Activity Log
The Activity Log page tracks all Check API calls made inside of the AuthN service to provide a thorough record of the actions performed. To view the types of activities captured in the service Activity Log and enable or disable it, navigate to AuthN >> General >> Activity Log in the Pangea User Console. Activity Log is enabled by default.
All service activity logs capture the timestamp, attempted action, subject, resource, and action checked, as well as the result. These logs are written to the Service Activity configuration automatically provisioned in Secure Audit Log within the project and accessible via the audit log APIs. To view the included fields and control their default visibility in Activity Log, navigate to Secure Audit Log in the Pangea User Console, select the Service Activity configuration in the configuration drop-down at the top of the navigation sidebar, click Settings, and then click Audit Log Schema.
Logging the service events in Secure Audit Log uses credits and can incur additional cost.
View Logs
To view the service logs, navigate to AuthN in the Pangea User Console and click Activity Log to access Secure Audit Log Viewer. Note that the logs are filtered by the service configuration ID in the search bar.
Secure Audit Log Viewer can be used to search, view, and verify tamperproofing of all logs stored by the service.
Search Bar
By default, the most recent two hours of log events will be returned for viewing. To specify custom search criteria, click on the funnel icon. In the filter dialog, provide your search criteria and click Search to apply it. The resulting search syntax will appear in the search bar, and any matching results will appear in the table below.
Alternatively, you can type in your search criteria using the <field_name>:<value>
syntax and operators such as AND
and OR
. Use autocompletion and the link to Search syntax documentation at the top of the page as your guides.
Date restrictions
All searches must be restricted to a time range. The default time range for any search is two hours.
The date range selector can be found as a drop-down to the left of the search button. Several options are available for date selection:
- Quick selections allow you to select a relative date range for 1, 7, or 30 days.
- Under the Relative tab, you can provide a custom relative date range.
- Use Between to search for log events between two specific dates.
- Use Before to search for log events that occurred before a specified date.
- Use After to search for log events that occurred after a specified date.
Your Retention policy, found within the Secure Audit Log Settings in the Pangea User Console, determines how long we keep the logs. By default, this period is set to one year.
Results
By default, the fields marked Visible in Settings >> Audit Log Schema will be displayed as columns in the search results. To display different fields, click the gear button.
Event details
To view all fields for an event, click the corresponding row in the search results. This action will expand the row and reveal all event fields, including those not configured for display in the tabular view. If any fields, such as message, old, new, etc., contain JSON data, they will be displayed as an interactive JSON tree.
Field comparison
A common requirement for audit logs is to record the value of a field both before and after a change is made. This enables the history of values to be recorded when capturing the update events.
The log viewer highlights in yellow the differences between the values stored in the old and new fields.
Tamperproof information
Records returned by the Log Viewer will be returned alongside icons indicating the tamperproof status of each record. For more information, see the Tamperproofing page.
-
Lock icon
The lock icon indicates that the membership proof for the corresponding log event has been verified.
Clicking the lock icon will produce a pop-up providing the information required to independently verify each log event:
-
Status
The statuses here are Verified, Unverified, and Failed. If the state is Failed, the lock icon will appear red. Records that are still cached will appear unverified until they are committed from the cache.
-
Verification Artifacts
This includes the message hash, membership proof, consistency proof, root hash, and a link to the published root hash.
-
Verification Command
A command that can be used with the Python SDK to verify the tamperproof status of the record.
-
-
Green line
The green line indicates that the consistency proof for the two adjacent log events has been verified.
These icons will appear asynchronously after search results have been returned, as they are verified.
Download logs
You can download the audit logs to a CSV file to share the logs, archive your log data, import it into another audit logging service, or for other purposes. You can also download the search results.
To download the logs:
-
Click Download.
-
If a pop-up displays, click Allow to confirm the download.
noteThe download button may trigger a pop-up to verify that you want to download from the website, but some browsers will block this pop-up. If this occurs, you must first allow pop-ups for the page to get the pop-up to display. Then, the download request must be confirmed before the download begins.
Was this article helpful?