Access Logs

Updated

The access log is a per-request audit trail of agent-network traffic. Each entry records the caller, provider and model, tokens and cost, the policy decision, and the reason a request was allowed or denied.

agent network access logs table

Columns

  • Time
  • User / Agent — the resolved caller identity.
  • Auth Group — the groups that authorized the request.
  • Provider — resolved provider and model.
  • Tokens — input and output.
  • Cost
  • Status and Reason — for denials, the mapped policy reason; for allowed requests, a link to the policy that authorized it.

Sessions

Use the Requests / Sessions switch above the log to change the view. The Sessions view groups related requests into a single session and shows one row per session, most recent activity first — so you can see the latest sessions at a glance.

agent network access logs grouped by session

Some agents keep a session across many separate calls — for example, Claude Code tags every request in a coding session with the same session id. Agent Network groups those requests together, so a whole session shows up as one row with its totals instead of dozens of individual entries.

Each session row summarizes:

  • Activity — the session's time span, from its first request to its last.
  • User / Agent and Auth Group — the caller and the authorizing groups.
  • Provider — the provider and the model(s) used (e.g. 2 models; hover to see the full list).
  • Requests — how many requests the session made, and over what duration.
  • Tokens and Cost — summed across the whole session.
  • Reason — the session's policy decision; a denial if any request in the session was blocked.

Expand a session to see its individual requests — each with its timestamp, path, status, duration, model, tokens, and cost — and expand a request for its full detail (including the prompt and response when prompt capture is on).

Requests from agents that don't set a session id each appear as their own single-request row.

Filtering

agent network access log filters

Filter the log by:

  • Date — defaults to the last 14 days.
  • User
  • Group
  • Provider
  • Model
  • Path — match requests whose path starts with a given prefix (e.g. /v1/messages).

All filtering is applied server-side and works in both the Requests and Sessions views.

Availability

Access logs are retained only when log collection is enabled for the account. Usage and cost are still recorded when it's off — see Log Collection & Retention.