Audit Logs
Audit Logs provide a comprehensive record of all system activities, changes, and user actions for compliance, security monitoring, and troubleshooting.
Overview
Audit Logs enable you to:
- Track all system changes
- Monitor user activity
- Meet compliance requirements
- Investigate issues
- Generate audit reports
- Maintain data integrity
Accessing Audit Logs
Navigate to Settings → Security → Audit Logs from the main menu.
Audit Log Overview
Log Dashboard
Audit Logs Dashboard
Recent Activity:
├─ Today: 12,456 events
├─ This Week: 78,901 events
├─ This Month: 345,678 events
└─ Storage Used: 2.3 GB
Activity by Type:
├─ Record Changes: 45%
├─ User Actions: 30%
├─ System Events: 15%
└─ Security Events: 10%
Recent High-Priority Events:
├─ [!] Failed login attempts (5) - John's account - 10 min ago
├─ [!] Permission change - Admin role modified - 2 hours ago
├─ [!] Large data export - Customer list (5,000 records) - Today
└─ [!] API key generated - New production key - Yesterday
[View All Logs] [Configure Alerts] [Export]Log Viewer
Search and Filter
Audit Log Search
Filters:
├─ Date Range: [01/15/2026] to [01/22/2026]
├─ User: [All Users ▼]
├─ Action Type: [All Actions ▼]
│ ├─ Create
│ ├─ Update
│ ├─ Delete
│ ├─ View
│ ├─ Login/Logout
│ ├─ Export
│ └─ Settings Change
├─ Entity: [All Entities ▼]
│ ├─ Customers
│ ├─ Orders
│ ├─ Products
│ ├─ Users
│ └─ Settings
└─ Search: [_____________________]
Results: 15,678 events
┌────────────────────────────────────────────────────────────────┐
│ Timestamp │ User │ Action │ Entity │ Details │
├────────────────────────────────────────────────────────────────┤
│ Jan 22 10:45 AM│ John Smith │ Update │ Customer │ [View] │
│ Jan 22 10:43 AM│ Sarah Jones │ Create │ Order │ [View] │
│ Jan 22 10:42 AM│ Mike Wilson │ Delete │ Product │ [View] │
│ Jan 22 10:40 AM│ System │ Login │ User │ [View] │
│ Jan 22 10:38 AM│ API (Main) │ Create │ Invoice │ [View] │
└────────────────────────────────────────────────────────────────┘
[Export Results] [Create Alert]Log Entry Detail
Audit Log Entry
Event ID: LOG-2026-8456789
Timestamp: January 22, 2026 10:45:32 AM EST
Event Information:
├─ Action: Update
├─ Entity: Customer
├─ Record ID: CUST-12345
├─ Record Name: Acme Corporation
└─ Result: Success
User Information:
├─ User: John Smith ([email protected])
├─ Role: Sales Manager
├─ IP Address: 192.168.1.105
├─ Location: New York, NY (estimated)
├─ Device: Chrome on Windows
└─ Session ID: sess_abc123...
Changes Made:
┌────────────────────────────────────────────────────────────────┐
│ Field │ Previous Value │ New Value │
├────────────────────────────────────────────────────────────────┤
│ Credit Limit │ $10,000.00 │ $15,000.00 │
│ Payment Terms │ Net 30 │ Net 45 │
│ Status │ Active │ Active (no change) │
└────────────────────────────────────────────────────────────────┘
Related Events:
├─ Previous change to this record: Jan 20, 2026
├─ Approval request created: Jan 22, 2026 10:45:35 AM
└─ Manager notification sent: Jan 22, 2026 10:45:36 AM
[View Full History] [Export Entry]Activity Types
User Activity
User Activity Log
User: John Smith
Period: Last 30 Days
Activity Summary:
├─ Total Actions: 2,345
├─ Records Modified: 567
├─ Records Created: 89
├─ Records Viewed: 1,456
├─ Reports Generated: 45
└─ Exports: 12
Activity by Module:
├─ Customers: 456 actions
├─ Orders: 678 actions
├─ Invoices: 234 actions
├─ Products: 123 actions
└─ Other: 854 actions
Sessions:
├─ Total Logins: 22
├─ Average Session: 4.5 hours
├─ Failed Logins: 1
└─ Password Changes: 0
Recent Activity:
┌────────────────────────────────────────────────────────────────┐
│ Time │ Action │ Entity │ Details │
├────────────────────────────────────────────────────────────────┤
│ 10:45 AM │ Updated │ Customer │ Credit limit change │
│ 10:30 AM │ Created │ Quote │ QT-2026-0235 │
│ 10:15 AM │ Viewed │ Order │ SO-2026-0892 │
│ 10:00 AM │ Logged In │ Session │ From 192.168.1.105 │
└────────────────────────────────────────────────────────────────┘Security Events
Security Event Log
Filter: [Security Events ▼]
Recent Security Events:
┌────────────────────────────────────────────────────────────────┐
│ Timestamp │ Event │ User │ Status│ Risk │
├────────────────────────────────────────────────────────────────┤
│ Jan 22 10:40 │ Login Success │ John Smith│ ✓ │ Low │
│ Jan 22 10:35 │ Failed Login (3/5) │ Mike W. │ ⚠️ │ Medium│
│ Jan 22 10:30 │ Password Reset │ Sarah J. │ ✓ │ Low │
│ Jan 22 10:25 │ API Key Created │ Admin │ ✓ │ Medium│
│ Jan 22 10:20 │ Permission Changed │ Admin │ ✓ │ High │
│ Jan 22 10:15 │ 2FA Enabled │ Lisa T. │ ✓ │ Low │
│ Jan 22 09:45 │ Failed Login (5/5) │ Unknown │ ⛔ │ High │
│ Jan 22 09:30 │ Account Locked │ Bob M. │ ⛔ │ High │
└────────────────────────────────────────────────────────────────┘
Security Alerts Active: 3
├─ Account locked: Bob Morrison
├─ Multiple failed logins from IP: 45.67.89.123
└─ Unusual export activity: Marketing team
[View Security Dashboard] [Configure Alerts]System Events
System Event Log
Filter: [System Events ▼]
System Activity:
┌────────────────────────────────────────────────────────────────┐
│ Timestamp │ Event │ Component │ Status │
├────────────────────────────────────────────────────────────────┤
│ Jan 22 10:00 │ Scheduled Backup │ Database │ ✓ Success│
│ Jan 22 09:00 │ Email Queue Process │ Notifications│ ✓ Success│
│ Jan 22 08:00 │ Currency Rate Update│ Finance │ ✓ Success│
│ Jan 22 07:00 │ Index Rebuild │ Search │ ✓ Success│
│ Jan 22 06:00 │ Log Rotation │ System │ ✓ Success│
│ Jan 22 05:00 │ Scheduled Reports │ Reports │ ✓ Success│
│ Jan 21 23:00 │ Daily Reconciliation│ Finance │ ⚠️ Warning│
│ Jan 21 22:00 │ Integration Sync │ Shopify │ ✓ Success│
└────────────────────────────────────────────────────────────────┘
System Health:
├─ Uptime: 99.97% (last 30 days)
├─ Failed Jobs: 3 (0.01%)
└─ Average Response: 145msLog Configuration
Retention Settings
Audit Log Retention
Retention Policies:
┌────────────────────────────────────────────────────────────────┐
│ Log Type │ Retention │ Archive │ Status │
├────────────────────────────────────────────────────────────────┤
│ Security Events │ 2 years │ 7 years │ Active │
│ User Activity │ 1 year │ 3 years │ Active │
│ Record Changes │ 1 year │ 5 years │ Active │
│ System Events │ 90 days │ 1 year │ Active │
│ API Requests │ 30 days │ 90 days │ Active │
│ View/Read Actions │ 30 days │ None │ Active │
└────────────────────────────────────────────────────────────────┘
Storage:
├─ Active Logs: 2.3 GB
├─ Archived Logs: 15.6 GB
├─ Total Capacity: 50 GB
└─ Usage: 35.8%
Archive Settings:
├─ Archive Format: [Compressed JSON ▼]
├─ Archive Location: [AWS S3 ▼]
├─ Encryption: [AES-256 ▼]
└─ Auto-delete after archive: [x]
[Save Retention Settings]Event Configuration
Audit Event Configuration
Events to Log:
User Actions:
├─ [x] Login/Logout
├─ [x] Password changes
├─ [x] Profile updates
├─ [x] Permission requests
└─ [x] 2FA enrollment
Record Operations:
├─ [x] Create
├─ [x] Update (with field-level tracking)
├─ [x] Delete
├─ [x] View (configurable by entity)
├─ [x] Export
└─ [x] Import
System Operations:
├─ [x] Configuration changes
├─ [x] Integration events
├─ [x] Scheduled job execution
├─ [x] Error events
└─ [x] Performance alerts
View Logging (by Entity):
├─ [x] Customers - Log all views
├─ [ ] Products - Don't log views
├─ [x] Orders - Log all views
├─ [x] Financial Records - Log all views
└─ [ ] Reports - Don't log views
[Save Event Configuration]Alerts
Alert Configuration
Audit Alert Rules
Active Alerts:
┌────────────────────────────────────────────────────────────────┐
│ Alert Name │ Condition │ Notify │
├────────────────────────────────────────────────────────────────┤
│ Failed Logins │ 5+ in 10 minutes │ Security │
│ Mass Data Export │ 1,000+ records │ Admin │
│ Permission Escalation │ Admin role granted │ IT Manager │
│ After Hours Access │ Login 10PM-6AM │ Security │
│ Sensitive Data Access │ View financial data │ Finance Mgr │
│ Account Locked │ Any account lock │ IT Support │
└────────────────────────────────────────────────────────────────┘
[+ Create Alert Rule]Create Alert
Create Audit Alert
Alert Details:
├─ Name: [Mass Data Export Alert]
├─ Description: [Alert when large data exports occur]
└─ Status: [Active ▼]
Trigger Conditions:
├─ Event Type: [Export ▼]
├─ Condition: [Record count] [greater than] [1,000]
├─ Time Window: [Single event ▼]
└─ [+ Add Condition]
Notifications:
├─ Email: [[email protected], [email protected]]
├─ In-App: [x] Send notification
├─ Slack: [#security-alerts]
└─ Priority: [High ▼]
Alert Message:
[Large data export detected: {user_name} exported {record_count} ]
[{entity_type} records at {timestamp}. Review immediately.]
[Save Alert]Reports
Compliance Reports
Audit Compliance Reports
Available Reports:
├─ User Access Report - Who accessed what, when
├─ Data Change Report - All modifications with before/after
├─ Security Event Report - Login attempts, permission changes
├─ Export Activity Report - Data exports by user
├─ Admin Activity Report - Administrative actions
└─ System Access Report - API and integration access
Generate Report:
├─ Report Type: [User Access Report ▼]
├─ Date Range: [01/01/2026] to [01/31/2026]
├─ Users: [All Users ▼]
├─ Include: [x] Successful actions [x] Failed attempts
└─ Format: [PDF ▼]
Scheduled Reports:
├─ Monthly User Access - 1st of month
├─ Weekly Security Summary - Every Monday
└─ Daily Admin Activity - Daily at 6 AM
[Generate Report] [Schedule Report]Best Practices
Compliance
- Define retention policies
- Protect log integrity
- Regular compliance reviews
- Document audit procedures
Security
- Monitor security events
- Set up alerts
- Review access patterns
- Investigate anomalies
Operations
- Archive old logs
- Monitor storage usage
- Regular log analysis
- Train staff on procedures
Troubleshooting
Common Issues
Logs not appearing
- Check event configuration
- Verify user has logging enabled
- Review filter settings
- Check system time sync
Storage full
- Review retention policies
- Archive old logs
- Increase storage allocation
- Delete unnecessary logs
Performance impact
- Reduce view logging
- Optimize queries
- Schedule heavy reports
- Archive frequently
Related Documentation
Learn about Security Settings for configuring system security.