Activity Log
The Activity Log page tracks all API calls made inside of the Vault service to provide a thorough record of the actions performed. To view the types of activities captured in the service Activity Log and enable or disable it, navigate to Vault >> Settings >> Activity Log in the Pangea User Console. Activity Log is enabled by default.
All service activity logs capture the timestamp, attempted action, subject, resource, and action checked, as well as the result. These logs are written to the Service Activity configuration automatically provisioned in Secure Audit Log within the project and accessible via the audit log APIs. To view the included fields and control their default visibility in Activity Log, navigate to Secure Audit Log in the Pangea User Console, select the Service Activity configuration in the configuration drop-down at the top of the navigation sidebar, click Settings, and then click Audit Log Schema.
Logging the service events in Secure Audit Log uses credits and can incur additional cost.
View Logs
To view the service logs, navigate to Vault in the Pangea User Console and click Activity Log to access Secure Audit Log Viewer. Note that the logs are filtered by the service configuration ID in the search bar.
Secure Audit Log Viewer can be used to search, view, and verify tamperproofing of all logs stored by the service.
Search Bar
By default, the log viewer shows events from the past two hours.
To customize your search, you can:
- Click the funnel icon to open the filter dialog. Enter your criteria and click Search. The search syntax will appear in the search bar, and the matching results will be displayed in the table.
- Place your cursor in the search bar to view a dropdown of available search parameters. Start typing to filter the list and use autocompletion to build your query.
- Enter your query manually. Learn more about the search syntax in the Secure Audit Log documentation.
Date range
All searches must be limited to a time range, with the default set to the most recent two hours.
The date range selector next to the search button provides several options:
- Quick selections - Choose a relative range of 1, 7, or 30 days.
- Relative - Define a custom relative date range.
- Between - Search for log events between two specific dates.
- Before - Search for events that occurred before a specific date.
- After - Search for events that occurred after a specific date.
You can also filter results directly from the log table. Hover over a timestamp in a result row, then click the + button next to it to filter for that exact date or use it as the upper or lower limit of your search range.
The logs are stored according to the retention policy defined for Service Activity schema in Secure Audit Log.
Results
By default, the fields marked Visible in Settings >> Audit Log Schema will be displayed as columns in the search results. To display different fields, click the gear button.
Event details
To view all fields for an event, click its row in the search results. The row will expand to show every event field, including those not currently visible in the table.
If a field (such as Old or New) contains JSON data, it will be displayed as an interactive JSON tree.
Field comparison
A common requirement for audit logs is to record the value of a field both before and after a change is made. This enables the history of values to be recorded when capturing the update events.
The log viewer highlights in yellow the differences between the values stored in the old and new fields.
Tamperproof information
Records in the log viewer are marked with icons that indicate their tamperproof status. Learn more about Tamperproofing in the Secure Audit Log documentation.
-
Lock icon
The lock icon shows that the membership proof for the log event has been verified. Click the icon to open a pop-up with details for independently verifying the event:
-
Status - Possible statuses are Verified, Unverified, or Failed.
- Unverified - Indicates cached records that are not yet committed.
- Failed - Displayed with a red lock icon.
-
Verification artifacts - Includes the message hash, membership proof, consistency proof, root hash, and a link to the published root hash.
-
Verification command - Provides a command you can run with Pangea’s Python SDK to verify the record’s tamperproof status.
-
-
Green line
A vertical green line between lock icons indicates that the consistency proof for the two adjacent log events has been verified.
Tamperproof icons appear asynchronously after search results are returned, as verification is performed.
Download logs
You can download the audit logs to a CSV file to share the logs, archive your log data, import it into another audit logging service, or for other purposes. You can also download the search results.
To download the logs:
-
Click Download.
-
If a pop-up displays, click Allow to confirm the download.
noteThe download button may trigger a pop-up to verify that you want to download from the website, but some browsers will block this pop-up. If this occurs, you must first allow pop-ups for the page to get the pop-up to display. Then, the download request must be confirmed before the download begins.
Was this article helpful?