Audit Logs
Audit Logs
Overview
The Audit Logs module provides a comprehensive record of all administrative actions performed in your system. Every significant action—creating users, updating settings, deleting content, assigning roles—is automatically logged with details about who performed the action, when it occurred, what changed, and from which IP address.
Audit logs are essential for accountability, troubleshooting, compliance, and security investigations. They help you understand what happened in your system, track down issues, and identify suspicious activities.
Accessing Audit Logs
Navigation path: Dashboard > Audit Logs
Required permission: system.logs
Key Features
- Comprehensive Activity Tracking: Automatic logging of all administrative actions
- Detailed Log Entries: User, action type, timestamp, IP address, and change details
- Advanced Filtering: Filter by action, user, date range, type, and search terms
- Statistics Dashboard: Visual overview of activity patterns and trends
- Export Functionality: Download filtered logs as CSV for analysis
- Change Tracking: View before/after values for updates
- Real-time Monitoring: See activities as they happen
Main Interface
Statistics Cards
At the top of the page, four cards display key metrics:
- Total Actions (30d): Total number of logged actions in the last 30 days
- Most Active User: User who performed the most actions
- Most Common Action: The action type that occurs most frequently
- Today's Activity: Number of actions performed today
These statistics help you quickly understand activity patterns and identify unusual behavior.
Active Filters Display
When filters are applied, a blue banner shows which filters are active with the ability to clear individual filters or all filters at once.
Audit Logs Table
The main table displays audit log entries with the following columns:
Desktop View:
- ID: Unique log entry identifier
- Action: Type of action performed (create, update, delete, etc.)
- Type: The type of resource affected (User, Role, Page, etc.)
- User: Who performed the action
- Description: Human-readable description of what happened
- IP Address: IP address from which the action was performed
- Date: When the action occurred (relative time)
- Actions: View details button
Mobile View:
Displays cards with the most important information in a compact format.
Action Badges
Actions are color-coded for quick identification:
- Green (Create): New resources created
- Blue (Update/Sync): Resources modified or synchronized
- Red (Delete/Denied): Resources deleted or access denied
- Cyan (Assign): Permissions or roles assigned
- Yellow (Revoke/Remove): Permissions or roles removed
- Gray (Other): Other actions
Filtering and Searching
Opening the Filter Modal
Click the Filters button in the top right to open the filter modal.
Available Filters
Action Filter:
- Filter by specific action types (create, update, delete, assign, revoke, etc.)
- Shows only actions of the selected type
Type Filter:
- Filter by resource type (User, Role, Permission, Page, Setting, etc.)
- Shows only logs related to that resource type
User Filter:
- Filter by specific user who performed actions
- Useful for reviewing a particular user's activity
Search:
- Free-text search in log descriptions
- Searches across all description text
Date Range:
- Date From: Show logs from this date forward
- Date To: Show logs up to this date
- Use both to define a specific time period
Applying Filters
- Open the filter modal
- Select your desired filters
- Click Apply Filters
- The table updates to show only matching logs
Clearing Filters
- Click Clear in the filter modal to reset all filters
- Click Clear All in the active filters banner
- Click individual filter badges to remove specific filters
Bulk Actions
The audit logs system supports bulk operations for managing multiple log entries at once. This is useful for archiving old logs or cleaning up unnecessary entries.
Archiving Logs
Archiving logs marks them as archived without deleting them. Archived logs can be filtered out from the main view but remain in the database for compliance purposes.
To bulk archive logs:
- Select multiple log entries using checkboxes
- Click the Archive Selected button
- Confirm the action
- Selected logs are marked as archived
Result: Logs are archived and can be filtered separately.
Unarchiving Logs
You can restore archived logs back to active status.
To bulk unarchive logs:
- Filter to show archived logs
- Select the logs you want to restore
- Click the Unarchive Selected button
- Confirm the action
- Selected logs are restored to active status
Result: Logs are visible in the main view again.
Deleting Logs
Permanently delete log entries when they're no longer needed. Warning: This action cannot be undone.
To bulk delete logs:
- Select multiple log entries using checkboxes
- Click the Delete Selected button
- Confirm the deletion (you'll be asked twice for safety)
- Selected logs are permanently removed
Result: Logs are permanently deleted from the database.
Automated Cleanup
The system includes a command for automatically cleaning up old archived logs:
# Delete archived logs older than 90 days (default)
php artisan audit-logs:cleanup-archived
# Delete archived logs older than 180 days
php artisan audit-logs:cleanup-archived --days=180
# Preview what would be deleted without actually deleting
php artisan audit-logs:cleanup-archived --dry-run
Scheduling Automated Cleanup:
Add this to your app/Console/Kernel.php schedule:
// Clean up archived logs older than 90 days, monthly
$schedule->command('audit-logs:cleanup-archived --days=90')
->monthly();
API Endpoints for Bulk Actions
For programmatic access, the following API endpoints are available:
Bulk Archive:
POST /admin/audit-logs/bulk-archive
Content-Type: application/json
{
"ids": [1, 2, 3, 4, 5]
}
Bulk Unarchive:
POST /admin/audit-logs/bulk-unarchive
Content-Type: application/json
{
"ids": [1, 2, 3, 4, 5]
}
Bulk Delete:
DELETE /admin/audit-logs/bulk-delete
Content-Type: application/json
{
"ids": [1, 2, 3, 4, 5]
}
Delete Old Archived:
DELETE /admin/audit-logs/delete-old-archived
Content-Type: application/json
{
"days": 90
}
All endpoints require the system.logs permission and return a JSON response:
{
"success": true,
"count": 5,
"message": "Successfully archived 5 audit log entries"
}
Common Tasks
Task 1: Viewing Recent Activity
- Navigate to Dashboard > Audit Logs
- The default view shows all recent activity
- Review the statistics cards for an overview
- Scroll through the table to see individual actions
- Click the eye icon to view details of any entry
Result: You can see what's been happening in your system recently.
Task 2: Investigating a Specific User's Actions
- Navigate to Dashboard > Audit Logs
- Click the Filters button
- Select the user from the User dropdown
- Optionally, set a date range
- Click Apply Filters
- Review all actions performed by that user
Result: You can see everything a specific user has done.
Task 3: Finding All Deletions
- Navigate to Dashboard > Audit Logs
- Click the Filters button
- Select "Delete" from the Action dropdown
- Click Apply Filters
- Review all deletion actions
- Click on entries to see what was deleted
Result: You can see all resources that have been deleted and by whom.
Task 4: Tracking Changes to a Specific Resource
- Navigate to Dashboard > Audit Logs
- Click the Filters button
- Select the resource type from the Type dropdown (e.g., "User")
- In the Search field, enter the resource identifier (e.g., user name or ID)
- Click Apply Filters
- Review all actions related to that resource
Result: You can see the complete history of changes to a specific resource.
Task 5: Exporting Logs for Analysis
- Navigate to Dashboard > Audit Logs
- Apply any desired filters
- Click the Export CSV button
- The CSV file downloads automatically
- Open in Excel, Google Sheets, or your preferred tool
Result: You have a CSV file with all filtered log entries for external analysis.
Task 6: Viewing Detailed Log Information
- Navigate to Dashboard > Audit Logs
- Find the log entry you want to examine
- Click the eye icon in the Actions column
- Review the detailed information:
- Full description
- User details
- IP address and user agent
- Before/after values (for updates)
- Related resource information
- Exact timestamp
Result: You can see complete details about what changed and how.
Task 7: Monitoring Failed Login Attempts
- Navigate to Dashboard > Audit Logs
- Click the Filters button
- In the Search field, enter "failed login" or "login failed"
- Optionally, set a recent date range
- Click Apply Filters
- Review failed login attempts
- Check IP addresses for suspicious patterns
Result: You can identify potential security threats or users having trouble logging in.
Task 8: Reviewing Today's Activity
- Navigate to Dashboard > Audit Logs
- Check the Today's Activity statistic card
- Click the Filters button
- Set Date From to today's date
- Click Apply Filters
- Review all actions from today
Result: You can see everything that happened today.
Task 9: Archiving Old Logs
- Navigate to Dashboard > Audit Logs
- Click the Filters button
- Set Date To to 90 days ago (or your desired cutoff)
- Click Apply Filters
- Review the logs to ensure they can be archived
- Select all logs using the checkbox in the table header
- Click Archive Selected
- Confirm the action
Result: Old logs are archived and hidden from the main view but retained for compliance.
Task 10: Cleaning Up Archived Logs
- Run the cleanup command via SSH or terminal:
php artisan audit-logs:cleanup-archived --days=180 - Review the output showing how many logs were deleted
- Optionally, use
--dry-runfirst to preview
Result: Archived logs older than the specified days are permanently deleted, freeing up database space.
Log Entry Details
When you click to view a log entry, you'll see:
Basic Information
- ID: Unique identifier for this log entry
- Action: Type of action performed
- Description: Human-readable description
- User: Who performed the action (with link to user profile)
- IP Address: Source IP address
- User Agent: Browser/client information
- Timestamp: Exact date and time
Resource Information
- Auditable Type: Type of resource affected
- Auditable ID: ID of the affected resource
- Link: Direct link to the resource (if still exists)
Change Details (for updates)
- Old Values: What the data was before the change
- New Values: What the data became after the change
- Changed Fields: List of fields that were modified
Related Information
- Related Resources: Other resources involved in the action
- Context: Additional context about the action
Understanding Action Types
Common Actions
create: A new resource was created
- Example: "Created user: John Doe"
update: An existing resource was modified
- Example: "Updated role: Editor - changed permissions"
delete: A resource was removed
- Example: "Deleted page: Old Announcement"
assign: A permission or role was assigned
- Example: "Assigned role 'Editor' to user John Doe"
revoke: A permission or role was removed
- Example: "Revoked permission 'users.delete' from role Editor"
role_assigned: A role was assigned to a user
- Example: "Role 'Admin' assigned to user Jane Smith"
role_removed: A role was removed from a user
- Example: "Role 'Editor' removed from user John Doe"
sync: Multiple items were synchronized
- Example: "Synced permissions for role: Editor"
denied: Access was denied
- Example: "Access denied to user management for user John Doe"
Permissions
The following permissions control access to audit logs:
system.logs: Can view audit logssystem.logs.export: Can export audit logs to CSVsystem.logs.delete: Can delete old audit logs (if implemented)
Note: Audit log access should be restricted to administrators and security personnel only.
Tips and Best Practices
Regular Monitoring
- Review audit logs at least weekly
- Check the statistics dashboard daily
- Set up a routine for security reviews
- Look for unusual patterns or activities
Security Investigations
- Always check IP addresses for suspicious activity
- Look for multiple failed login attempts from the same IP
- Investigate actions performed outside normal business hours
- Check for bulk deletions or mass changes
- Review actions by recently created or modified accounts
Compliance and Auditing
- Export logs regularly for archival
- Keep logs for your required retention period
- Document your log review process
- Use logs to demonstrate compliance
- Include log reviews in security audits
Troubleshooting
- Use logs to track down when issues started
- Find who made specific changes
- Verify that automated processes are working
- Confirm that permissions are being enforced
- Identify configuration changes that caused problems
Performance
- Use filters to narrow down large result sets
- Export and analyze large datasets offline
- Focus on specific time periods for detailed analysis
- Use the search function for specific terms
Data Retention
- Understand your organization's retention requirements
- Export and archive old logs before deletion
- Balance storage costs with compliance needs
- Consider implementing automated archival
Troubleshooting
Problem: No Audit Logs Appearing
Solution:
- Verify you have the
system.logspermission - Check that audit logging is enabled in system settings
- Verify database connectivity
- Check application logs for errors
- Ensure the audit logs table exists in the database
Problem: Can't Find Specific Actions
Solution:
- Clear all filters and search again
- Expand your date range
- Try different search terms
- Check if the action type is what you expect
- Verify the action actually occurred (check with the user)
Problem: Export Not Working
Solution:
- Verify you have the
system.logs.exportpermission - Check browser popup blocker settings
- Try with fewer filters (smaller dataset)
- Check server logs for export errors
- Verify sufficient disk space on server
Problem: Too Many Results to Review
Solution:
- Use more specific filters
- Narrow the date range
- Filter by specific users or action types
- Use the search function
- Export and analyze in a spreadsheet tool
Problem: Missing Details in Log Entries
Solution:
- Click the eye icon to view full details
- Check if the related resource still exists
- Verify the log entry is complete (not corrupted)
- Some actions may have limited details by design
- Check application logs for logging errors
Problem: Suspicious Activity Detected
Solution:
- Document the suspicious entries
- Check related log entries for context
- Verify the user account is legitimate
- Check IP address location and history
- Review security events for related incidents
- Consider disabling the account if necessary
- Change passwords if compromise is suspected
- Report to security team or management
Related Modules
- Security Events: Monitor security-specific events and threats
- Security Settings: Configure security monitoring and alerts
- Users: Manage user accounts that appear in logs
- Roles: Review role assignments logged in audit trail
- Permissions: Track permission changes
Quick Links
Need More Help?
Our comprehensive documentation covers everything from basic setup to advanced configurations. Check out these additional resources: