Log File Streaming
Log File Streaming writes Files.com audit and activity logs to files on your site at a configured interval. Logs are delivered as JSON or CSV files and stored in selected destination folders. Use this approach for workflows that rely on file-based access, scheduled processing, long-term retention, or offline analysis.
For workflows that require real-time monitoring and alerting within a SIEM platform, Files.com offers separate SIEM integrations. These integrations deliver audit and activity logs directly to supported SIEM platforms as events occur, rather than writing them to files on a defined interval.
How Log File Streaming Works
When Log File Streaming is enabled, Files.com collects the selected log types during each configured output interval. At the end of the interval, all collected entries are written to one or more files in the destination folder. The destination folder can be a folder on Files.com or a folder backed by a configured Remote Server. Each file contains all log entries generated for a specific log type during that time window.
Files are written once at the end of each interval and are not modified again by Files.com. Any subsequent activity is written to new files in later intervals. This allows files to be processed safely as soon as they appear, without concern for partial records or changing data.
Downstream systems often detect new log files by polling. Because files are created at a predictable interval, many workflows periodically list the contents of the destination folder using file access methods or APIs, and process files based on their timestamps or naming patterns.
For event-driven processing, use Files.com Webhooks to notify external systems when new files are created.
Log File Streaming Configuration
To configure a log file stream, provide a name, select destination folders, choose a file format, set an output interval, and select the log types to include.
Destination folders determine where log files are written and how they can be accessed, retained, or processed. Destination folders can be folders on Files.com or folders on Remote Server Mounts. Use a remote server mount when logs need to be stored outside the Files.com site, including when logs are processed by external analytics pipelines or must reside in a specific storage environment to meet internal retention or access requirements.
Each log type can be configured to write to its own destination folder, or multiple log types can be written to a single folder. This provides flexibility in how logs are organized, depending on how they will be accessed, ingested, or processed downstream.
The output interval controls how often log files are created and can be set between 5 and 360 minutes. By default, the interval is 60 minutes. For example, when the interval is set to 60 minutes, log files are written every 60 minutes and include all events generated for each selected log type during the preceding 60-minute window. Shorter intervals produce smaller, more frequent files, while longer intervals produce larger files containing more entries.
File Formats and Naming Conventions
Log File Streaming supports JSON and CSV formats. The same log data is written regardless of format, and the choice depends on how the files will be consumed.
Log files follow a consistent naming pattern in the form [LogType]-[Timestamp].[extension]. The timestamp represents when the file was created and can be used to order files chronologically. Including the log type in the file name allows different categories of logs to be processed independently. File extensions reflect the selected format, either .json or .csv.
When a Log File Stream is created or updated and then enabled, a small test file is written to the selected destination folder. This file is used to validate that the configuration is correct and that the destination folder is accessible. Subsequent files contain actual log data generated during each output interval.
Batching and Delivery
Log files are written at the end of each configured output interval. For a given log type, all log entries generated during that interval are written to a single file. For example, if the interval is set to 60 minutes, one file is created at the end of the 60-minute window containing all events generated for that log type during that period.
At the end of the next interval, a new file is created containing all log entries generated since the previous file was written. Files are written as complete outputs and are not modified after creation. Files are not compressed and contain only complete log records.
Supported Log Types
Log File Streaming supports the following log types. Only selected log types are written to files.
| Log Type | Description |
|---|---|
| Settings Changes | Audit logs of changes made to site-wide settings and folder configurations by your Site Administrators. |
| History Logs | Audit logs of changes made to site files, users, groups, logins, permissions, and API keys. |
| File Transfer Services | FTP, SFTP, and WebDAV file transfer activity. |
| Integrations | Audit log of actions performed to your Remote Servers, Syncs, and Files.com on-premise Agents. |
| Automations Logs | Actions performed by automations and their results. |
| API Requests Logs | API requests made to the site. |
| Outbound Emails Logs | Email notifications sent by the server. |
| Public Hosting Logs | Requests to access publicly served folders. |
| ExaVault API Requests Logs (Legacy) | Audit log of ExaVault API requests made to your site. |
Use Cases
Customers use Log File Streaming to feed data warehouses and analytics pipelines, satisfy compliance and audit retention, archive logs for the long term, hand logs off to external processing systems, deliver logs in restricted-network environments, support manual review and troubleshooting, and preserve records for legal and forensic review. See Log File Streaming Use Cases for examples of each.