Anyone know if Fleet audit logs for admin actions? I can see a lot of client access in the nginx logs, but not finding anything for the UI or any actions performed there. I'm guessing that changes made like new users, or updates to packs are logged in the DB. Is that right?

Those things are logged to stderr

ok, thanks!

Originally there was logging for every endpoint on stderr as is common with HTTP servers. That logging was very verbose and most folks seemed to want to use it as more of an audit log. Now most of it is hidden unless

logging_debug

flag is set.

got it, thanks. I see that here - https://github.com/kolide/fleet/blob/master/docs/infrastructure/configuring-the-fleet-binary.md I don't see where that will redirect the logs to though