Server operations
How to Check Discord Audit Logs and Investigate Server Changes
A source-backed workflow for server owners, admins, and moderation leads who need to understand a deletion, permission change, app installation, or other administrative action.
The short answer
Open the server menu in Discord's desktop or web app, select Server Settings, then Audit Log. Filter by the action or operator, open the relevant entries, and record their timestamps, targets, and reasons. You need View Audit Log or Administrator. Discord stores entries for 45 days.
Start with Discord's native Audit Log. It is the platform's source of record for administrative events. A bot can make a large result set easier to review, but it cannot restore data that Discord does not include.
How to open and check Discord's native Audit Log
- 1
Open the correct server
Use Discord's desktop or web app and select the server you manage. Audit logs belong to one server; they are not an account login history.
- 2
Open Server Settings
Select the server name or menu, then choose Server Settings. Avoid changing roles or channels while you are preserving an incident timeline.
- 3
Select Audit Log
If the item is unavailable, ask the owner to grant View Audit Log to a trusted investigation role. Administrator also includes this access, but it grants much more than the log requires.
- 4
Narrow the results
Use Discord's action and user filters to reduce noise. Begin with the affected object or suspected operator, then widen the window if the first entry was part of a sequence.
- 5
Expand and document the entry
Review the action, executor, target, time, and optional reason or change details. Preserve the relevant evidence before the 45-day retention window expires.
What does the Discord Audit Log record?
Discord creates an entry when an administrative action occurs. The entry has an event type and can include the executor, target, timestamp, reason, and event-specific changes. Discord warns that individual fields are not guaranteed, so treat missing details as unavailable evidence rather than proof that nothing happened.
| Event group | Examples | Useful for |
|---|---|---|
| Channels and permissions | Channel creation, updates, deletion, and permission-overwrite changes | Unexpected access, hidden channels, or structural changes |
| Roles and members | Role creation, edits, deletion, member role changes, kicks, bans, and moves | Privilege escalation, staff changes, and moderation disputes |
| Apps and integrations | Bot additions, integrations, webhooks, command permissions, and AutoMod rules | Unknown apps, webhook abuse, or automation changes |
| Messages | Single or bulk deletion plus pin and unpin events | Who performed a moderation action and where, not the deleted content itself |
The log is historical evidence, not a current access report. If the incident involves roles or channel visibility, pair it with the current-state checks in the Discord permissions audit checklist.
A practical Discord audit-log investigation workflow
- 1
Define the incident window
Write down the earliest and latest possible time. Audit entries expire after 45 days, so preserve older evidence first.
- 2
Filter by event type
Start with the affected object: channel, role, member, app, webhook, invite, AutoMod rule, or message action.
- 3
Filter by operator
Compare entries from the suspected account or app. Do not assume the visible actor proves intent; compromised accounts and automation can perform actions too.
- 4
Read the entry details
Record the timestamp, action, executor, target, channel, count, and reason when Discord supplies them. Some event fields are optional.
- 5
Check the current state
Confirm whether the role, channel overwrite, app, or safeguard still exists. The audit log records change history, not a guaranteed current-state inventory.
- 6
Preserve and escalate
Capture relevant entries, revoke risky access, rotate compromised credentials, and record the response in a private incident channel.
Keep screenshots, exported notes, and discussion in a private incident channel with narrowly scoped access. Discord's safety guidance warns that moderation logs can retain personal or sensitive information, so define who may read the evidence and when your team will delete its copy. If the incident room still needs to be created, use the private Discord channel setup guide.
Four limits to understand before relying on the log
1. Discord keeps entries for 45 days
The window is fixed in Discord's Audit Logs Resource. The native log and apps that fetch it cannot retrieve entries after Discord's retention period has passed.
2. Deleted-message contents are not included
Discord records message-deletion events, but the audit-log schema does not include the deleted text or attachments. A separate moderation logger may store content, which creates additional privacy and retention responsibilities.
3. A deleted channel cannot be recovered from the log
Discord documents guild-channel deletion as irreversible. The audit entry may help reconstruct who acted and when, but it is not a channel backup and does not restore messages, threads, or permission state.
4. Historical names and details can be limited
Entries can reference Discord identifiers for users, roles, channels, and other targets. If an object no longer exists, a human-readable historical name may be unavailable. Keep important names in your incident record instead of assuming every ID will resolve later.
Use Shero to summarize the native log on demand
When the native results are noisy, an authorized operator can ask Shero to fetch and summarize recent audit entries. This is a read-only analysis of Discord's native data, not a parallel surveillance log and not an automatic action.
On-demand, read-only workflow
Ask a scoped investigation question in Discord
/ai task: summarize audit log changes from the last 24 hours/ai task: show recent channel deletions and who performed them- Requester: needs View Audit Log or Administrator in that server.
- Shero: also needs View Audit Log; otherwise it returns a permission error and does not fetch the entries.
- Scope: one request can filter by action and timeframe and fetch up to 100 native entries at a time.
- Returned evidence: event type, timestamp, recorded reason, and sanitized executor and target identifiers. Shero does not maintain a complete historical-name directory, so unavailable names stay unavailable.
- Boundaries: no deleted-message contents, no channel recovery, no permission changes, and no access beyond Discord's 45-day source window.
- Free allowance: 100,000 AI credits refresh weekly for each user.
Common Discord audit-log questions
How do I check the audit log on a Discord server?
In Discord's desktop or web app, open the server menu, choose Server Settings, and select Audit Log. If Audit Log is missing or unavailable, your role needs View Audit Log or Administrator.
How far back does the Discord audit log go?
Discord stores audit log entries for 45 days. Export or document important incident evidence before the relevant entries age out.
Does the Discord audit log show deleted message contents?
No. A message-deletion audit entry can record that a deletion happened and include limited metadata such as the channel and count, but the native audit log does not preserve the deleted message text or attachments.
Can the Discord audit log recover a deleted channel?
No. The log can help identify who deleted a channel and when, but it is not a backup. Discord documents guild channel deletion as irreversible, so recreation requires a separate template, export, or manual record.
Can Shero summarize Discord audit logs?
Yes. An authorized operator can ask Shero for an on-demand, read-only summary of recent native Discord audit entries. The requester and Shero both need audit-log access. Shero does not change settings, recover deleted objects, or reveal deleted-message contents.
Does the audit log show who currently has a permission?
Not reliably. The audit log records administrative changes, while a current-state permissions audit checks the roles and channel overwrites that exist now. Use both when investigating access changes.
Primary Discord sources
This guide was verified July 11, 2026 against Discord's current audit-log API, permission reference, channel-deletion behavior, and moderation confidentiality guidance.
Turn a noisy log into an investigation brief
Keep Discord's native evidence, then ask Shero for the useful pattern
Add Shero free and run an on-demand, permission-checked audit-log summary. Upgrade only after the free workflow proves useful for the server you manage.