Security

Audit Log

A chronological record of system activities, user actions, and security events that provides accountability, supports compliance requirements, and enables forensic investigation.

Also known as:Audit TrailActivity LogSecurity Log

What is an Audit Log?

An audit log (also called an audit trail) is a security-relevant chronological record that documents the sequence of activities affecting an operation, procedure, or event. Audit logs capture who did what, when, where, and sometimes why - providing accountability and traceability for system activities.

Key Components

What to Log

  • User authentication events
  • Data access and modifications
  • Configuration changes
  • Administrative actions
  • Security events and alerts
  • System errors and exceptions

Log Attributes

  • Timestamp (with timezone)
  • User/system identity
  • Action performed
  • Resource affected
  • Source IP/location
  • Success/failure status
  • Before/after values (for changes)

Compliance Requirements

Many regulations require comprehensive audit logging:

  • SOC 2: Activity monitoring
  • HIPAA: Access logs for PHI
  • PCI DSS: Cardholder data access
  • GDPR: Processing activity records

Best Practices

  • Use immutable, append-only storage
  • Implement log integrity verification
  • Retain logs per compliance requirements
  • Enable real-time monitoring and alerting
  • Protect logs from unauthorized access
Previous

Attribute-Based Access Control (ABAC)

Next

Authentication