What is Audit Trail?
Audit Trail is Mergram’s built-in activity logging system that records every significant action taken across your team. It provides a comprehensive record of who did what, when, and from where — helping you maintain accountability, investigate issues, and meet compliance requirements.
Available on all plans
Audit Trail is included for all teams on both SaaS and self-hosted enterprise deployments. No additional configuration is required.
How to Access the Audit Trail
- Sign in to your Mergram account
- Navigate to Settings → Team
- Click View on the Audit Trail card
- You must be a team owner or admin to view the audit trail
What’s Tracked
The audit trail records the following action categories:
| Category | Actions Tracked |
|---|---|
| Authentication | Login, logout, registration, failed login attempts |
| Templates | Create, update, delete |
| Merge & Email | Job enqueued, completed, failed, cancelled |
| Team Management | Member invited, role changed, member removed |
| API Keys | Created, revoked, deleted |
| SMTP | Configuration saved, deleted |
| Media | File uploaded, deleted |
| Fonts | Font uploaded, deleted |
Each audit entry includes:
- Timestamp — When the action occurred
- Actor — Which user performed the action (or “System” for automated events)
- Action — The specific action type
- Resource — What was affected (template, job, user, etc.)
- IP Address — Where the request originated
- User Agent — The browser or client used
Filtering and Searching
The audit trail page provides several filters to help you find specific events:
- Action type — Filter by a specific action (e.g., “Template Deleted” or “Failed Login”)
- Resource type — Filter by what was affected (e.g., templates, jobs, API keys)
- Date range — Show events within a specific time period
Investigating suspicious activity
Use the date range filter combined with the “Failed Login” action to quickly identify potential unauthorized access attempts on your account.
Data Retention
Audit logs are automatically pruned after a configurable retention period:
| Deployment | Default Retention |
|---|---|
| SaaS | 90 days |
| Self-hosted | 90 days (configurable via AUDIT_RETENTION_DAYS) |
Self-hosted configuration
In self-hosted deployments, you can adjust the retention period by setting the AUDIT_RETENTION_DAYS environment variable. Set it to 0 to disable automatic pruning (retain indefinitely). Pruning runs once per day in the background worker.
Tips
- Regular reviews — Check the audit trail periodically to ensure team members are using resources appropriately.
- Failed logins — Monitor failed login attempts to detect brute-force attacks or misconfigured integrations.
- Template changes — Use the audit trail alongside template version history to understand the full context of template modifications.
- API key monitoring — Track when API keys are created, revoked, or deleted to maintain integration security.
Limitations
- Audit logs do not capture the content of uploaded files or generated PDFs — only metadata about the action.
- Audit log entries cannot be manually edited or deleted (except by the automatic retention pruning).