--- title: "Monitoring slack workspaces with the Sumo Logic app for slack" page_name: "Monitoring Slack workspaces with the Sumo Logic app for Slack" type: "blog" slug: "slack-logs-monitoring" published_at: "2019-09-12" modified_at: "2025-05-09" url: "https://www.sumologic.com/blog/slack-logs-monitoring" canonical: "https://www.sumologic.com/blog/slack-logs-monitoring" markdown_url: "https://www.sumologic.com/blog/slack-logs-monitoring.md" lang: "en" excerpt: "Monitor Slack logs to better manage your organization's security policies with the new Sumo Logic app. Monitor guest user activity and administrative actions. Learn More." taxonomy_blog_category: - "DevOps & IT Operations" --- [ All blogs ](https://www.sumologic.com/blog "blog")[DevOps & IT Operations](https://www.sumologic.com/blog/devops-it-operations) # Monitoring Slack workspaces with the Sumo Logic app for Slack [Sourabh Jain and Rishi Divate](#blog-author-block-291) September 12, 2019 3 min read [DevOps & IT Operations](https://www.sumologic.com/blog/devops-it-operations) ##### Table of contents [Slack](https://www.sumologic.com/application/slack/) is a popular cloud-based set of software tools and online services that provides for secure collaboration across teams, departments, offices, and countries. We are happy to announce support for monitoring Slack workspaces with the new Sumo Logic app for Slack. In this post, we’ll provide an overview of how Sumo Logic’s integration with Slack works and how to leverage it to: - Monitor guest user activity - Enforce your organization’s security policies - Monitor all administrative actions ## How Does It Work? In this section, we first talk about how to collect Slack logs and then understand how to best make use of the data via our app dashboards. ## Collecting Slack Logs and Installing the Slack App Slack exposes various API’s to fetch different kinds of logs for a slack workspace. All API’s use a Slack authentication token. Log types are made available based on various [Slack plans](https://get.slack.help/hc/en-us/articles/115003205446-Slack-plans-and-features-). | Log Type | Free plan | Standard plan | Free plan | Enterprise plan User logs | ✓ | ✓ | ✓ | ✓ Public Channel logs | ✓ | ✓ | ✓ | ✓ Public Message logs | ✓ | ✓ | ✓ | ✓ Access logs | | ✓ | ✓ | ✓ Audit logs | | | | ✓ | |---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---| Sumo Logic provides a collector agent for collecting these logs in real time. The collector agent allows you to configure the types of logs you want collected and can be deployed either as an AWS Lambda function or a script running on a Linux machine. Once configured, the collector then sends data periodically to Sumo Logic via an HTTP Source as shown below: After collection is configured, you can then install the Slack app from the Sumo Logic app catalog. For additional details, please see the help page on how to collect data and these instructions on how to install the application. ## App Use Cases Now let’s take a look at some examples of how to make use of the dashboards in the application. ## Monitoring Guest Activity **The Slack – Members** dashboard shows trends for total members, active members, and messages by workspace as shown below: At first, panels will show all members and guests data. In order to track guest activity, use the **Restricted** – Multi channel guests or the **UltraRestricted** – Single channel guests filters. You can then use the **Top Members Activity** to track information around how each guest is using your workspace in terms of the number of channels they are a part of, messages sent, and total files and attachments uploaded. Monitoring this kind of activity is useful especially while investigating the root cause of a security incident; for example, when malware is injected in the organization by an external source. To further investigate guest activity related to files downloaded, uploaded, app installs, and app modifications, use the **Guest File Activity** and **Guest App Activity** panels in the **Slack – File and App Audit** dashboard as shown below: ## Enforcing Security Policies If your organization has specific policies related to granting certain kinds of access to individuals outside of your organization, use the **Guest Activity** panel in the **Slack – User Audit** dashboard to identify all administrative activities related to guest users. As part of best security practices, it is well understood that two-factor authentication should be enabled for all users. To determine the number of users that have two factor authentication enabled or disabled, use the **2FA by Workspace** panel in **Slack – Members** dashboard. ## Monitoring Administrative Actions Let’s look into how the Slack app can be used to monitor administrative actions. If you are on the Slack Enterprise plan and have multiple workspace and administrators, you will want to monitor all settings-related changes to authentication settings and ensure the actions are in line with your expectations. To do so, use the **Workspace – SSO and 2FA Setting Changes** in the **Slack – Workspace Audit** dashboard to understand the details of who made the changes as shown below. To monitor all users whose role are changed to owner, admin, user or guest use the **Role Changed** panel in the **Slack – User Audit** dashboard as shown below. Slack has a number of integrations with the outside technologies such as GitHub, JIRA, and Google Drive, and a Slack workspace can have several of these applications installed. Monitoring all installed apps becomes a tedious task when you have multiple workspaces or a number of applications installed. Use the**Slack – Bots** dashboard to get an overview of all the apps installed on multiple workspaces. Using the **Bot Summary** panels, you can identify how many channels an app is a part of, and the number of messages, files, and attachments the app is associated with. You can also use the **Slack – Public Messages** to identify all messages, files and attachments posted by a specific bot. ### Key Takeaways In this blog post, we show you examples of how to use the Sumo Logic Slack app to monitor Slack workspaces to: - Monitor guest user activity - Enforce your organization’s security policies - Monitor all administrative actions ### **Get Started** If you don’t have a Sumo Logic account yet, you can sign up for a[ free trial](https://www.sumologic.com/free-trial) today. ### Article Tags - [DevOps & IT Operations](https://www.sumologic.com/blog/devops-it-operations) Sourabh Jain and Rishi Divate [](https://www.sumologic.com/feed "RSS Feed")[](https://twitter.com/intent/tweet?text=Monitoring%20Slack%20workspaces%20with%20the%20Sumo%20Logic%20app%20for%20Slack&url=https%3A%2F%2Fwww.sumologic.com%2Fblog%2Fslack-logs-monitoring "X")[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww.sumologic.com%2Fblog%2Fslack-logs-monitoring "Facebook")[](https://www.linkedin.com/sharing/share-offsite/?url=https%3A%2F%2Fwww.sumologic.com%2Fblog%2Fslack-logs-monitoring "Linkedin") [Previous blog Monitor your Google Anthos clusters with the Sumo Logic Istio app ](https://www.sumologic.com/blog/monitor-google-anthos-clusters-istio-app)[Next blog More Innovations from Sumo Logic that Harnesses the Power of Continuous Intelligence for Modern Enterprises](https://www.sumologic.com/blog/content-sync-api-enterprise-audit) People who read this also enjoyed [ Sumo Logic AWS Region European Sovereign Cloud is now generally available June 2, 2026 ](https://www.sumologic.com/blog/sumo-logic-aws-region-european-sovereign-cloud-generally-available)[ How to secure cloud workloads without building a full-scale SOC April 30, 2026 ](https://www.sumologic.com/blog/secure-cloud-workloads-with-limited-resources)[ Join operator and Query Agent for smarter log analysis April 22, 2026 ](https://www.sumologic.com/blog/using-the-join-operator)[ 92% of security leaders say their SIEM is effective. 51% say it’s exceptional. What’s living in that gap? April 16, 2026 ](https://www.sumologic.com/blog/from-effective-to-exceptional-siem) [AI Instructions](https://www.sumologic.com/ai-instructions.md)