Audit Log

The audit log provides a comprehensive record of all significant actions taken within your organization. This feature helps with security monitoring, compliance requirements, and troubleshooting user activities.

Overview

The audit log tracks:

• User management actions (invites, role changes, removals)
• Alert operations (acknowledgments, rule changes)
• Organization settings modifications
• Location and device management
• Security-related events

Accessing the Audit Log

Prerequisites

• Required Role: Owner or Admin
• Location: Organization Settings → Audit tab

Navigation

1. Click your organization name in the top navigation
2. Select Organization Settings
3. Click the Audit tab or navigate to /organization?tab=audit

Understanding Audit Entries

Entry Components

Each audit log entry contains:

Action Types

User Management

• User Invited: New user invitation sent
• User Role Changed: User permissions modified
• User Removed: User access revoked
• User Accepted Invite: Invitation accepted
• User Group Created/Modified: Group membership changes

Alert Management

• Alert Acknowledged: Alert marked as reviewed
• Bulk Acknowledge: Multiple alerts acknowledged
• Alert Rule Created/Modified/Deleted: Rule configuration changes
• Alert Receiver Added/Removed: Notification recipient changes

Organization Management

• Settings Updated: Organization configuration changes
• Billing Modified: Subscription or payment changes
• Organization Created/Deleted: Major organizational changes

Location & Device Management

• Location Created/Modified/Deleted: Site management
• Gateway Added/Removed: Gateway configuration
• Device Added/Modified/Removed: Equipment changes

Searching and Filtering

Search Functionality

The audit log includes a powerful search feature:

• Search by actor name
• Search by action type
• Search by affected resource
• Search within details

Time Filtering

While not currently implemented in the UI, audit logs are:

• Retained for 90 days
• Displayed in reverse chronological order
• Timestamped in your local timezone

Understanding Common Entries

User Invitation Flow

1. [Admin] User Invited: [email protected] (Technician)
2. [[email protected]] User Accepted Invite
3. [[email protected]] First login recorded

Alert Management Flow

1. [Admin] Alert Rule Created: "Battery Low Voltage"
2. [System] Alert Triggered: Battery Low Voltage
3. [Technician] Alert Acknowledged: Battery Low Voltage

Bulk Operations

[Admin] Alerts Acknowledged (Bulk): 15 alerts
  Details: error: 5, warning: 8, information: 2

Security Best Practices

Regular Review

• Weekly: Review failed login attempts
• Monthly: Audit user role changes
• Quarterly: Verify user access appropriateness

Monitoring Key Events

1. Unauthorized Access Attempts
   • Failed logins
   • Permission denied actions
2. Privilege Escalations
   • Role upgrades
   • New admin assignments
3. Bulk Operations
   • Mass acknowledgments
   • Bulk deletions

Compliance Requirements

The audit log helps meet various compliance standards:

• Access Control: Track who has access to what
• Change Management: Document all system modifications
• Incident Response: Investigate security events
• Accountability: Attribute actions to specific users

Interpreting Audit Details

User Management Details

{
  "role": "technician",
  "email": "[email protected]",
  "invited_by": "[email protected]"
}

Alert Acknowledgment Details

{
  "alert_id": 12345,
  "severity": "warning",
  "location": "Main Site"
}

Bulk Operation Details

{
  "count": 25,
  "breakdown": {
    "error": 5,
    "warning": 15,
    "information": 5
  }
}

Export and Integration

Current Capabilities

• View in web interface
• Search and filter
• Copy individual entries

Planned Features

• CSV export functionality
• API access for audit logs
• Webhook integration
• Extended retention options

Troubleshooting

Missing Audit Entries

Issue: Expected action not in audit log Solutions:

• Verify you have Owner/Admin role
• Check if action is audit-logged
• Ensure organization context is correct

Search Not Working

Issue: Search returns no results Solutions:

• Try broader search terms
• Check spelling and case
• Remove special characters

Performance Issues

Issue: Audit log loads slowly Solutions:

• Reduce search scope
• Clear browser cache
• Check network connection

Audit Log Retention

Standard Retention

• Duration: 90 days
• Storage: Secure cloud database
• Archival: Not currently available

Data Privacy

• Audit logs contain PII (email addresses)
• Subject to organization's data retention policy
• Deleted when organization is removed

Best Practices for Teams

Establish Procedures

1. Regular Reviews: Schedule weekly audit reviews
2. Incident Response: Define escalation procedures
3. Documentation: Note unusual activities
4. Training: Educate team on audit importance

Accountability Framework

• All actions are attributed to individuals
• Shared accounts are discouraged
• API actions show service account

Compliance Checklist

• Regular audit log reviews scheduled
• Key events monitoring configured
• Team trained on audit log usage
• Incident response procedures defined
• Retention policy documented

Common Use Cases

Security Investigation

Search: "failed login" OR "permission denied"
Purpose: Identify potential security threats

User Activity Report

Search: "[email protected]"
Purpose: Review all actions by specific user

Change Tracking

Search: "modified" OR "updated" OR "changed"
Purpose: Track all system modifications

Access Audit

Search: "invited" OR "role changed" OR "removed"
Purpose: Review access control changes

Limitations

Current Limitations

• No export functionality
• 90-day retention only
• No real-time notifications
• Limited to web interface

Not Tracked

• Read-only operations
• Data views/downloads
• Metric queries
• Dashboard access

Future Enhancements

Planned Features

1. Export Options: CSV, JSON, PDF reports
2. Extended Retention: Configurable retention periods
3. Real-time Alerts: Webhook notifications
4. Advanced Analytics: Trend analysis and reports
5. API Access: Programmatic audit log access

Related Documentation

• User Roles - Understanding permission levels
• Adding Users - User invitation process
• Alert Management - Alert configuration
• Organization Settings - General settings

Need Help?

If you have questions about the audit log or need assistance with security monitoring, please contact support.