Audit logs are included with every Cal.com organization plan and are turned on by default. You must be an organization or team admin to view them.
Booking events
Each booking keeps a history of the following events:| Event | What it records |
|---|---|
| Booking created | When the booking was made, the assigned host, and the time slot |
| Booking accepted | When a pending booking was confirmed |
| Booking rejected | When a pending booking was declined, including the rejection reason |
| Booking cancelled | When a booking was cancelled, including the cancellation reason |
| Booking rescheduled | The original and new date/time, with a link to the new booking |
| Reschedule requested | When a reschedule was requested, including the reason |
| Booking reassigned | When a booking was moved to a different host, the assignment type (manual or round robin), and the previous host |
| Attendee added | When new attendees were added to the booking |
| Location changed | The previous and new meeting location |
| No-show updated | When a host or attendee was marked as a no-show |
| Seat booked | When someone booked a seat on a seated event |
| Seat rescheduled | When a seat was moved to a different time |
Security events
Cal.com also tracks security-related actions for your organization. These events help admins monitor account activity and maintain compliance.| Event | What it records |
|---|---|
| Email changed | When a member changes their email address, including the previous and new email |
| Account locked | When an admin locks a user account |
| Account unlocked | When an admin unlocks a previously locked user account |
| Login | When a user signs in, including both successful logins and failed login attempts (for example, wrong password, locked account, or failed two-factor verification) |
| Password changed | When a user updates their password |
| Two-factor enabled | When a user turns on two-factor authentication |
| Two-factor disabled | When a user turns off two-factor authentication |
| Impersonation started | When an admin begins impersonating another user |
| Impersonation stopped | When an admin stops impersonating another user |
Routing form history
Each routing form keeps a history of every change made to its configuration. This helps organization admins audit who edited a form, when the change happened, and exactly what was updated. The following changes are recorded:| Event | What it records |
|---|---|
| Form created | When the form was created, including the initial form name |
| Form modified | Any change to the form’s name, description, fields, routes, or settings, including before and after values |
| Form deleted | When the form was removed |
| Router-sync change | When an edit to a router form propagated field changes to a connected form |
sendUpdatesTo.
How to view routing form history
How to view booking audit logs
Reading the timeline
The timeline displays events in reverse chronological order (newest first). Each entry shows:- Action icon — a visual indicator of the event type
- Description — what happened (for example, “Booking rescheduled from Jan 10 to Jan 15”)
- Who made the change — the person’s name and role (such as guest or attendee)
- When it happened — a relative timestamp (for example, “2 hours ago”), with the exact date and time available on hover
- Source — whether the change was made from the web app, an API call, a webhook, or the system
- Impersonation info — if someone performed the action on behalf of another user
- Raw data — the full event data in JSON format
Filtering audit logs
Two filters are available above the timeline:- Search — filter entries by keyword across action names, actor names, and event details
- Actor — filter by the person who made the change using the dropdown menu
Who can access audit logs
Audit log access is controlled by your organization’s permission settings. Booking audit logs and routing form history are gated independently, so an admin can grant one without the other.- Organization admins and owners can view audit logs for all bookings, routing forms, and security events in the organization by default.
- Team admins and owners can view audit logs for bookings and routing forms owned by their team.
- Regular members do not have access to audit logs by default.
- View team routing form audit logs — history for forms owned by teams the member belongs to.
- View organization routing form audit logs — history for every routing form in the organization.
Frequently asked questions
Can I export audit logs?
Can I export audit logs?
Audit logs are currently viewable within Cal.com. Export functionality is not available at this time.
How far back do audit logs go?
How far back do audit logs go?
Audit logs are recorded from the point your organization was created or the feature became available. Changes made before audit logging was active are not tracked.
Are audit logs available for personal bookings?
Are audit logs available for personal bookings?
Yes, as long as the booking owner is a member of your organization and you have the appropriate admin permissions.
What does the 'System' actor mean?
What does the 'System' actor mean?
Actions performed automatically by Cal.com (rather than by a specific person) are attributed to “Cal.com” as the actor.
What are security audit events used for?
What are security audit events used for?
Security events help organization admins monitor sensitive account activity such as email changes, account locks, login attempts (including failed sign-ins), and authentication changes. These events support compliance and security monitoring across your organization.