diff --git a/app/Controller/AuditLogsController.php b/app/Controller/AuditLogsController.php
index fc2935a8f..6ddee8443 100644
--- a/app/Controller/AuditLogsController.php
+++ b/app/Controller/AuditLogsController.php
@@ -91,21 +91,6 @@ class AuditLogsController extends AppController
         ];
     }
 
-    private function __applyAuditACL(array $user)
-    {
-        $acl = [];
-        if (empty($user['Role']['perm_site_admin'])) {
-            if (!empty($user['Role']['perm_admin'])) {
-                // ORG admins can see their own org info
-                $acl = ['AuditLog.org_id' => $user['org_id']];
-            } else {
-                // users can see their own info
-                $acl = ['AuditLog.user_id' => $user['id']];
-            }
-        }
-        return $acl;
-    }
-
     public function admin_index()
     {
         $this->paginate['fields'][] = 'ip';
@@ -135,7 +120,7 @@ class AuditLogsController extends AppController
 
         $this->paginate['conditions'] = $this->__searchConditions($params);
         $user = $this->Auth->user();
-        $acl = $this->__applyAuditACL($user);
+        $acl = $this->__applyAuditAcl($user);
         if ($acl) {
             $this->paginate['conditions']['AND'][] = $acl;
         }
@@ -223,7 +208,7 @@ class AuditLogsController extends AppController
 
     public function fullChange($id)
     {
-        $acl = $this->__applyAuditACL($this->Auth->user());
+        $acl = $this->__applyAuditAcl($this->Auth->user());
         $log = $this->AuditLog->find('first', [
             'conditions' => [
                 'AND' => [
@@ -235,7 +220,7 @@ class AuditLogsController extends AppController
             'fields' => ['change', 'action'],
         ]);
         if (empty($log)) {
-            throw new Exception('Log not found.');
+            throw new NotFoundException('Log not found.');
         }
         $this->set('log', $log);
     }
@@ -253,6 +238,21 @@ class AuditLogsController extends AppController
         return $this->RestResponse->viewData($data, $this->response->type());
     }
 
+    private function __applyAuditAcl(array $user)
+    {
+        $acl = [];
+        if (empty($user['Role']['perm_site_admin'])) {
+            if (!empty($user['Role']['perm_admin'])) {
+                // ORG admins can see their own org info
+                $acl = ['AuditLog.org_id' => $user['org_id']];
+            } else {
+                // users can see their own info
+                $acl = ['AuditLog.user_id' => $user['id']];
+            }
+        }
+        return $acl;
+    }
+
     /**
      * @return array
      */
diff --git a/app/Model/AuditLog.php b/app/Model/AuditLog.php
index 9b0718ae9..36fd85ab2 100644
--- a/app/Model/AuditLog.php
+++ b/app/Model/AuditLog.php
@@ -10,6 +10,7 @@ class AuditLog extends AppModel
 {
     const BROTLI_HEADER = "\xce\xb2\xcf\x81";
     const COMPRESS_MIN_LENGTH = 256;
+    const CHANGE_MAX_SIZE = 64 * 1024; // MySQL type blob
 
     const ACTION_ADD = 'add',
         ACTION_EDIT = 'edit',
@@ -235,6 +236,10 @@ class AuditLog extends AppModel
 
         if (isset($auditLog['change'])) {
             $auditLog['change'] = $this->encodeChange($auditLog['change']);
+            if (strlen($auditLog['change']) > self::CHANGE_MAX_SIZE) {
+                // Change is too big to save in database, skipping
+                $auditLog['change'] = null;
+            }
         }
     }