# Audit webhook setup There are two types of audit webhooks recognized by our service: * `Local`: a Discord webhook created in the server you are currently configuring * `Remote`: a Discord webhook created in another server than the one you are configuring * `External`: a custom webhook from an external service to receive JSON POST requests {% hint style="info" %} External audit webhooks require a [pro subscription](/service/subscriptions.md) to be configured. {% endhint %} If you are a server owner and don't want your administrators to be able to edit or delete the audit webhook, create it on another Discord server where nobody else will be able to touch it. The [/login](/commands.md#login) and [/logout](/commands.md#logout) commands are not sent to Discord audit webhooks since they respectively give and take roles, which is already logged through Discord servers' audit logs. To avoid clutter, if you want to receive these events, please use an [external audit webhook](/tutorials/audit-webhook-setup/external-audit-webhooks.md) instead. Too many authentication failures in a short time span will still be sent to Discord audit webhooks. ## Setting the audit webhook {% hint style="info" %} Required permissions: administrator (local webhook) or server owner (other webhooks). {% endhint %} To setup the audit webhook, please first create a Discord webhook: * In your current server, easier to monitor but admins can delete audit logs. * In another server, where you don't allow anyone else to manage messages. To create one, go to Server Settings -> Integrations -> Webhooks -> New Webhook:

Create a new webhook, set its name and target channel, then copy the webhook URL to your clipboard.

Your webhook URL will look like this, if it doesn't please copy the URL again:\ `https://discord.com/api/webhooks/1213621275340316754/[…]` Once you have it, type the `/config settings audit_webhook` command:

You don't have to type it completely, it will be suggested even if you only type a part of it.

Once you have the command, select the optional `webhook` argument and paste your URL:

Paste the webhook URL into the webhook argument of the command.

You can then send the command, Exoguard will confirm your webhook has been set:

Exoguard confirms the webhook has been set, sending the URL back to you in an ephemeral message with a spoiler.

The configured webhook URL can be retrieved by typing the same command, but without specifying any webhook URL. For security reasons, only the server owner can set or retrieve the webhook URL. Without this restriction, an administrator could leak the URL or delete the webhook itself. *** ## Checking the audit webhook ### Method #1: using the `/config info` command (recommended) {% hint style="info" %} Required permissions: right to use the `/config` command (default: administrators). {% endhint %} Use the `/config info` command to confirm the audit webhook is currently configured:

The `/config info` command will tell if the audit webhook is currently configured or not.

The audit webhook is said to be `encrypted` since the [/config info](/commands.md#config-info) reply is a public message.\ It is actually encrypted in the database, so even a leak would not allow anyone else to access it. If you are a server admin and want to retrieve your webhook URL, use the [next method](#method-2-using-the-config-settings-audit_webhook-command). ### Method #2: using the `/config settings audit_webhook` command {% hint style="info" %} Required permissions: administrator (local webhook) or server owner (remote webhook). {% endhint %} {% hint style="warning" %} Do not specify the `webhook` argument or you will overwrite the URL. {% endhint %} Use the `/config settings audit_webhook` command to retrieve the configured URL:

When the audit webhook is set, its URL is sent to you as a spoiler in an ephemeral message.

If the audit webhook is not configured, then Exoguard will let you know:

When the audit webhook is unset, it is shown as none and not configured.

*** ## Disabling the audit webhook {% hint style="info" %} Required permissions: administrator (local webhook) or server owner (remote webhook). {% endhint %} While it isn't recommended, you can disable the audit webhook if you ever want to do so. Use the `/config settings audit_webhook` command, with `-` (a dash) as the `webhook` URL:

The full configuration command, with a dash instead of a Discord webhook URL.

Once you send the command, Exoguard will let you know the webhook has been unset:

An ephemeral message shows the audit webhook has been set to none.

For security reasons, everything is still sent as an ephemeral message. In case you execute the command in a channel other people can access, you may not want them to know you have disabled the audit webhook. We require a dash instead of letting the `webhook` parameter empty to avoid human error. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.exoguard.io/tutorials/audit-webhook-setup.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.