Audit Commands
Commands for exporting and working with SharkAuth audit logs.
Audit logs record all significant events in the system: user logins, agent token exchanges, admin operations, consent grants/revocations, and more.
All commands require a running server and admin credentials:
shark audit export
Export audit logs as CSV. Optionally filter by date range and write to a file.
Synopsis
Flags
| Flag | Type | Default | Description |
|---|---|---|---|
--since | string | (none) | Start date, RFC3339 or YYYY-MM-DD (maps to from in the API) |
--until | string | (none) | End date, RFC3339 or YYYY-MM-DD (maps to to in the API) |
--output / -o | string | (stdout) | Write CSV to this file path instead of stdout |
The server returns CSV by default. The command streams the response body directly to stdout or the output file — no buffering.
Examples
Output format
The server returns CSV with a header row. Typical columns:
id,actor_id,actor_type,action,target_id,target_type,ip_address,user_agent,created_at
Gotchas
- Without
--since/--until, the export includes all records. For large deployments this can be slow — always use date filters in production. - The progress message (
audit logs exported to <file>) is written to stderr, not stdout, so it does not corrupt CSV output when writing to a file. - The endpoint is
POST /api/v1/audit-logs/export(not GET) — the date filters are sent in the request body.
Notable Behaviors
Retention
SharkAuth does not automatically prune audit logs. Use --since/--until to export before archiving or rotating the database.
Streaming
The response is streamed directly — the command does not buffer the full CSV in memory, making it safe for large exports.