "denylist_hits": [],
    "model": "abliterated-model",
    "created_at": "2026-01-16T18:22:11Z"
  }
}

Verification checklist

#
  • Filter logs by service:policy-gateway in Datadog.
  • Build a dashboard by policy.decision and policy.reason_code.
  • Alert on spikes in policy.decision:refuse or policy.decision:escalate.

Common errors & fixes

  • 401 Unauthorized: Check that your API key is set and sent as a Bearer token.
  • 404 Not Found: Make sure the base URL ends with /v1 and you call /chat/completions.
  • 400 Bad Request: Verify the model id and that messages are an array of { role, content } objects.
  • 429 Rate limit: Back off and retry. Use the Retry-After header for pacing.

Related links