Audit logs track who did what, when and from where. They are the safety net for internal controls, leak investigations and GDPR / ISO 27001 compliance.
Auto-tracked events #
| Category | Events |
|---|---|
| Authentication | Login, logout, failure, MFA, SSO |
| Employee data | Creation, edit, delete, sensitive read |
| Payroll | Payslip generated, approved, sent, edited |
| Permissions | Role granted, revoked, edited |
| Exports | Bulk download, API, integration |
| Documents | Download, share, delete |
Step-by-step #
-
Open the Audit module #
Security → Audit logs. Filters by date, user, category, severity.
-
Investigate an event #
Click a row to view the detail: payload, IP, user agent, before and after state.
-
Configure alerts #
Sensitive action (mass export, salary edit, admin grant) = immediate Slack/email notification.
-
Export for external audit #
CEF, JSON or signed CSV format. Compatible with Splunk, Datadog, Sentinel.
-
Retention #
2 years by default, extendable to 7 years (Premium) for banking/healthcare obligations.
FAQ #
Are logs tamper-proof?
Yes, cryptographic signature on write. Any modification is detectable.
How does this comply with GDPR?
Logs track personal data access. Anonymisation possible for logs > 1 year.
And SIEM?
Real-time stream via syslog or webhook to Splunk, Sentinel, Sumologic.
Volume?
~5-15 events / employee / day. For 500 people: ~50 MB / month.
