What does LLM audit logging capture?

Policy Gateway logs every policy decision with structured metadata: decision type, reason code, policy ID, user/project tags, rollout mode, triggered categories, and timestamp. Prompts and outputs are not logged by default.

Where can I export LLM audit logs?

Policy Gateway exports audit logs to Splunk HEC, Datadog Logs, Elastic, Amazon S3, and Azure Monitor (Log Analytics). Configure once and stream continuously.

Does LLM audit logging store prompts?

No. By default, Policy Gateway only stores policy decision metadata (decision, reason code, tags). Prompt and output content is not retained unless you explicitly enable content logging.

ComplianceEnterprise security

LLM audit logging for enterprise compliance.

Every AI decision. Every user. Every model.

Compliance teams need audit trails for AI decisions. Policy Gateway logs every policy decision with structured metadata and exports to the SIEM tools security teams already use.

See audit logs in action Security & privacy docs

Schema

What gets logged.

Every request through Policy Gateway generates a structured audit record with decision metadata, user / project tags, and policy context. Prompts and outputs are not logged by default.

Fields

decision: allow, rewrite, redact, escalate, refuse
reason_code: Structured code for why the decision was made
policy_id: Which policy version was applied
policy_user: User identifier for attribution
policy_project_id: Project / app identifier for chargeback
rollout_mode: shadow, canary, or enforce
triggered_categories: Which policy rules matched
timestamp: ISO 8601 timestamp

Sample audit record

{
  "timestamp": "2026-04-18T14:23:01.445Z",
  "policy_id": "secops-redteam-v2",
  "policy_user": "analyst-42",
  "policy_project_id": "client-acme-2026",
  "decision": "redact",
  "reason_code": "PII_REDACT",
  "rollout_mode": "enforce",
  "triggered_categories": ["pii_leak"],
  "model": "abliterated-model",
  "latency_ms": 312
}

Destinations

Export to the tools you already use.

Policy Gateway exports audit logs to enterprise SIEM and logging platforms. Configure once, stream continuously.

Splunk HEC

Stream to Splunk HTTP Event Collector for real-time dashboards and alerts.

Datadog Logs

Send to Datadog Logs API with source tagging for unified observability.

Elastic

Index to Elasticsearch for full-text search and Kibana visualization.

Amazon S3

Archive to S3 for long-term retention and Athena queries.

Azure Monitor

Send to Log Analytics workspace for Azure-native compliance workflows.

Use cases

Built for compliance teams.

Internal audits

Demonstrate AI governance controls with structured decision logs. Show reviewers which policies were enforced and why.

Incident investigation

Trace any AI decision back to the user, project, policy version, and triggered rules. Filter by reason code to find patterns.

Usage chargeback

Attribute AI usage to teams and projects. Export to finance systems for internal billing.

Policy change tracking

Every policy revision is logged. Compare decisions before and after policy changes to measure impact.

See audit logging in action.

Run a Policy Gateway simulation and view the audit trail. No credit card required.

Try Policy Gateway View onboarding checklist