The same guardrail logs can also be viewed from Admin > Code Gateway > Guardrail Logs.
What are Guardrail Logs?
When users converse with the AI, guardrails validate inputs and outputs. When sensitive info is detected, the configured strategy (block, redact, mask, etc.) is applied and the result is logged.Log Entry Structure
Each guardrail log entry includes:| Field | Description |
|---|---|
| Timestamp | Detection event time |
| User | Input user (name, email) |
| Chat ID | Conversation session |
| Message ID | Message identifier |
| Guardrail name | Applied guardrail |
| Action | Processing strategy (block, redact, mask, etc.) |
| Detection Pattern | Detection method (Rule-based / LLM-based) |
| Detection Detail | Specific detected content |
| Original content | Original input text |
| Processed Content | Text after strategy applied |
Action Types
| Action | Description |
|---|---|
| block | Block entire message |
| redact | Replace sensitive info with label (e.g., [REDACTED_EMAIL]) |
| mask | Show only some characters (e.g., j***@***.com) |
| hash | Convert to hash value |
| log | Log without blocking (shown as “Warning” in UI) |
Detection Pattern
Detection methods are grouped into two categories.| Group | Sources | Description |
|---|---|---|
| Rule-based | pii, custom_pattern, blocked_word | Regex/pattern-based detection |
| LLM-based | llm_judge | LLM-based content risk assessment |
| Source | Description |
|---|---|
| pii | Detect PII patterns (email, credit card, IP address, etc.) |
| custom_pattern | Detect user-defined regex patterns |
| blocked_word | Detect prohibited words/phrases |
| llm_judge | LLM-based content risk assessment |
Filter Options
| Filter | Description |
|---|---|
| Time range | Start/end date range |
| Action | block, redact, mask, hash, log (multi-select) |
| Detection Pattern | Rule-based / LLM-based group selection |
| User search | Search by user ID, email, or name |
| Chat ID | Logs for a specific chat session only |
| Source | Request origin filter (e.g., code_gateway) |
Log Detail View
Click a log entry to see details.- Detection Details
- Context
| Item | Description |
|---|---|
| Guardrail | Applied guardrail name and ID |
| Detection Pattern | Rule-based (PII, custom pattern, blocked word) or LLM-based (LLM Judge) |
| Detection Detail | Specific detected pattern or item |
| Original content | User-entered original |
| Processed Content | Result after strategy applied |
Tracing Integration
In guardrail log details, the Trace button lets you see the complete processing of that message.Use Cases
Guardrail Policy Tuning
Guardrail Policy Tuning
- Set a time range and view logs by Detection Pattern
- Review
logaction events to gauge false positive rate - Adjust regex or exclude patterns with many false positives
- Add new patterns or blocked words for missed detections
Security Incident Response
Security Incident Response
- Look up a specific user’s guardrail events via user search
- Check repeated
blockpatterns - Review original content to determine intentional sensitive info leak attempts
- Cross-analyze with related audit logs for full context
LLM Judge Effectiveness Analysis
LLM Judge Effectiveness Analysis
- Filter Detection Pattern to
LLM-based - Review original content of blocked messages
- If excessive blocking, strengthen allow examples in the Judge prompt
- If missing blocks, add block examples
Guardrail Settings Integration
Improve guardrail settings based on patterns found in guardrail logs.| Log Analysis Finding | Recommended Action |
|---|---|
| Specific PII type detected frequently | Strengthen that type’s strategy from log → redact |
| Frequent false positives | Narrow custom pattern regex |
| LLM Judge over-blocking | Add allow examples to Judge prompt |
| New sensitive info pattern found | Add regex via custom pattern |
See Guardrails for guardrail configuration.