Audit Log
An audit log, also sometimes called an audit trail, is a digital record that tracks activity within a system. The audit log covers activities such as logins, logouts, backups, restores, account creations and deletions, storages edits, and more.
Why are audit logs important?
Audit logs are important because they act like a security camera for computer systems, watching over all the actions that happen inside them. They help us:
Catch Mistakes: Sometimes, people make mistakes without realizing it. Audit logs let us look back and understand what went wrong, so we can fix it.
Stop Wrongdoing: If someone tries to do something they shouldn't, audit logs record their actions. This can stop them from causing harm or help catch them if they do.
Check Who Did What: Audit logs keep a clear record of who did something, what they did, and when they did it. This is really helpful for solving disputes or proving what happened.
Stay Safe: They help keep systems safe by making sure only the right people can do certain things. If something unusual happens, the logs can alert us.
Meet Rules: Many times, laws or rules require that we keep these logs to show we are protecting information properly.
Accessing the Audit Log Screen
Permissions required to view the audit log
Every Cloudback user can see the audit log. In the audit log, you can find:
Logs of what you have done.
Logs of activities in the organizations you're part of.
Logs of what everyone in your organizations has done.
This way, you can easily check actions by you, your team, or your entire organization.
Locating the audit log within the application
The audit log screen can be found in the navigation sidebar:
Layout of the Audit Log Screen
Below is the list of table columns of the audit log screen:
Time: When the action took place. Dates and times are listed in descending order (most recent first).
Action: Describes the type of event.
Description: Provides more details about the action, including what was backed up, what notifications were sent, and which repositories were affected.
Account: Indicates the GitHub account name associated with the action.
User: Specifies the username that executed the action.
IP: Shows the IP address from which the action was taken.
Device: Describes the device or browser used.
Location: Shows the geographic location associated with the IP address.
Error: This column would display any error messages associated with the action.
Interpreting Audit Log Entries
Below is a list of events you may encounter in the audit log:
Login: Occurs when a user successfully logs in to the system.
Logout: Recorded when a user logs out of the system.
AuditLogExported: Indicates an export of the audit log has been performed.
UserSettingsUpdated: Recorded when changes made to a user's settings.
InstantNotificationSent: A notification about backup success or failure has been sent.
EmailNotificationSent: A notification has been sent via email.
StorageCreated: Recorded when new storage is created.
StorageUpdated: Indicates updates made to existing storage.
StorageDeleted: Marks the deletion of storage.
ScheduleCreated: A new backup schedule has been created.
ScheduleUpdated: Changes have been made to an existing backup schedule.
ScheduleDeleted: A backup schedule has been removed.
RetentionPolicyCreated: A new retention policy for backups has been established.
RetentionPolicyUpdated: An existing retention policy has been modified.
RetentionPolicyDeleted: A retention policy has been deleted.
BackupTriggered: A backup process has been initiated.
BackupCompleted: A backup has completed. It is failed if Error is indicated otherwise it is succeeded.
BackupDeleted: A backup has been removed from storage by retention policy.
BackupDownloaded: A backup has been downloaded by a user.
RestoreTriggered: The process to restore data from a backup has started.
RestoreCompleted: The restoration of data has been completed.
GitHub Related Events:
AccountCreated: A new GitHub account integration has been created.
AccountDeleted: A GitHub account integration has been deleted.
AccountRenamed: A GitHub account has been renamed.
AccountSettingsUpdated: Settings for a GitHub account have been updated.
InstallationCreated: A new GitHub installation has been set up.
InstallationSuspended: A GitHub installation has been temporarily suspended.
InstallationUnsuspended: A previously suspended GitHub installation has been reactivated.
InstallationDeleted: A GitHub installation has been permanently removed.
InstallationNewPermissionsAccepted: New permissions for a GitHub installation have been accepted.
PurchaseCreated: A new purchase or subscription has been made.
PurchaseChanged: An existing purchase or subscription has been altered.
PurchaseCancelled: A purchase or subscription has been cancelled.
RepositoryAdded: A new repository has been added to the account.
RepositoryUpdated: An existing repository has been updated.
RepositoryPublicized: A repository has been made public.
RepositoryPrivatized: A repository has been made private.
RepositoryArchived: A repository has been archived.
RepositoryUnarchived: An archived repository has been made active again.
RepositoryRenamed: A repository has changed its name.
RepositoryRemoved: A repository has been removed from the account.
Exporting Audit Logs
To conduct a more detailed analysis, use the "Export to CSV" button to download the log entries. The export function currently supports the CSV format only, suitable for opening and analyzing in Microsoft Excel. Please note that the export is limited to a maximum of 1,048,576 rows; any data beyond this limit will be truncated. To ensure the export encompasses only the most relevant data, it's advisable to refine your search criteria prior to initiating the export process.
Log retention policy (how long are logs stored?)
The default retention period for audit logs is 180 days. Should you require a longer retention duration, please reach out to our support team to establish a customized retention policy.
Integrating audit logs with external systems (e.g., SIEM)
For Enterprises who want to integrate audit logs with SIEM systems, our audit logs can be forwarded to an external system. Contact our support team for assistance with configuring this integration. They'll be happy to discuss your specific needs and recommend the best approach.