Security Audit Logs

Back to Articles
General For Super Administrators Security Administration Last updated: June 20, 2025 Version: 1.0

Security Audit Logs

Learn how to use security audit logs to monitor, track, and investigate user activities, security events, and system changes to maintain security compliance and detect potential threats.

Overview

The Security Audit Logs feature provides super administrators with comprehensive visibility into security-related events and user activities across the Shifts platform. These logs record authentication events, security setting changes, suspicious activities, and other critical security information. This article explains how to access, interpret, and use security audit logs for monitoring, investigation, and compliance purposes.

Accessing Security Audit Logs

To access the security audit logs:

  1. Log in with super administrator credentials
  2. Navigate to Super Admin > Security Administration > Audit Logs
  3. Alternatively, from the System Admin dashboard, select System Logs > Security Logs
  4. The main security logs view displays recent security events by default

Understanding Security Event Types

The system tracks various security-related events:

Authentication Events

  • Login Success: Successful user login attempts
  • Login Failure: Failed login attempts, including reason (wrong password, account locked, etc.)
  • Logout: User logout events
  • Session Management: Session creation, expiration, and revocation
  • Two-Factor Authentication: 2FA setup, verification, and disabling events

User Management Events

  • Password Changes: When users change their passwords
  • Password Resets: Password reset requests and completions
  • Profile Updates: Changes to security-related profile fields
  • Account Lockouts: When accounts are locked due to failed attempts
  • User Creation and Deactivation: New user creation or account status changes

System Configuration Events

  • Security Setting Changes: Modifications to security configuration
  • IP Restriction Changes: Updates to allowed IP ranges
  • Two-Factor Requirement Changes: Modifications to 2FA policies
  • Permission Changes: Updates to security-related permissions
  • API Token Creation/Revocation: Management of API access tokens

Suspicious Activity Events

  • Unusual Location Access: Logins from new or unexpected locations
  • IP Restriction Violations: Access attempts from disallowed IPs
  • Unexpected Device Usage: Logins from new or unregistered devices
  • Rapid Access Pattern Changes: Unusual patterns of system access

Navigating the Audit Logs Interface

The audit logs interface provides several tools for efficient log analysis:

Main Log View

The central log display shows:

  • Timestamp of each event
  • User who performed the action (or was the subject of a system action)
  • Event type with color-coded severity indicators
  • Business context (which tenant was affected)
  • IP address
  • Brief description of the event

Filtering Options

Narrow down logs using these filters:

  • Date Range: Select specific time periods to investigate
  • Event Type: Filter by specific security events
  • User: Focus on activities from a particular user
  • Business: View events related to a specific business
  • IP Address: Filter activities from specific IP addresses
  • Portal: Filter by system_admin or customer portal

Detailed Log View

Click on any log entry to see comprehensive details:

  • Complete user information
  • Detailed event information
  • Browser and device data
  • Full JSON metadata
  • Related events
  • Context of the action (controller, action, URL)

Using Audit Logs for Security Monitoring

Real-time Monitoring

Monitor current security status:

  1. Access the security dashboard
  2. View real-time metrics on:
    • Active sessions
    • Recent login attempts
    • Failed authentication trends
    • Two-factor adoption rates
    • Suspicious activity alerts

Security Investigation

Investigate specific security incidents:

  1. Use filters to focus on the relevant timeframe and event types
  2. Trace user activities leading up to and following an incident
  3. Examine IP addresses and geographic locations
  4. Check device information for unfamiliar patterns
  5. Look for correlation between different security events

User Activity Tracking

Follow specific user activities:

  1. Filter logs by the target user
  2. View their login history, including times and locations
  3. Track security setting changes they’ve made
  4. Monitor for unusual behavior patterns
  5. Verify appropriate access patterns

Exporting and Reporting

Generate reports from security audit data:

Export Options

  1. From the audit logs view, click Export
  2. Select your preferred format:
    • CSV for spreadsheet analysis
    • JSON for programmatic processing
    • PDF for formal reporting
  3. Choose the date range and filters for the export
  4. Download the exported file

Scheduled Reports

Set up regular security reports:

  1. Navigate to Reports > Scheduled Reports
  2. Create a new report focused on security metrics
  3. Configure the schedule (daily, weekly, monthly)
  4. Set delivery options (email recipients, format)
  5. Activate the scheduled report

Compliance Monitoring

Use audit logs for regulatory compliance:

Compliance Dashboard

  1. Access the Compliance section of the security dashboard
  2. View compliance metrics related to:
    • Two-factor authentication adoption
    • Password policy enforcement
    • Access control implementation
    • Suspicious activity detection

Compliance Reports

Generate specific compliance documentation:

  1. Use pre-configured compliance report templates
  2. Customize reports to match specific regulatory requirements
  3. Include comprehensive audit trail information
  4. Document security control effectiveness

Retention and Archiving

Understand how audit data is managed:

Data Retention

  • Security audit logs are retained according to your organization’s retention policy
  • Default retention is designed to support compliance requirements
  • High-priority security events may have extended retention periods

Archiving Options

For long-term storage of audit data:

  1. Navigate to System Administration > Data Management
  2. Access the Archive section
  3. Set up archiving rules for audit logs
  4. Configure storage locations for archived data

Best Practices

For optimal security monitoring:

  1. Regular Review: Schedule time to review security logs at least weekly
  2. Baseline Understanding: Establish what normal activity looks like in your environment
  3. Investigative Process: Develop a standard procedure for security event investigation
  4. Alert Configuration: Set up notifications for critical security events
  5. Documentation: Maintain records of significant security findings
  6. Correlation Analysis: Look for patterns across different event types
  7. Proactive Monitoring: Don’t wait for incidents—regularly scan for anomalies

Related Resources

This article should be updated when:

  1. New security event types are added to logging
  2. Changes to the audit log interface
  3. New filtering or export capabilities
  4. Updates to retention policies
  5. Additional security analytics features
  6. Changes to how security events are categorized
Article ID: security_audit
Related Articles
Access Control Policies
Learn how to use the access control policies feature in the Shifts platform to optimize your workflow and improve productivity.
System Health Monitoring
Learn how to use the system health monitoring features in the Shifts platform to track system performance, detect issues early, and ensure optimal operation of your deployment.
Security Overview
Understand the comprehensive security architecture of the Shifts platform, including authentication, authorization, data protection, and security monitoring features designed to protect your organization's data.
In This Section
Workflow Automation
Advanced Configuration
System-wide Defaults
Advanced Configuration
Advanced System Customization
Advanced Configuration
Security Overview
Security Administration
Performance Optimization Tools
System Features View All Articles in This Section