diff --git a/manifests/app_type.pp b/manifests/app_type.pp
index 5ce6f7f..493929d 100644
--- a/manifests/app_type.pp
+++ b/manifests/app_type.pp
@@ -148,7 +148,8 @@ define sunetdrive::app_type (
       force   => true,
       owner   => 'root',
       group   => 'root',
-      content => "#This file is managed by puppet\n#filename:retention days:maxsize mb\n/opt/nextcloud/nextcloud.log:180:256\n",
+      content => "#This file is managed by puppet
+#filename:retention days:maxsize mb\n/opt/nextcloud/nextcloud.log:180:256\n/opt/nextcloud/audit.log:180:256\n",
       mode    => '0644',
     }
     file { '/opt/rotate/conf.d/redis.conf':
@@ -199,6 +200,13 @@ define sunetdrive::app_type (
       group  => 'root',
       mode   => '0644',
     }
+    file { '/opt/nextcloud/audit.log':
+      ensure => file,
+      force  => true,
+      owner  => 'www-data',
+      group  => 'root',
+      mode   => '0644',
+    }
     file { '/opt/nextcloud/rclone.conf':
       ensure  => file,
       owner   => 'www-data',
diff --git a/manifests/multinode.pp b/manifests/multinode.pp
index eeffdb4..9620cb7 100644
--- a/manifests/multinode.pp
+++ b/manifests/multinode.pp
@@ -264,6 +264,7 @@ MACAddressPolicy=none'
     $mail_from_address = hiera("mail_from_address_${environment}")
     $mail_smtphost = hiera("mail_smtphost_${environment}")
     $nextcloud_log_path ="/opt/multinode/${customer}/nextcloud.log"
+    $audit_log_path ="/opt/multinode/${customer}/audit.log"
     if $customer_config['nextcloud_version'] {
       $nextcloud_version = $customer_config['nextcloud_version']
     } else {
@@ -384,6 +385,13 @@ MACAddressPolicy=none'
       group  => 'root',
       mode   => '0644',
     }
+    file { $audit_log_path:
+      ensure => file,
+      force  => true,
+      owner  => 'www-data',
+      group  => 'root',
+      mode   => '0644',
+    }
     file { $rclone_conf_path:
       ensure  => present,
       owner   => 'www-data',
diff --git a/templates/application/docker-compose_nextcloud.yml.erb b/templates/application/docker-compose_nextcloud.yml.erb
index 8c74570..0936df0 100644
--- a/templates/application/docker-compose_nextcloud.yml.erb
+++ b/templates/application/docker-compose_nextcloud.yml.erb
@@ -21,6 +21,7 @@ services:
       - /opt/nextcloud/complete_reinstall.sh:/complete_reinstall.sh
       - /opt/nextcloud/config.php:/var/www/html/config/config.php
       - /opt/nextcloud/nextcloud.log:/var/www/html/data/nextcloud.log
+      - /opt/nextcloud/audit.log:/var/www/html/data/audit.log
       - /opt/nextcloud/rclone.conf:/rclone.conf
 <%- if @skeletondirectory -%>
       - /opt/nextcloud/skeleton:<%= @skeletondirectory %>
@@ -42,7 +43,7 @@ services:
     ports:
       - 443:443
 <%- end -%>
-    command: sh -c 'tail -f  /var/www/html/data/nextcloud.log | tee -a /proc/1/fd/2 & apachectl -D FOREGROUND'
+    command: sh -c 'tail -F  /var/www/html/data/nextcloud.log /var/www/html/data/audit.log| tee -a /proc/1/fd/2 & apachectl -D FOREGROUND'
     tty: true
 
 <%- if !@hostnet -%>
diff --git a/templates/multinode/compress-logs.erb.sh b/templates/multinode/compress-logs.erb.sh
index 9468c85..5e5e341 100644
--- a/templates/multinode/compress-logs.erb.sh
+++ b/templates/multinode/compress-logs.erb.sh
@@ -5,7 +5,7 @@ no_files=30 # Keep this many files as an archive, script is run once a week
 # a specific host, but will differ between hosts
 sleep $((16#$(ip a | grep "link/ether" | head -1 | awk -F ':' '{print $6}' | awk '{print $1}') / 2))m
 
-for logfile in $(ls /opt/multinode/*/{nextcloud.log,server/server.log}); do
+for logfile in $(ls /opt/multinode/*/{nextcloud.log,audit.log,server/server.log}); do
 	if [[ -f ${logfile}.gz.${no_files} ]]; then
 		rm ${logfile}.gz.${no_files}
 	fi
diff --git a/templates/multinode/docker-compose_nextcloud.yml.erb b/templates/multinode/docker-compose_nextcloud.yml.erb
index c6f0bb3..8008cb7 100644
--- a/templates/multinode/docker-compose_nextcloud.yml.erb
+++ b/templates/multinode/docker-compose_nextcloud.yml.erb
@@ -13,6 +13,7 @@ services:
       - /opt/nextcloud/cli.php.ini:/etc/php/8.0/cli/php.ini
       - <%= @config_php_path %>:/var/www/html/config/config.php
       - <%= @nextcloud_log_path %>:/var/www/html/data/nextcloud.log
+      - <%= @audit_log_path %>:/var/www/html/data/audit.log
       - <%= @rclone_conf_path %>:/rclone.conf
     environment:
       - NC_PASS=<%= @admin_password%>
@@ -25,7 +26,7 @@ services:
       - 89.32.32.32
     ports:
       - <%= @https_port %>:443
-    command: apachectl -D FOREGROUND
+    command: sh -c 'tail -F  /var/www/html/data/nextcloud.log /var/www/html/data/audit.log| tee -a /proc/1/fd/2 & apachectl -D FOREGROUND'
     tty: true
 
 networks: