We use cookies or similar technologies to personalize your online experience and tailor marketing to you. Many of our product features require cookies to function properly. Your use of this site and online product constitutes your consent to these personalization technologies. Read our Privacy Policy to find out more.


Audit logs

What can you observe?

An audit log is a useful way of observing actions that are being performed in a system. A useful application of this concept is recording important administrative actions that are being performed on a system, such as a security audit log. You typically want reasonable retention for recording these events, and when done correctly, can be a useful way to query for key modifications that have occurred in the system.

What is the top of the stack?

This should be captured where ever the work is being performed. In this case, it does not necessarily need to contain the information that leads execution of the event, and can for example be contained within the functions that perform the work.

What is the unit of work?

Every action that is taken and it’s corresponding outcome should be considered a unit of work.

What context is useful to capture?

What comes next?

Typically, you want to isolate audit log type events from other events that may occur in your system, such as system calls mentioned above. It will be useful to examine the audit log once in a while to see if it provides you sufficient information to identify the action that is being executed.