Audit webhook setup

Make sure you keep track of every important Exoguard command being executed.

There are two types of audit webhooks recognized by our service:

  • Local: a Discord webhook created in the server you are currently configuring

  • Remote: a Discord webhook created in another server than the one you are configuring

  • External: a custom webhook from an external service to receive JSON POST requests

External audit webhooks require a pro subscription to be configured.

If you are a server owner and don't want your administrators to be able to edit or delete the audit webhook, create it on another Discord server where nobody else will be able to touch it.

The /login and /logout commands are not sent to Discord audit webhooks since they respectively give and take roles, which is already logged through Discord servers' audit logs. To avoid clutter, if you want to receive these events, please use an external audit webhook instead.

Too many authentication failures in a short time span will still be sent to Discord audit webhooks.

Setting the audit webhook

Required permissions: administrator (local webhook) or server owner (other webhooks).

To setup the audit webhook, please first create a Discord webhook:

  • In your current server, easier to monitor but admins can delete audit logs.

  • In another server, where you don't allow anyone else to manage messages.

To create one, go to Server Settings -> Integrations -> Webhooks -> New Webhook:

Your webhook URL will look like this, if it doesn't please copy the URL again: https://discord.com/api/webhooks/1213621275340316754/[…]

Once you have it, type the /config settings audit_webhook command:

Once you have the command, select the optional webhook argument and paste your URL:

You can then send the command, Exoguard will confirm your webhook has been set:

The configured webhook URL can be retrieved by typing the same command, but without specifying any webhook URL. For security reasons, only the server owner can set or retrieve the webhook URL. Without this restriction, an administrator could leak the URL or delete the webhook itself.

Checking the audit webhook

Method #1: using the /config info command (recommended)

Required permissions: right to use the /config command (default: administrators).

Use the /config info command to confirm the audit webhook is currently configured:

The audit webhook is said to be encrypted since the /config info reply is a public message. It is actually encrypted in the database, so even a leak would not allow anyone else to access it.

If you are a server admin and want to retrieve your webhook URL, use the next method.

Method #2: using the /config settings audit_webhook command

Required permissions: administrator (local webhook) or server owner (remote webhook).

Do not specify the webhook argument or you will overwrite the URL.

Use the /config settings audit_webhook command to retrieve the configured URL:

If the audit webhook is not configured, then Exoguard will let you know:

Disabling the audit webhook

Required permissions: administrator (local webhook) or server owner (remote webhook).

While it isn't recommended, you can disable the audit webhook if you ever want to do so.

Use the /config settings audit_webhook command, with - (a dash) as the webhook URL:

Once you send the command, Exoguard will let you know the webhook has been unset:

For security reasons, everything is still sent as an ephemeral message. In case you execute the command in a channel other people can access, you may not want them to know you have disabled the audit webhook.

We require a dash instead of letting the webhook parameter empty to avoid human error.

PreviousWebAuthnNextExternal audit webhooks

Last updated