Skip to Content
Admin ConsoleLogs & Compliance

Logs & Compliance

The Logs section of the Auris Console provides a comprehensive audit trail of all administrative and authentication events in your tenant. Every action taken by users, administrators, and automated processes is recorded. The audit log is the primary tool for security investigations, compliance reporting, and operational monitoring.

Access the audit log at ConsoleLogs.


Audit Log

What Is Logged

Auris logs 30+ distinct event types across four categories:

Authentication Events

EventDescription
user.loginSuccessful login
user.login_failedFailed login attempt (wrong password, locked account, etc.)
user.logoutUser logged out
user.mfa_enrolledMFA method enrolled
user.mfa_removedMFA method removed
user.mfa_challengedMFA step presented during login
user.mfa_passedMFA step completed successfully
user.mfa_failedMFA step failed (wrong code)
user.password_resetPassword reset completed
user.email_verifiedEmail address verified
user.social_loginLogin via social provider
user.sso_loginLogin via enterprise SSO

User Management Events

EventDescription
user.createdNew user account created
user.updatedUser profile updated
user.deletedUser moved to trash
user.deleted_permanentlyUser permanently deleted
user.restoredDeleted user restored
user.disabledUser account disabled
user.enabledUser account re-enabled
user.role_assignedRole added to user
user.role_removedRole removed from user
user.session_revokedUser session revoked by administrator

Administrative Events

EventDescription
application.createdApplication registered
application.updatedApplication settings changed
application.deletedApplication deleted
application.secret_rotatedClient secret rotated
role.createdRole created
role.updatedRole name or description changed
role.deletedRole deleted
role.permission_changedPermission toggled on or off for a role
organization.createdOrganization created
organization.member_addedUser added to organization
organization.member_removedUser removed from organization
organization.sso_connection_activatedSSO connection made live

Security Events

EventDescription
security.account_lockedAccount locked due to brute-force threshold
security.account_unlockedLocked account manually or automatically unlocked
security.suspicious_loginSuspicious login detected
security.ip_blockedLogin rejected by IP block rule
security.captcha_failedCAPTCHA verification failed
action.executedActions Engine action ran
action.errorActions Engine action encountered an error

Log Entry Structure

Each audit log entry contains:

FieldDescription
TimestampISO 8601 datetime with millisecond precision
ActorWho performed the action: user ID and email, or system for automated events
ActionThe event type (for example, user.login, role.permission_changed)
Resource TypeThe type of entity affected (user, role, application, etc.)
Resource IDThe unique identifier of the affected entity
IP AddressIP address from which the request originated
User AgentBrowser or client information for end-user actions
Severityinfo, warn, or error
BeforeThe state of the affected resource before the change (for update events)
AfterThe state of the affected resource after the change (for update events)
MetadataAdditional event-specific data

Viewing Logs

The Logs page displays log entries in reverse chronological order (newest first). The interface has three main areas:

Log Stats Bar

At the top, a bar shows the breakdown of recent events by severity (info / warn / error) and by source (authentication, user management, administrative, security). Click a badge to filter the log to that category.

Log Table

Each row in the log table shows:

  • A colored severity indicator dot
  • The action type as a styled badge
  • A summary of the event (actor → action → resource)
  • The time, shown as a relative value (“3 minutes ago”) with the full timestamp visible on hover

Log Detail Sheet

Click any row to open a side panel with the full log entry:

  • All fields listed in the table above
  • Formatted before/after diff for changes (highlighted additions in green, removals in red)
  • Links to the affected resource (opens the user’s detail page, application detail page, etc.)
  • Copy buttons for the raw JSON payload, actor ID, and resource ID

Filtering Logs

The filter panel appears above the log table. Multiple filters can be active simultaneously.

Available Filters

FilterOptions
Date RangeLast hour, Last 24 hours, Last 7 days, Last 30 days, Custom range
SeverityInfo, Warn, Error
Action TypeSelect from the full list of event types
Resource TypeUser, Role, Application, Organization, etc.
Keyword SearchFull-text search across action, actor, and metadata fields

Active Filter Badges

Each active filter appears as a removable badge below the filter panel. Click the x on any badge to remove that filter. Click Clear All to reset all filters.


Auto-Refresh

Toggle Auto-Refresh (the refresh icon in the top toolbar) to enable 15-second polling. When active, new log entries appear at the top of the table automatically. A “Live” indicator badge appears next to the toggle.

Use auto-refresh during incident investigation or security monitoring to watch events as they occur without manually reloading the page.


Log Streaming

Log streaming exports audit log events to external systems in real time. Configure streams to send logs to your SIEM, log aggregation platform, or cloud storage for long-term retention and advanced analysis.

Supported Destinations

DestinationDescription
WebhookHTTP POST to any URL with HMAC-SHA256 signed payload
Amazon S3Write logs as JSON files to an S3 bucket
DatadogSend logs to Datadog Logs via the HTTP API
SplunkSend logs to Splunk HEC (HTTP Event Collector)

Configuring a Log Stream

Open Log Streaming settings

Go to ConsoleSettingsLog Streaming and click Add Stream.

Choose the destination type

Select from Webhook, Amazon S3, Datadog, or Splunk.

Configure destination-specific settings

Webhook

FieldDescription
NameDisplay name for this stream
URLThe HTTPS endpoint to POST events to
SecretOptional HMAC secret for signature verification

Each delivered event is an HTTP POST with the body:

{ "type": "log.audit", "timestamp": "2025-02-18T14:30:00Z", "tenant_id": "your-tenant-id", "event": { "action": "user.login", "actor": { "id": "usr_abc", "email": "[email protected]" }, "resource": { "type": "user", "id": "usr_abc" }, "severity": "info", "ip": "203.0.113.42", "metadata": {} } }

If a secret is configured, Auris includes an X-Auris-Signature header:

X-Auris-Signature: sha256=<HMAC-SHA256 of request body using your secret>

Amazon S3

FieldDescription
Bucket NameThe S3 bucket to write to
RegionAWS region
Access Key IDAWS credentials with s3:PutObject permission on the bucket
Secret Access KeyAWS credentials
Key PrefixOptional path prefix for log files (for example, auris-logs/)

Logs are batched and written as JSON files with keys in the format {prefix}{date}/{hour}/events.json.

Datadog

FieldDescription
API KeyYour Datadog API key
SiteDatadog site region (for example, datadoghq.com, datadoghq.eu)
TagsOptional comma-separated tags to add to all log entries

Splunk

FieldDescription
HEC URLThe Splunk HTTP Event Collector endpoint URL
HEC TokenThe Splunk HEC authentication token
IndexThe Splunk index to write to
SourceThe source field value in Splunk

Configure event filter

Optionally filter which event types are sent to this stream. By default, all event types are streamed. To reduce volume, you may want to stream only error severity events, or only specific action types (for example, only security.* events to your SIEM).

Save and activate

Click Save. The stream is active immediately. Send a test event using the Test button to verify connectivity before relying on the stream for compliance purposes.


GDPR Compliance Tools

Auris provides built-in tools for data subject rights requests under GDPR, CCPA, and similar data protection regulations.

Data Export (Right of Access)

Export all personal data associated with a user:

  1. Go to Users → find the user
  2. Open the user’s detail page
  3. Click Export User Data
  4. A JSON file is generated containing: profile data, metadata, role assignments, organization memberships, audit log entries where this user is the actor, and session history

The export is available for download immediately and is also sent to the administrator’s email address.

Data Erasure (Right to Erasure)

Permanently delete a user’s personal data while preserving audit log integrity:

  1. Go to Users → find the user (or search Administration → Deleted Users if already soft-deleted)
  2. Click Delete Permanently
  3. Confirm by typing the user’s email address

Permanent deletion:

  • Removes the user account and all profile data
  • Anonymizes all audit log entries that reference this user (replaces name and email with [deleted_user_{id}])
  • Removes the user from all organization memberships
  • Revokes all active sessions
  • Cannot be undone

Permanent deletion is irreversible. Ensure you have exported the user’s data first if the data subject’s access request requires providing them a copy before erasure.

Auris records consent events when users accept terms of service, privacy policies, or cookie policies via the hosted login flow. Go to a user’s detail page → Activity History to view consent events with timestamps and the version of the terms they accepted.


Data Retention

Audit Log Retention

By default, audit log entries are retained for 90 days. After this period, entries are permanently deleted.

Configure retention period in SettingsTenantData Retention:

SettingDescriptionDefault
Audit Log RetentionNumber of days to retain audit log entries90
Action Log RetentionNumber of days to retain Actions Engine execution logs30
Session Log RetentionNumber of days to retain session records for inactive sessions90

Note: Longer retention periods increase storage requirements. If you need long-term audit log retention (for example, 7 years for certain compliance frameworks), configure a Log Stream to Amazon S3 and use bucket lifecycle policies for extended retention at lower cost.

Exporting Logs Before Deletion

Before retention-based deletion occurs, you can export logs:

  1. Go to Logs
  2. Apply a date range filter to the period you want to export
  3. Click Export (download icon in the toolbar)
  4. Choose format: JSON (full detail) or CSV (summary)

The export downloads immediately. For large date ranges, the export runs as a background job and you receive an email with the download link when it is ready.