search

Audit webhook setup

Make sure you keep track of every important Exoguard command being executed.

There are two types of audit webhooks recognized by our service:

  • Local: a Discord webhook created in the server you are currently configuring

  • Remote: a Discord webhook created in another server than the one you are configuring

  • External: a custom webhook from an external service to receive JSON POST requests

circle-info

External audit webhooks require a pro subscription to be configured.

If you are a server owner and don't want your administrators to be able to edit or delete the audit webhook, create it on another Discord server where nobody else will be able to touch it.

The /login and /logout commands are not sent to Discord audit webhooks since they respectively give and take roles, which is already logged through Discord servers' audit logs. To avoid clutter, if you want to receive these events, please use an external audit webhook instead.

Too many authentication failures in a short time span will still be sent to Discord audit webhooks.

hashtag
Setting the audit webhook

circle-info

Required permissions: administrator (local webhook) or server owner (other webhooks).

To setup the audit webhook, please first create a Discord webhook:

  • In your current server, easier to monitor but admins can delete audit logs.

  • In another server, where you don't allow anyone else to manage messages.

To create one, go to Server Settings -> Integrations -> Webhooks -> New Webhook:

Create a new webhook, set its name and target channel, then copy the webhook URL to your clipboard.

Your webhook URL will look like this, if it doesn't please copy the URL again: https://discord.com/api/webhooks/1213621275340316754/[…]

Once you have it, type the /config settings audit_webhook command:

You don't have to type it completely, it will be suggested even if you only type a part of it.

Once you have the command, select the optional webhook argument and paste your URL:

Paste the webhook URL into the webhook argument of the command.

You can then send the command, Exoguard will confirm your webhook has been set:

Exoguard confirms the webhook has been set, sending the URL back to you in an ephemeral message with a spoiler.

The configured webhook URL can be retrieved by typing the same command, but without specifying any webhook URL. For security reasons, only the server owner can set or retrieve the webhook URL. Without this restriction, an administrator could leak the URL or delete the webhook itself.

hashtag
Checking the audit webhook

hashtag
Method #1: using the /config info command (recommended)

circle-info

Required permissions: right to use the /config command (default: administrators).

Use the /config info command to confirm the audit webhook is currently configured:

The /config info command will tell if the audit webhook is currently configured or not.

The audit webhook is said to be encrypted since the /config info reply is a public message. It is actually encrypted in the database, so even a leak would not allow anyone else to access it.

If you are a server admin and want to retrieve your webhook URL, use the next method.

hashtag
Method #2: using the /config settings audit_webhook command

circle-info

Required permissions: administrator (local webhook) or server owner (remote webhook).

circle-exclamation

Do not specify the webhook argument or you will overwrite the URL.

Use the /config settings audit_webhook command to retrieve the configured URL:

When the audit webhook is set, its URL is sent to you as a spoiler in an ephemeral message.

If the audit webhook is not configured, then Exoguard will let you know:

When the audit webhook is unset, it is shown as none and not configured.

hashtag
Disabling the audit webhook

circle-info

Required permissions: administrator (local webhook) or server owner (remote webhook).

While it isn't recommended, you can disable the audit webhook if you ever want to do so.

Use the /config settings audit_webhook command, with - (a dash) as the webhook URL:

The full configuration command, with a dash instead of a Discord webhook URL.

Once you send the command, Exoguard will let you know the webhook has been unset:

An ephemeral message shows the audit webhook has been set to none.

For security reasons, everything is still sent as an ephemeral message. In case you execute the command in a channel other people can access, you may not want them to know you have disabled the audit webhook.

We require a dash instead of letting the webhook parameter empty to avoid human error.

PreviousWebAuthnNextExternal audit webhooks

Last updated