Audit trails for Claude deployments aren't optional in regulated industries — they're the difference between a defensible compliance posture and an unacceptable one. This guide covers exactly what to log, how to structure event data, how long to retain it, and how to connect your Claude audit trail to your SIEM for real-time alerting.
What to Log in a Claude Deployment
Not every Claude interaction needs the same level of logging. Defining log tiers prevents you from either drowning in data or missing critical events. We recommend a three-tier approach based on risk and compliance requirements.
Tier 1: Session Metadata (Always Log)
These events are lightweight and should be logged for every Claude interaction. They provide the foundation for usage reporting, capacity planning, and incident investigation without capturing potentially sensitive content:
- Session ID: A unique identifier for each conversation or API call chain
- User ID / service account: Who initiated the session (hashed or tokenised for privacy where required)
- Timestamp: Session start, end, and duration (ISO 8601 format)
- Department / team tag: Business unit attribution for usage reporting
- Data classification level accessed: The highest classification of data submitted in the session (public / internal / sensitive / restricted)
- Model version: Which Claude model version processed the request
- MCP integrations invoked: List of system integrations called during the session (without parameters)
- Token counts: Input and output token counts for cost attribution
- Response latency: For performance monitoring
Tier 2: Policy and Approval Events (Always Log)
These events indicate governance activity and must be logged with full detail for compliance purposes:
- Approval requests created (use case ID, requesting user, classification)
- Approvals granted or denied, by whom, with timestamp
- Approval reasoning or reference to policy
- Policy exceptions requested and granted
- User permission changes (upgrades or downgrades to data access)
Tier 3: Security Events (Always Log, Alert Immediately)
These events require immediate alerting in addition to logging:
- Attempted access to restricted data classification by unauthorised users
- Suspected prompt injection attempts (pattern-matched against known injection signatures)
- Anomalous MCP query volumes (e.g., 100+ database queries in a 5-minute window)
- Failed authentication to MCP-connected systems via Claude
- Claude responses containing apparent system prompt leakage
- Users attempting to extract other users' data via shared Claude systems
Optional: Content Logging
Logging conversation content (prompt and response text) provides maximum investigative capability but creates significant privacy and compliance obligations. Before enabling content logging, ensure you have: a valid legal basis under your privacy regulation, explicit employee notice, defined retention limits, role-based access controls on the log system, and clear policy on when logs can be reviewed. In most EU jurisdictions, logging full conversation content requires works council consultation and DPA update. Start with metadata-only logging and add content logging only where specifically required by your compliance framework (e.g., financial services communications surveillance).
Need help designing your Claude audit architecture?
We design audit trail systems that satisfy compliance requirements across SOC 2, GDPR, HIPAA, and FCA without over-engineering.
Log Schema Design
Consistent log schema is critical for querying, alerting, and compliance reporting. Define your schema before deployment and enforce it via your logging library or API middleware. Here's a recommended base schema:
{
"event_id": "uuid-v4",
"event_type": "session_start|session_end|policy_event|security_event",
"timestamp": "2026-03-28T14:22:00Z",
"session_id": "sess_abc123",
"user_id_hash": "sha256_hash_of_user_id",
"department": "legal",
"model_version": "claude-opus-4-6",
"data_classification": "sensitive",
"mcp_integrations": ["salesforce", "sharepoint"],
"token_input": 2847,
"token_output": 1203,
"duration_ms": 4820,
"policy_flags": [],
"security_flags": []
}For security events, extend the base schema with:
{
"event_type": "security_event",
"security_event_type": "prompt_injection_attempt|restricted_data_access|anomalous_mcp_volume",
"severity": "low|medium|high|critical",
"details": "Human-readable description of the event",
"auto_blocked": true,
"notified_to": ["security@company.com", "siem_alert_id_12345"]
}Store logs in a structured format (JSON) in a centralised logging system with append-only access controls. Logs must not be modifiable after creation. Use a dedicated logging service account with write-only permissions — your Claude application should not be able to read or modify audit logs.
Free Research
Claude Governance Framework
Our complete governance framework covers audit design, policy structure, data classification, and committee processes for enterprise Claude deployments.
Download Free →Retention Policies
Retention periods for Claude audit logs depend on your applicable regulations and internal policy. Here's a summary of common requirements:
Regulatory Minimums
- SOC 2: No specific minimum, but typically 1 year for Type II audits
- ISO 27001: Audit log retention period defined in your organisation's controls; typically 1-3 years
- GDPR: Logs containing personal data must not be retained longer than necessary. For compliance audit logs, 2-3 years is typically defensible. For metadata-only logs, 3-5 years.
- HIPAA: Audit controls documentation must be retained for 6 years from creation or last effective date
- FCA (UK financial services): Communications surveillance records require 5-7 years retention depending on instrument type
- MiFID II: Relevant communications must be retained for 5 years, or 7 years if national regulators require
Practical Retention Framework
We recommend a tiered retention approach: 90 days hot storage (immediately queryable), 1 year warm storage (queryable within minutes), 3-7 years cold storage (archive, days to retrieve). Automate lifecycle management to move logs between tiers. Define deletion schedules and execute them — retaining logs beyond your stated retention period creates unnecessary legal exposure.
SIEM Integration
Connect your Claude audit logs to your Security Information and Event Management (SIEM) system for real-time alerting, correlation with other security events, and unified compliance reporting. Most enterprises use Splunk, Microsoft Sentinel, or Elastic Security.
Log Forwarding
Forward logs in real time using your preferred ingestion method: syslog, webhook, or direct API integration. Structure Claude logs to map cleanly to your SIEM's data model. Tag all Claude-originated events with a consistent source label (source: claude_deployment) so you can filter them quickly.
Alert Rules
Configure these alert rules as a starting point:
- Restricted data access attempt: Alert immediately when a user without restricted access classification submits restricted-level data. Severity: High.
- Prompt injection pattern match: Alert when Claude's response or the logging layer flags a potential injection attempt. Severity: Critical.
- Anomalous MCP volume: Alert when a single session generates more than 50 MCP queries in 10 minutes (tune threshold to your baseline). Severity: Medium.
- Off-hours access to sensitive data: Alert on sensitive-data sessions outside business hours for your department. Severity: Low (review weekly).
- High-volume user: Alert when a single user generates more than 3× their 30-day average token usage in a day. Severity: Low (may indicate account compromise).
Dashboard Metrics
Build a compliance dashboard in your SIEM covering: daily active users by department, data classification distribution of sessions, MCP integration usage by type, policy event rates (approvals, denials), security event counts and trends, and cost attribution by business unit. Review this dashboard weekly with your governance committee.
Ready to build a compliant Claude audit system?
Our governance team designs and implements audit architectures that satisfy audit committee requirements within your existing security stack.
Using Audit Trails in Incident Response
When a security incident occurs — a data breach, a policy violation, or a prompt injection attack — your audit trail is your primary forensic tool. Define incident response procedures that leverage Claude audit logs before you need them.
Incident Investigation Checklist
- Isolate the session: Use the session ID to retrieve all events associated with the incident. This is why unique session IDs are non-negotiable.
- Identify the user: Map the hashed user ID to the actual identity via your user directory. Access to the mapping table should be restricted to security and legal.
- Reconstruct the MCP activity: Review all MCP integration events in the session to understand what systems were accessed and what data may have been exposed.
- Check for lateral movement: Search for other sessions by the same user, or sessions that accessed the same MCP systems, in the preceding 30 days.
- Preserve evidence: Export the relevant log events to a tamper-proof evidence file (with hash verification) before any investigation concludes.
- Document the timeline: Create a chronological timeline of events for use in regulatory reporting, legal proceedings, or internal review.
Frequently Asked Questions
Should we log conversation content or just metadata?
Start with metadata-only logging. It satisfies most governance and incident response requirements without the privacy obligations of content logging. Add content logging only where required by specific compliance frameworks (e.g., FCA communications surveillance for financial services firms). If you do log content, hash or tokenise personal identifiers at ingestion time, restrict access strictly, and define short retention windows with automated deletion.
How do we prevent audit log tampering?
Use append-only storage with role-based access controls: your Claude application can write but not read or delete. Store logs in a separate account or subscription from your application infrastructure. Implement log integrity verification using hash chains or a service like AWS CloudTrail Log File Validation or Azure Monitor's workspace integrity features. Consider immutable storage (WORM) for high-compliance use cases.
What SIEM platforms work best with Claude audit trails?
Any major SIEM works, but the implementation approach varies. Splunk offers the richest custom dashboarding via SPL queries. Microsoft Sentinel integrates well if you're already in the Azure ecosystem and can leverage built-in AI-powered analytics. Elastic Security is popular for high-volume deployments where cost per event matters. Define your log schema before choosing your SIEM, as the schema determines how easily you can query and correlate events.
How long should we retain Claude audit logs?
At minimum, retain security events for 2 years and general session metadata for 1 year. For regulated industries: HIPAA requires 6 years, MiFID II requires 5-7 years, and SOC 2 Type II audits typically require 1 year of evidence. Implement a tiered retention strategy: 90 days hot, 1 year warm, remainder in cold archive — with automated lifecycle management to control costs.