Audit Logs
Realm9 maintains comprehensive audit logs of all user actions and system events for security, compliance, and troubleshooting.
Overview
Audit logs capture:
- User actions
- System events
- Configuration changes
- Access attempts
- API calls
Accessing Audit Logs
Navigate to Audit Logs to view:
- Real-time activity stream
- Filtered event history
- Detailed event information
- Export options
Event Types
Authentication Events
- User login/logout
- MFA verification
- SSO authentication
- Password changes
- Account lockouts
Resource Actions
- Environment creation/deletion
- Booking submissions
- Terraform runs
- Configuration changes
- Data exports
Access Control
- Permission changes
- Role assignments
- User invitations
- Access denials
- API key usage
Administrative Actions
- Organization settings changes
- User management
- Integration configuration
- Security policy updates
Log Details
Each log entry includes:
- Timestamp - Exact time of event
- User - Who performed the action
- Action - What was done
- Resource - Target of the action
- IP Address - Source IP
- User Agent - Browser/client info
- Status - Success or failure
- Details - Additional context
Filtering and Search
Filter By
- Date range
- User
- Action type
- Resource type
- Status (success/failure)
Search
- Full-text search
- Advanced query syntax
- Regular expressions
- Saved searches
Exporting Logs
Export Formats
- CSV for spreadsheets
- JSON for processing
- PDF for reports
- Syslog for SIEM
Export Options
- Filter before export
- Schedule regular exports
- Automated delivery
- Encrypted exports
Retention Policies
Default Retention
- 90 days for standard logs
- 1 year for security events
- 7 years for compliance (Enterprise)
Custom Retention
Configure retention per:
- Event type
- Severity level
- Compliance requirements
- Storage capacity
Compliance and Security
Regulatory Compliance
Support for:
- SOC 2 audit requirements
- GDPR data access logs
- HIPAA access tracking
- PCI DSS logging
Security Monitoring
Use logs to detect:
- Unusual access patterns
- Failed login attempts
- Privilege escalation
- Data exfiltration
Alerting
Real-time Alerts
Configure alerts for:
- Failed authentication attempts
- Permission changes
- Sensitive data access
- System errors
Alert Channels
Send alerts via:
- Slack
- Microsoft Teams
- PagerDuty
- Webhooks
Integration
SIEM Integration
Forward logs to:
- Splunk
- ELK Stack
- Datadog
- Azure Sentinel
- Custom endpoints
Log Forwarding
Configure automatic forwarding:
- Real-time streaming
- Batch delivery
- Format transformation
- Encryption in transit
Common Use Cases
Security Investigations
Investigate security incidents:
- Filter by time range
- Search for suspicious IPs
- Track user actions
- Correlate events
- Export evidence
Compliance Audits
Prepare for audits:
- Export relevant logs
- Generate access reports
- Verify controls
- Document findings
Troubleshooting
Debug issues:
- Find error events
- Trace user actions
- Identify patterns
- Locate root cause
Access Reviews
Review user activity:
- Filter by user
- Check accessed resources
- Verify permissions
- Identify anomalies
Best Practices
Regular Reviews
- Weekly security reviews
- Monthly access audits
- Quarterly compliance checks
- Annual comprehensive audits
Alert Configuration
- Set alerts for critical events
- Avoid alert fatigue
- Test alert channels
- Review alert rules regularly
Log Retention
- Balance compliance and storage
- Archive old logs
- Secure sensitive logs
- Document retention policy
Access Control
- Limit audit log access
- Separate duties
- Monitor the monitors
- Protect log integrity
API Access
Query Logs via API
GET /api/audit-logs?from=2024-01-01&to=2024-01-31&user=admin
Stream Logs
GET /api/audit-logs/stream
Export Logs
POST /api/audit-logs/export
Reporting
Standard Reports
Pre-built reports for:
- User activity summary
- Failed access attempts
- Permission changes
- System health
Custom Reports
Create custom reports:
- Define metrics
- Set time ranges
- Choose visualizations
- Schedule delivery