Server operations

How to Check Discord Audit Logs and Investigate Server Changes

A source-backed workflow for server owners, admins, and moderation leads who need to understand a deletion, permission change, app installation, or other administrative action.

Shero Operations Team10 min read

The short answer

Open the server menu in Discord's desktop or web app, select Server Settings, then Audit Log. Filter by the action or operator, open the relevant entries, and record their timestamps, targets, and reasons. You need View Audit Log or Administrator. Discord stores entries for 45 days.

Start with Discord's native Audit Log. It is the platform's source of record for administrative events. A bot can make a large result set easier to review, but it cannot restore data that Discord does not include.

How to open and check Discord's native Audit Log

  1. 1

    Open the correct server

    Use Discord's desktop or web app and select the server you manage. Audit logs belong to one server; they are not an account login history.

  2. 2

    Open Server Settings

    Select the server name or menu, then choose Server Settings. Avoid changing roles or channels while you are preserving an incident timeline.

  3. 3

    Select Audit Log

    If the item is unavailable, ask the owner to grant View Audit Log to a trusted investigation role. Administrator also includes this access, but it grants much more than the log requires.

  4. 4

    Narrow the results

    Use Discord's action and user filters to reduce noise. Begin with the affected object or suspected operator, then widen the window if the first entry was part of a sequence.

  5. 5

    Expand and document the entry

    Review the action, executor, target, time, and optional reason or change details. Preserve the relevant evidence before the 45-day retention window expires.

Use least privilege: View Audit Log is the specific permission for this job. Discord's permission reference documents Administrator as granting every permission and bypassing channel restrictions, so do not grant it merely to let an investigator read the log.

What does the Discord Audit Log record?

Discord creates an entry when an administrative action occurs. The entry has an event type and can include the executor, target, timestamp, reason, and event-specific changes. Discord warns that individual fields are not guaranteed, so treat missing details as unavailable evidence rather than proof that nothing happened.

Event groupExamplesUseful for
Channels and permissionsChannel creation, updates, deletion, and permission-overwrite changesUnexpected access, hidden channels, or structural changes
Roles and membersRole creation, edits, deletion, member role changes, kicks, bans, and movesPrivilege escalation, staff changes, and moderation disputes
Apps and integrationsBot additions, integrations, webhooks, command permissions, and AutoMod rulesUnknown apps, webhook abuse, or automation changes
MessagesSingle or bulk deletion plus pin and unpin eventsWho performed a moderation action and where, not the deleted content itself

The log is historical evidence, not a current access report. If the incident involves roles or channel visibility, pair it with the current-state checks in the Discord permissions audit checklist.

A practical Discord audit-log investigation workflow

  1. 1

    Define the incident window

    Write down the earliest and latest possible time. Audit entries expire after 45 days, so preserve older evidence first.

  2. 2

    Filter by event type

    Start with the affected object: channel, role, member, app, webhook, invite, AutoMod rule, or message action.

  3. 3

    Filter by operator

    Compare entries from the suspected account or app. Do not assume the visible actor proves intent; compromised accounts and automation can perform actions too.

  4. 4

    Read the entry details

    Record the timestamp, action, executor, target, channel, count, and reason when Discord supplies them. Some event fields are optional.

  5. 5

    Check the current state

    Confirm whether the role, channel overwrite, app, or safeguard still exists. The audit log records change history, not a guaranteed current-state inventory.

  6. 6

    Preserve and escalate

    Capture relevant entries, revoke risky access, rotate compromised credentials, and record the response in a private incident channel.

Keep screenshots, exported notes, and discussion in a private incident channel with narrowly scoped access. Discord's safety guidance warns that moderation logs can retain personal or sensitive information, so define who may read the evidence and when your team will delete its copy. If the incident room still needs to be created, use the private Discord channel setup guide.

Four limits to understand before relying on the log

1. Discord keeps entries for 45 days

The window is fixed in Discord's Audit Logs Resource. The native log and apps that fetch it cannot retrieve entries after Discord's retention period has passed.

2. Deleted-message contents are not included

Discord records message-deletion events, but the audit-log schema does not include the deleted text or attachments. A separate moderation logger may store content, which creates additional privacy and retention responsibilities.

3. A deleted channel cannot be recovered from the log

Discord documents guild-channel deletion as irreversible. The audit entry may help reconstruct who acted and when, but it is not a channel backup and does not restore messages, threads, or permission state.

4. Historical names and details can be limited

Entries can reference Discord identifiers for users, roles, channels, and other targets. If an object no longer exists, a human-readable historical name may be unavailable. Keep important names in your incident record instead of assuming every ID will resolve later.

Use Shero to summarize the native log on demand

When the native results are noisy, an authorized operator can ask Shero to fetch and summarize recent audit entries. This is a read-only analysis of Discord's native data, not a parallel surveillance log and not an automatic action.

On-demand, read-only workflow

Ask a scoped investigation question in Discord

/ai task: summarize audit log changes from the last 24 hours/ai task: show recent channel deletions and who performed them
  • Requester: needs View Audit Log or Administrator in that server.
  • Shero: also needs View Audit Log; otherwise it returns a permission error and does not fetch the entries.
  • Scope: one request can filter by action and timeframe and fetch up to 100 native entries at a time.
  • Returned evidence: event type, timestamp, recorded reason, and sanitized executor and target identifiers. Shero does not maintain a complete historical-name directory, so unavailable names stay unavailable.
  • Boundaries: no deleted-message contents, no channel recovery, no permission changes, and no access beyond Discord's 45-day source window.
  • Free allowance: 100,000 AI credits refresh weekly for each user.
Add Shero and summarize a log
Best practice: inspect the decisive entries in Discord before taking corrective action. A summary speeds up triage; it does not replace the source evidence or human review.

Common Discord audit-log questions

How do I check the audit log on a Discord server?

In Discord's desktop or web app, open the server menu, choose Server Settings, and select Audit Log. If Audit Log is missing or unavailable, your role needs View Audit Log or Administrator.

How far back does the Discord audit log go?

Discord stores audit log entries for 45 days. Export or document important incident evidence before the relevant entries age out.

Does the Discord audit log show deleted message contents?

No. A message-deletion audit entry can record that a deletion happened and include limited metadata such as the channel and count, but the native audit log does not preserve the deleted message text or attachments.

Can the Discord audit log recover a deleted channel?

No. The log can help identify who deleted a channel and when, but it is not a backup. Discord documents guild channel deletion as irreversible, so recreation requires a separate template, export, or manual record.

Can Shero summarize Discord audit logs?

Yes. An authorized operator can ask Shero for an on-demand, read-only summary of recent native Discord audit entries. The requester and Shero both need audit-log access. Shero does not change settings, recover deleted objects, or reveal deleted-message contents.

Does the audit log show who currently has a permission?

Not reliably. The audit log records administrative changes, while a current-state permissions audit checks the roles and channel overwrites that exist now. Use both when investigating access changes.

Primary Discord sources

This guide was verified July 11, 2026 against Discord's current audit-log API, permission reference, channel-deletion behavior, and moderation confidentiality guidance.

Turn a noisy log into an investigation brief

Keep Discord's native evidence, then ask Shero for the useful pattern

Add Shero free and run an on-demand, permission-checked audit-log summary. Upgrade only after the free workflow proves useful for the server you manage.

Add Shero freeSee Shero Supporter