Log Events
Explore Log Events
Log events are the individual records that are recorded in the Pangea Secure Audit Log. These events provide the details of the auditable activity that has occurred.
Events can be stored using the following Secure Audit Log API endpoints:
The logs can be recalled using the following endpoints:
You can also view logged events in the Secure Audit Log Viewer in the Pangea User Console.
Explore event fields
Each log consists of a set of fields designed to record specific components of the activity being recorded. The only required field is message, with all others being optional.
Events streamed from third-party vendors (such as Auth0) have predefined fields that cannot be added or removed from the log content.
Required fields
-
Message
- This field is used to record a detailed account of what action occurred. This can be recorded as free-form text or as a JSON field. If JSON is provided the log viewer will render this field as JSON.
Optional fields
The required fields allow the recording of all details needed to meet any compliance requirement or use case. However, recording only these fields may make recalling or searching your records more difficult. The optional log fields have been created based on significant research and experience to allow further granularity in audit log storage and search.
- Actor
- The actor field is used to record who performed a specific action. This could be used to record the user ID, username, first and last name, or a combination of fields.
- Source
- The source field is for recording from where an activity occurred. This could be used to record a client's IP address, country of origin, the application used, etc.
- Action
- This is used to record the action that occurred. Typical values seen in this field are "Create/Read/Update/Delete," but could also include actions specific to your application.
- Status
- Status is used to record whether or not the action was successful.
- Target
- This is used to record the specific record that was targeted by the recorded action. This could be an object ID, a username, or other identifying information.
- Old
- This is usually used in combination with "new-value." Old-value is used to record the value(s) of a record before any change made by the recorded action. If JSON is provided, the log viewer will render this field as JSON.
- New
- Used in combination with "old," new is used to record the value(s) of a record after a change has been made by the recorded action. If JSON is provided, the log viewer will render this field as JSON.
- Timestamp
- A Pangea-generated timestamp will always be provided with every log entry. This field is an optional client-supplied timestamp.
If you're integrating the Secure Audit Log and Redact services into your app, then the Redact service will only redact message, old, and new because they are very likely to contain PII data. Please review the
other parameters available for redaction as they may be relevant to your use case.
Determine audit fields
When determining which fields to use, developers should consider the use case and search requirements. For instance, if there is a requirement to return all actions initiated by a specific user, using the actor field would search and sorting much easier. If searching for events by the type of activity that occurred (for example, Create, Update, Delete) is important then Action may be a useful field to record.
These options are designed to provide distinct fields to make sorting and searching for specific details easier based on the audit requirements.
The event fields in use can be changed at any time. The recommended practice is to use as many optional fields that make sense for the use case. It's easier to reduce the number of fields used rather than trying to add new fields later.
Was this article helpful?