.svg){kind=link}
The DO Audit Log Scraper is a Chrome extension that fills the critical gap in DigitalOcean's ability to export audit log data using their API. As of 2025, DigitalOcean still does not provide API access for audit log export, making this tool essential for the DFIR (Digital Forensics and Incident Response) community.
This enhanced v2.0 release provides forensic-grade features for extracting and analyzing audit log data from the DigitalOcean control panel, with support for multiple export formats, data integrity verification, and comprehensive metadata collection.
Despite the growing importance of security auditing and compliance, DigitalOcean continues to lack:
- API endpoints for audit log export
- Programmatic access to security history
- Built-in export functionality for audit logs
The security history remains accessible only through the web UI, making this Chrome extension the primary solution for:
- Forensic investigations
- Compliance reporting
- Security incident analysis
- Audit trail preservation
- SHA-256 Hash Generation: Automatic hash calculation for data integrity verification
- Forensic Metadata: Comprehensive metadata including timestamps, browser info, and export parameters
- Timestamped Exports: Automatic timestamp addition to filenames for better organization
- Scraped-At Timestamps: Records exact time each entry was scraped for chain of custody
- CSV Export: Traditional comma-separated values with proper escaping
- JSON Export: Structured JSON with nested metadata and audit logs
- Metadata Inclusion: Optional forensic metadata in both formats
- Pagination Support: Automatically scrape multiple pages of audit logs
- Error Handling: Robust error handling for various page structures
- Data Validation: Ensures data integrity during extraction
- Flexible Selectors: Adapts to different table structures
- Manifest V3 Compliance: Updated to Chrome's latest extension security model
- Strict Host Permissions: Limited to
cloud.digitalocean.comonly - Content Security Policy: Enhanced security policies
- No External Dependencies: All processing done locally for security
- Clone or download the repository
- Open Google Chrome and navigate to
chrome://extensions/ - Enable "Developer mode" in the top right corner
- Click "Load unpacked" and select the repository folder
- The extension will be installed with the new v2.0 features
- Navigate to DigitalOcean Security Page
- Click the DO Audit Log Scraper extension icon
- Choose your export options:
- Format: CSV or JSON
- Include Metadata: Add forensic metadata to export
- Generate Hash: Create SHA-256 hash for integrity
- Timestamp Filename: Add timestamp to filename
- Click "Scrape Audit Logs" for current page or "Scrape All Pages" for complete history
- Traditional spreadsheet-compatible format
- Includes headers: Action, User, IP Address, Time, UTC_Timestamp, Local_Timestamp, Scraped_At_UTC
- Forensic metadata added as comment line if enabled
{
"metadata": {
"tool": "DO Audit Log Scraper",
"version": "2.0",
"exportedAt": "2025-01-11T12:00:00Z",
"recordCount": 150,
"dataHash": {
"algorithm": "SHA-256",
"value": "..."
}
},
"auditLogs": [...]
}- Always enable hash generation for evidence integrity
- Include metadata for complete forensic documentation
- Use timestamped filenames for proper evidence organization
- Export regularly as DigitalOcean may limit historical data
- Verify hashes after export to ensure data integrity
- Action performed
- User full name
- IP address
- Time (relative)
- UTC timestamp (ISO 8601)
- Local timestamp (browser timezone)
- Scrape timestamp (for chain of custody)
- Google Chrome (v88+)
- Microsoft Edge (Chromium-based)
- Brave Browser
- Any Chromium-based browser supporting Manifest V3
- Requires manual navigation to security page
- Limited to data visible in web interface
- User identification relies on full name (potential for spoofing)
- No real-time monitoring capability
This tool is designed for legitimate forensic and compliance purposes:
- All data processing occurs locally in the browser
- No data is transmitted to external servers
- No credentials are stored or transmitted
- Extension operates only on DigitalOcean security pages
Contributions are welcome! Please consider:
- Testing with different DigitalOcean account types
- Reporting issues with specific audit log formats
- Suggesting additional forensic features
- Improving data extraction reliability
This project is licensed under the MIT License.
- DigitalOcean - For providing the web-based audit logs
- DFIR Community - For feedback and feature requests
- IONSEC Team - For forensic expertise and development
IONSEC is a boutique cybersecurity services company specializing in:
- Advanced threat response
- Digital forensics and incident response (DFIR)
- Security architecture and compliance
- Tailor-made security solutions
- Issues: GitHub Issues
- Email: [email protected]
- Twitter: @ionsec_io
- LinkedIn: IONSEC
- Emergency Response: ionsec.io/panicmode
- Migrated to Manifest V3
- Added JSON export format
- Implemented SHA-256 hash generation
- Added forensic metadata collection
- Enhanced error handling and data validation
- Added pagination support for multiple pages
- Improved security with strict host permissions
- Updated UI with modern dark theme
- Initial release
- Basic CSV export functionality
- Manifest V2 implementation
Note: This tool remains necessary due to DigitalOcean's continued lack of API support for audit log export as of 2025. We will continue to maintain and update this tool until DigitalOcean provides native API functionality.