Audit Logging

Comprehensive action logging.

What's Logged

Every significant action is recorded:

User Actions

• Login/logout
• Password changes
• MFA setup
• Settings changes

Agent Actions

• Registration
• Approval/rejection
• Command execution
• Script execution
• File transfers

Administrative Actions

• User creation/modification
• Role assignments
• Policy changes
• Integration configuration

Log Format

{
  "timestamp": "2024-01-15T10:30:00Z",
  "user_id": "user-uuid",
  "username": "admin",
  "action": "agent.command.execute",
  "target": "agent-uuid",
  "details": {
    "command": "hostname"
  },
  "ip_address": "192.168.1.100",
  "user_agent": "Mozilla/5.0..."
}

Viewing Logs

1. Navigate to Admin → Logs
2. Filter by:
   • Date range
   • User
   • Action type
   • Target

Exporting Logs

GET /api/v1/logs/?format=csv&from=2024-01-01&to=2024-01-31
Authorization: Bearer YOUR_TOKEN

Retention

• Default: 90 days
• Configurable via AUDIT_LOG_RETENTION_DAYS
• Automatic cleanup

Compliance

Audit logs support compliance with:

• GDPR (access logging)
• ISO 27001 (activity monitoring)
• SOC 2 (audit trails)
• TISAX (traceability)