Security Logging And Monitoring

Why Agent Logging Matters

Every action your AI agent takes should be logged. Unlike traditional software, AI agents make autonomous decisions — and you need a complete audit trail to understand what happened, why, and whether it was appropriate.

What OpenClaw Logs

OpenClaw captures structured logs for every agent interaction:

• Input logs: Every message or command received, including source identity and channel
• Decision logs: The agent's reasoning chain, including which tools it considered and why
• Action logs: Every command executed, file accessed, or API called — with exact parameters
• Output logs: Every response sent back to the user or system
• Security logs: Denied actions, allowlist violations, approval gate triggers, and anomaly detections

Log Configuration

{
  "logging": {
    "level": "info",
    "format": "json",
    "output": ["file", "stdout"],
    "logPath": "./logs/openclaw.log",
    "maxFileSize": "100MB",
    "retentionDays": 90,
    "redactSecrets": true,
    "includeDecisionChain": true
  }
}

Setting Up Monitoring Alerts

Configure real-time alerts for critical security events:

• Anomaly detection: Alert when the agent attempts actions outside its normal behavior pattern
• Rate limiting: Alert when API calls exceed expected thresholds (possible exfiltration)
• Error spikes: Alert on sudden increases in denied actions (possible prompt injection attempts)
• Cost monitoring: Alert when LLM API costs exceed your daily budget

Log Analysis Commands

# View recent security events
openclaw logs --filter security --since 1h

# Export full audit trail
openclaw logs export --format json --output audit.json

# Search for specific actions
openclaw logs search "file_delete" --since 7d