diff --git a/apps/emqx_audit/src/emqx_audit_api.erl b/apps/emqx_audit/src/emqx_audit_api.erl
index 81553dca0..a7fd8f4ad 100644
--- a/apps/emqx_audit/src/emqx_audit_api.erl
+++ b/apps/emqx_audit/src/emqx_audit_api.erl
@@ -35,6 +35,7 @@
     {<<"gte_duration_ms">>, timestamp},
     {<<"lte_duration_ms">>, timestamp}
 ]).
+-define(DISABLE_MSG, <<"Audit is disabled">>).
 
 namespace() -> "audit".
 
@@ -151,7 +152,11 @@ schema("/audit") ->
                     emqx_dashboard_swagger:schema_with_example(
                         array(?REF(audit_list)),
                         audit_log_list_example()
-                    )
+                    ),
+                400 => emqx_dashboard_swagger:error_codes(
+                    ['BAD_REQUEST'],
+                    ?DISABLE_MSG
+                )
             }
         }
     }.
@@ -232,23 +237,30 @@ fields(http_request) ->
     ].
 
 audit(get, #{query_string := QueryString}) ->
-    case
-        emqx_mgmt_api:node_query(
-            node(),
-            ?AUDIT,
-            QueryString,
-            ?AUDIT_QS_SCHEMA,
-            fun ?MODULE:qs2ms/2,
-            fun ?MODULE:format/1
-        )
-    of
-        {error, page_limit_invalid} ->
-            {400, #{code => 'BAD_REQUEST', message => <<"page_limit_invalid">>}};
-        {error, Node, Error} ->
-            Message = list_to_binary(io_lib:format("bad rpc call ~p, Reason ~p", [Node, Error])),
-            {500, #{code => <<"NODE_DOWN">>, message => Message}};
-        Result ->
-            {200, Result}
+    case emqx_config:get([log, audit, enable], false) of
+        false ->
+            {400, #{code => 'BAD_REQUEST', message => ?DISABLE_MSG}};
+        true ->
+            case
+                emqx_mgmt_api:node_query(
+                    node(),
+                    ?AUDIT,
+                    QueryString,
+                    ?AUDIT_QS_SCHEMA,
+                    fun ?MODULE:qs2ms/2,
+                    fun ?MODULE:format/1
+                )
+            of
+                {error, page_limit_invalid} ->
+                    {400, #{code => 'BAD_REQUEST', message => <<"page_limit_invalid">>}};
+                {error, Node, Error} ->
+                    Message = list_to_binary(
+                        io_lib:format("bad rpc call ~p, Reason ~p", [Node, Error])
+                    ),
+                    {500, #{code => <<"NODE_DOWN">>, message => Message}};
+                Result ->
+                    {200, Result}
+            end
     end.
 
 qs2ms(_Tab, {Qs, _}) ->
diff --git a/apps/emqx_audit/test/emqx_audit_api_SUITE.erl b/apps/emqx_audit/test/emqx_audit_api_SUITE.erl
index eebb8f770..a402efe31 100644
--- a/apps/emqx_audit/test/emqx_audit_api_SUITE.erl
+++ b/apps/emqx_audit/test/emqx_audit_api_SUITE.erl
@@ -19,6 +19,21 @@
 
 -include_lib("eunit/include/eunit.hrl").
 
+all() ->
+    [
+        {group, enabled},
+        {group, disabled}
+    ].
+
+groups() ->
+    [
+        {enabled, [sequence], common_tests() -- [t_disabled]},
+        {disabled, [sequence], [t_disabled]}
+    ].
+
+common_tests() ->
+    emqx_common_test_helpers:all(?MODULE).
+
 -define(CONF_DEFAULT, #{
     node =>
         #{
@@ -40,9 +55,6 @@
     }
 }).
 
-all() ->
-    emqx_common_test_helpers:all(?MODULE).
-
 init_per_suite(Config) ->
     _ = application:load(emqx_conf),
     emqx_config:erase_all(),
@@ -90,6 +102,40 @@ t_http_api(_) ->
     ),
     ok.
 
+t_disabled(_) ->
+    Enable = [log, audit, enable],
+    ?assertEqual(true, emqx:get_config(Enable)),
+    AuditPath = emqx_mgmt_api_test_util:api_path(["audit"]),
+    AuthHeader = emqx_mgmt_api_test_util:auth_header_(),
+    {ok, _} = emqx_mgmt_api_test_util:request_api(get, AuditPath, "limit=1", AuthHeader),
+    Size1 = mnesia:table_info(emqx_audit, size),
+
+    {ok, Logs} = emqx_mgmt_api_configs_SUITE:get_config("log"),
+    Logs1 = emqx_utils_maps:deep_put([<<"audit">>, <<"max_filter_size">>], Logs, 100),
+    NewLogs = emqx_utils_maps:deep_put([<<"audit">>, <<"enable">>], Logs1, false),
+    {ok, _} = emqx_mgmt_api_configs_SUITE:update_config("log", NewLogs),
+    ?assertMatch(
+        {error, _},
+        emqx_mgmt_api_test_util:request_api(get, AuditPath, "limit=1", AuthHeader)
+    ),
+
+    Size2 = mnesia:table_info(emqx_audit, size),
+    %% Record the audit disable action, so the size + 1
+    ?assertEqual(Size1 + 1, Size2),
+
+    {ok, Zones} = emqx_mgmt_api_configs_SUITE:get_global_zone(),
+    NewZones = emqx_utils_maps:deep_put([<<"mqtt">>, <<"max_topic_levels">>], Zones, 111),
+    {ok, #{<<"mqtt">> := Res}} = emqx_mgmt_api_configs_SUITE:update_global_zone(NewZones),
+    ?assertMatch(#{<<"max_topic_levels">> := 111}, Res),
+    Size3 = mnesia:table_info(emqx_audit, size),
+    %% Don't record mqtt update request.
+    ?assertEqual(Size2, Size3),
+    %% enabled again
+    {ok, _} = emqx_mgmt_api_configs_SUITE:update_config("log", Logs1),
+    Size4 = mnesia:table_info(emqx_audit, size),
+    ?assertEqual(Size3 + 1, Size4),
+    ok.
+
 t_cli(_Config) ->
     ok = emqx_ctl:run_command(["conf", "show", "log"]),
     AuditPath = emqx_mgmt_api_test_util:api_path(["audit"]),
diff --git a/rel/i18n/emqx_audit_api.hocon b/rel/i18n/emqx_audit_api.hocon
index 040c0009f..40741310e 100644
--- a/rel/i18n/emqx_audit_api.hocon
+++ b/rel/i18n/emqx_audit_api.hocon
@@ -16,7 +16,7 @@ filter_from.desc:
 `dashboard`: Dashboard request logs, requiring the use of a jwt_token.
 `rest_api`: API KEY request logs.
 `cli`: The emqx command line logs.
-`erlang_console`: The emqx remote_console run function logs.
+`erlang_console`: The emqx remote_console run function logs."""
 
 filter_source.desc:
 """"Filter logs based on source, Possible values are: