Exoguard Docs
  • Introduction
    • Quick Start
  • Commands
  • Tutorials
    • Permissions
    • Enroll yourself
      • WebAuthn
    • Audit webhook setup
      • External audit webhooks
    • Request a custom link
  • Service
    • Access levels
    • Subscriptions
    • Privacy Policy
    • Terms of Service
Powered by GitBook
On this page
  • Setting the audit webhook
  • Checking the audit webhook
  • Method #1: using the /config info command (recommended)
  • Method #2: using the /config settings audit_webhook command
  • Disabling the audit webhook
  1. Tutorials

Audit webhook setup

Make sure you keep track of every important Exoguard command being executed.

PreviousWebAuthnNextExternal audit webhooks

Last updated 8 months ago

There are two types of audit webhooks recognized by our service:

  • Local: a Discord webhook created in the server you are currently configuring

  • Remote: a Discord webhook created in another server than the one you are configuring

  • External: a custom webhook from an external service to receive JSON POST requests

External audit webhooks require a to be configured.

If you are a server owner and don't want your administrators to be able to edit or delete the audit webhook, create it on another Discord server where nobody else will be able to touch it.

The and commands are not sent to Discord audit webhooks since they respectively give and take roles, which is already logged through Discord servers' audit logs. To avoid clutter, if you want to receive these events, please use an instead.

Too many authentication failures in a short time span will still be sent to Discord audit webhooks.

Setting the audit webhook

Required permissions: administrator (local webhook) or server owner (other webhooks).

To setup the audit webhook, please first create a Discord webhook:

  • In your current server, easier to monitor but admins can delete audit logs.

  • In another server, where you don't allow anyone else to manage messages.

To create one, go to Server Settings -> Integrations -> Webhooks -> New Webhook:

Your webhook URL will look like this, if it doesn't please copy the URL again: https://discord.com/api/webhooks/1213621275340316754/[…]

Once you have it, type the /config settings audit_webhook command:

Once you have the command, select the optional webhook argument and paste your URL:

You can then send the command, Exoguard will confirm your webhook has been set:

The configured webhook URL can be retrieved by typing the same command, but without specifying any webhook URL. For security reasons, only the server owner can set or retrieve the webhook URL. Without this restriction, an administrator could leak the URL or delete the webhook itself.


Checking the audit webhook

Method #1: using the /config info command (recommended)

Required permissions: right to use the /config command (default: administrators).

Use the /config info command to confirm the audit webhook is currently configured:

Method #2: using the /config settings audit_webhook command

Required permissions: administrator (local webhook) or server owner (remote webhook).

Do not specify the webhook argument or you will overwrite the URL.

Use the /config settings audit_webhook command to retrieve the configured URL:

If the audit webhook is not configured, then Exoguard will let you know:


Disabling the audit webhook

Required permissions: administrator (local webhook) or server owner (remote webhook).

While it isn't recommended, you can disable the audit webhook if you ever want to do so.

Use the /config settings audit_webhook command, with - (a dash) as the webhook URL:

Once you send the command, Exoguard will let you know the webhook has been unset:

For security reasons, everything is still sent as an ephemeral message. In case you execute the command in a channel other people can access, you may not want them to know you have disabled the audit webhook.

We require a dash instead of letting the webhook parameter empty to avoid human error.

The audit webhook is said to be encrypted since the reply is a public message. It is actually encrypted in the database, so even a leak would not allow anyone else to access it.

If you are a server admin and want to retrieve your webhook URL, use the .

next method
pro subscription
external audit webhook
/config info
/login
/logout
Create a new webhook, set its name and target channel, then copy the webhook URL to your clipboard.
You don't have to type it completely, it will be suggested even if you only type a part of it.
Paste the webhook URL into the webhook argument of the command.
Exoguard confirms the webhook has been set, sending the URL back to you in an ephemeral message with a spoiler.
The /config info command will tell if the audit webhook is currently configured or not.
When the audit webhook is set, its URL is sent to you as a spoiler in an ephemeral message.
When the audit webhook is unset, it is shown as none and not configured.
The full configuration command, with a dash instead of a Discord webhook URL.
An ephemeral message shows the audit webhook has been set to none.