Audit Log
The Audit Log page provides a searchable, filterable timeline of all platform events for compliance monitoring and security investigation. It displays events from the Audit Service with support for advanced filtering, full-text search, event detail views, and export capabilities.
Audit Event Display
The audit log page (AuditLogPage.tsx) presents events in a chronological timeline with the following columns:
| Column | Description | Sortable |
|---|---|---|
| Timestamp | Event occurrence time | Yes |
| Actor | User or service that triggered the event | Yes |
| Action | Event type (create, update, delete, login) | Yes |
| Resource | Target resource type and identifier | Yes |
| Status | Success or failure | Yes |
| Details | Expandable event metadata | No |
Event Categories
| Category | Events | Source |
|---|---|---|
| Authentication | Login, logout, MFA, password change | IAM Service |
| User Management | User create, update, role change, deactivate | IAM Service |
| Tenant | Tenant create, configure, suspend | Tenant Service |
| Data Access | Query execution, dashboard view, export | AI Service, Query Engine |
| Model Lifecycle | Train, deploy, promote, retire | ML Service |
| Configuration | Settings change, feature flag toggle | Config Service |
| Infrastructure | Deployment, scaling, restart | Infrastructure Service |
| Billing | Plan change, payment, invoice | Billing Service |
Filtering
The audit log supports multiple filter dimensions:
interface AuditFilter {
date_from?: string;
date_to?: string;
actor?: string;
action?: string;
resource_type?: string;
status?: 'success' | 'failure';
tenant_id?: string;
search?: string; // Full-text search across all fields
}Quick Filters
| Filter | Options |
|---|---|
| Time range | Last hour, Last 24h, Last 7d, Last 30d, Custom |
| Action type | All, Create, Update, Delete, Login, Access |
| Status | All, Success, Failure |
| Resource | Users, Tenants, Models, Queries, Dashboards |
Event Detail View
Clicking an event expands a detail panel showing:
| Field | Description |
|---|---|
| Full timestamp | Precise event time with timezone |
| Actor details | User ID, name, IP address, user agent |
| Resource details | Resource type, ID, name |
| Changes | Before/after values for update events |
| Request metadata | API endpoint, HTTP method, correlation ID |
| Related events | Linked events in the same workflow |
Export
Audit logs can be exported for external analysis or compliance reporting:
| Format | Description |
|---|---|
| CSV | Comma-separated values with all fields |
| JSON | Structured JSON with full event details |
| Formatted report for compliance documentation |
Retention
| Tier | Retention Period |
|---|---|
| Standard | 90 days |
| Enterprise | 1 year |
| Compliance | 7 years (configurable) |
Real-Time Streaming
The audit log page supports real-time event streaming via WebSocket:
const useAuditStream = () => {
const ws = useWebSocket('/ws/audit/stream');
useEffect(() => {
ws.onMessage((event) => {
addEventToTimeline(JSON.parse(event.data));
});
}, []);
};Access Control
| Role | View Own Events | View All Events | Export | Configure Retention |
|---|---|---|---|---|
| Platform Admin | Yes | Yes | Yes | Yes |
| Tenant Admin | Yes | Tenant only | Tenant only | No |
| Auditor | Yes | Yes | Yes | No |
| User | Own only | No | No | No |