Skip to main content
Oximy
Security

Audit Log

A chronological record of system activities, user actions, and security events that provides accountability, supports compliance requirements, and enables forensic investigation.

Also known asAudit TrailActivity LogSecurity Log
Full Definition

What is an Audit Log?

An audit log (also called an audit trail) is a security-relevant chronological record that documents the sequence of activities affecting an operation, procedure, or event. Audit logs capture who did what, when, where, and sometimes why - providing accountability and traceability for system activities.

Key Components

What to Log

  • User authentication events
  • Data access and modifications
  • Configuration changes
  • Administrative actions
  • Security events and alerts
  • System errors and exceptions

Log Attributes

  • Timestamp (with timezone)
  • User/system identity
  • Action performed
  • Resource affected
  • Source IP/location
  • Success/failure status
  • Before/after values (for changes)

Compliance Requirements

Many regulations require comprehensive audit logging:

  • SOC 2: Activity monitoring
  • HIPAA: Access logs for PHI
  • PCI DSS: Cardholder data access
  • GDPR: Processing activity records

Best Practices

  • Use immutable, append-only storage
  • Implement log integrity verification
  • Retain logs per compliance requirements
  • Enable real-time monitoring and alerting
  • Protect logs from unauthorized access
Previous

Attribute-Based Access Control (ABAC)

Next

Authentication