How-to

Read the audit log

Applies to: .NET SDK Last updated: 2026-06-11

Where the audit log goes

The SDK writes audit events through the standard .NET logging system. Events appear wherever your ILoggerFactory sends them:

What gets logged

EventLevel
Policy reloaded (reason, rule count)Information
Policy rule added or removedInformation
Authorization decision (deny details)Information
Last rule removed (warning)Warning
Swarm mode enabledInformation
Lock acquired / released / reclaimedInformation

Routing to Serilog

using Serilog;

Log.Logger = new LoggerConfiguration()
    .WriteTo.File("agent-audit.log")
    .CreateLogger();

var factory = LoggerFactory.Create(b => b.AddSerilog());
var logger = factory.CreateLogger<Program>();

var client = new Client();
// Pass the logger to the authorization provider
var policies = new CasbinAuthorizationProvider("policy.csv", logger);
client.UseAuthorizationProvider(policies);

See also