Audit Trail
✓ Tamper-Proof Implementation
ATStatus includes an enterprise-grade audit logging system with hash chain verification, ensuring complete traceability and tamper evidence for all administrative actions.
Each audit event includes a cryptographic hash that depends on the previous event's hash. This creates an unbreakable chain — if anyone modifies a past entry, all subsequent hashes become invalid, immediately exposing tampering.
How the Audit Trail Works
┌─────────────────────────────────────────────────────────────┐
│ Audit Event Chain │
├─────────────────────────────────────────────────────────────┤
│ │
│ Event #1 Event #2 Event #3 │
│ ┌──────────┐ ┌──────────┐ ┌──────────┐ │
│ │ Action │ │ Action │ │ Action │ │
│ │ Actor │ │ Actor │ │ Actor │ │
│ │ Time │ │ Time │ │ Time │ │
│ │ Hash: A │────▶│ Hash: B │────▶│ Hash: C │────▶ ... │
│ │ Prev: ∅ │ │ Prev: A │ │ Prev: B │ │
│ └──────────┘ └──────────┘ └──────────┘ │
│ │
│ If Event #1 is modified, Hash A changes, │
│ which invalidates Hash B, Hash C, and all subsequent. │
└─────────────────────────────────────────────────────────────┘What Gets Logged
The audit system captures all significant administrative actions:
- • User login (success/failure)
- • Logout
- • Password changes
- • 2FA enable/disable
- • Session creation/revocation
- • User created
- • User modified (role changes, etc.)
- • User deactivated/deleted
- • Permission changes
- • Component created/modified/deleted
- • Incident created/updated/resolved
- • Maintenance scheduled/completed
- • Status page settings changed
- • API key created/deleted
- • Feature toggles changed
- • Cache cleared
- • Data exports performed
Audit Event Structure
Each audit event contains the following information:
| Field | Description | Example |
|---|---|---|
id | Unique event identifier | evt_abc123 |
timestamp | When the event occurred | 2024-01-15T14:30:00Z |
severity | Event severity level | INFO, WARNING, CRITICAL |
eventType | Type of action performed | USER_LOGIN, INCIDENT_CREATE |
domain | Functional area | AUTH, INCIDENT, USER |
actorId | User who performed action | user_xyz789 |
actorEmail | Actor's email address | admin@example.com |
entityType | Type of entity affected | Incident, Component |
entityId | ID of affected entity | inc_def456 |
changes | What was changed (JSON) | {"status": ["investigating", "resolved"]} |
ipAddress | Request origin IP | 192.168.1.100 |
userAgent | Browser/client info | Mozilla/5.0... |
hash | Cryptographic hash | sha256:abc... |
prevHash | Previous event's hash | sha256:xyz... |
Severity Levels
Accessing Audit Logs
Admin Panel
Access audit logs at /admin/audit. The interface provides:
- Filtering: By date range, severity, event type, user, entity
- Search: Full-text search across event data
- Detail View: Expand events to see full change details
- Export: Download logs in JSON or CSV format
Sensitive Data Access
IP addresses, user agents, and other sensitive metadata are only visible to users with the AUDIT_VIEW_SENSITIVE permission. This is granted to OWNER and ADMIN roles by default.
Tamper Detection
The hash chain provides automatic tamper detection. If anyone attempts to modify a historical audit entry:
- The modified entry's hash would change
- The next entry's
prevHashwould no longer match - All subsequent entries become invalid
- The chain break is detectable by validating hashes
// Hash verification pseudocode
function verifyChain(events) {
for (let i = 1; i < events.length; i++) {
const expectedPrevHash = computeHash(events[i-1]);
if (events[i].prevHash !== expectedPrevHash) {
return { valid: false, brokenAt: i };
}
}
return { valid: true };
}Compliance Benefits
Log Retention
By default, audit logs are retained indefinitely. For compliance with data retention policies, you can implement log archival or deletion procedures:
- Export logs before deletion for archival
- Consider regulatory requirements (some require 7+ years retention)
- Database cleanup can be done via Prisma or direct SQL
Export audit logs monthly and store in a separate, secure location. This provides backup and allows database cleanup while maintaining compliance.