The activity log is a list of every important thing that's happened in your organization - who signed in, who got invited, who changed a role, who created an API key, who started or stopped a server, and so on. It's the place to look when you need to answer "wait, who did that?" or "when did this change?"
Only owners and admins can see it. Other roles don't see the Activity tab at all.
Before you start
- You need to be an owner or admin of the organization. If you're a Member, Billing, or Read-only role, the Activity tab won't appear for you.
1. Open the Organization Settings page
- In the sidebar on the left, find the Organization section.
- Click Settings under it. The Organization Settings page opens.
2. Click the Activity tab
- On the sidebar click on Org Settings.
- Click one the Details button.
- Click on Activity on the navigation bar at the top.
The activity feed loads, with the most recent events at the top.
3. Read a row
Each row in the feed is one thing that happened. Read it left to right:
- Avatar and name on the left: who did it. If that person has since left the organization, their name still shows on their old entries.
- Action label: what they did, written in plain English ("Member invited", "API key created", "VPS started").
- Detail line: exactly what they acted on. For a member invite, this is the email address. For an API key, the key name. For a server action, the hostname.
- Timestamp on the right: when it happened, shown in your local timezone.
4. Filter and search
Above the feed there are three controls you can use to narrow down what's shown.
- Search box on the left: type any text and the feed only shows rows where the action label or detail line matches. Useful for finding a specific server hostname, member email, or scope name.
- All members dropdown in the middle: click it to pick a single person. The feed will only show that person's actions. You can type in the dropdown to search by name or email.
- Date range pills on the right: five small buttons:
- 1h: last hour
- 1d: last day
- 1w: last week
- 1m: last month
- All: everything (this is the default)
Filters stack. If you pick a member and a date range, you get only that member's actions in that window.
5. Page through older activity
The feed shows 25 rows per page. At the bottom right there are two chevron buttons - a left one for the previous page, and a right one for the next page. Between them is a counter showing your position, like 1–25 of 312.
Click the right chevron to go further back in time. The left chevron returns you toward the present.
What is and isn't logged
Things that are logged:
- Member invites, accepts, removals, role changes.
- API key actions: create, edit, deactivate, reactivate, delete, IP allowlist changes.
- Security changes: turning on the 2FA requirement, claiming a domain.
- Billing actions: adding or removing payment methods, changing the default, paying an invoice.
- Server lifecycle: starting, stopping, rebooting, reinstalling, resizing, cancelling a VPS.
- BGP changes: peers, sessions, prefix-list edits.
- Account-level actions on members: SSH keys added or removed, sign-ins, password and email changes.
Things that aren't shown:
- Read-only API calls and page loads. These would flood the log with noise.
- Resources you've never had access to.
- Actions taken by Synteq support staff on behalf of your organization. Those exist on a separate internal log we keep for our own audit purposes.