Skip to content

Audit Logs Documentation

The Audit Logs section provides detailed records of significant user actions within the Mideye Server, primarily focusing on assisted logins and sensitive operations. This documentation outlines the features and data contained within the Audit Logs, serving as a comprehensive reference for administrators and support personnel.

Overview

Purpose

The Audit Logs capture key actions related to user access and authentication facilitation. This includes:

  • Assisted Logins: Actions where one user approves another user’s access (e.g., assisted logins for services such as VPN).
  • Sensitive Operations: Operations such as password resets.

Traceability and Security

The logs offer a transparent record of:

  • Who performed specific actions.
  • When the actions were performed.
  • Under what context the actions occurred.

This transparency enhances traceability and supports security audits, ensuring accountability and compliance within the organization.

Main Components of the Audit Logs Table

The Accounting Logs table displays the following columns for each logged event:

  • Time:
    The precise UTC timestamp of the action, including date, hour, minute, second, and milliseconds. This high-resolution data is essential for auditing and incident response.

  • Principal:
    The entity responsible for performing the action. In the case of assisted logins, this represents the user who facilitated or approved another user’s access.

  • Event Type:
    Specifies the type of event logged. Common event types include:

    • ASSISTED_LOGIN: Indicates that a user facilitated another user’s access to a system or service.
    • PASSWORD_RESET: Refers to instances of password changes or resets (not visible in all logs but a supported event type).

  • Additional Information:
    Provides contextual details about the event, such as:

    • The user who was approved for an assisted login.
    • Any additional relevant notes that enhance the clarity and traceability of the logged action.

Detailed View of Audit Logs

Clicking on a log entry in the table reveals an expanded, detailed view, which includes:

  • User Information:
    Details about the user who was subject to the action.

  • RADIUS Client Name:
    Specifies the RADIUS client involved in the event, providing context about the source or type of request processed.

  • Host Address:
    Indicates IP address or RADIUS Client from which the request originated.

Use Cases

Assisted Logins

When a user approves another user’s access, it is recorded as an ASSISTED_LOGIN event. This is useful for:

  • Tracking who authorized user access.
  • Ensuring compliance with access control policies.
  • Enhancing operational visibility.

Security Auditing

Audit Logs can be utilized to:

  • Identify and monitor sensitive actions such as assisted logins and password changes.
  • Detect and investigate potential security incidents.
  • Ensure that only authorized actions are performed within the system.

Compliance Monitoring

Organizations can leverage Audit Logs to:

  • Demonstrate adherence to policies related to user access control.
  • Verify approval workflows and security procedures.
  • Provide evidence during security audits and compliance reviews.

Benefits of Audit Logs

  • Detailed Visibility:
    Every log entry provides a timestamp, principal user, event type, and detailed context, ensuring comprehensive visibility into critical actions.

  • Enhanced Security and Accountability:
    The ability to track user actions, such as approvals for logins, helps ensure that only authorized actions are performed, supporting a secure and compliant environment.

  • Contextual Data:
    By providing details such as RADIUS client name and host address, the logs offer context-rich data for operational insights and forensic analysis.

Example Scenarios

Assisted Login Tracking

Use the logs to determine who facilitated access for other users, when the access was granted, and under what context. This can help ensure proper approval chains and detect any anomalies or unauthorized access attempts.

Password Reset Monitoring

Audit when password resets occur, who initiated them, and any associated context to ensure compliance with security policies and to identify any suspicious activities related to account security.