Audit Log System

The audit log is StratoLens's built-in activity ledger. Every meaningful action, whether performed by a user or by the system itself, is recorded with a timestamp, an actor, and structured details you can filter, inspect, and export for compliance. Open Audit Log from the main app navigation.

Key Capabilities

User and System Activity in One Timeline

User actions (granting access, changing settings, deleting scans) and automated processes (scheduled scans, cleanup jobs, scheduled reports) are recorded side by side, distinguished by a person icon or a bot icon.

Multi-Phase Activity Grouping

Operations that produce more than one entry, typically a Started phase and a later Completed or Failed phase, collapse into a single row labelled N phases. Open the entry to navigate phase-by-phase.

Filter by Date, Type, or Actor

Narrow the view to an incident window with a custom date range, then drill in by activity type or by the user or system actor responsible.

Settings Comparison View

Open any settings change and the details modal renders a Field, Old Value, New Value table. Only changed fields are shown by default; toggle Show unchanged to see the rest.

Customer-Controlled Retention

A scheduled cleanup job deletes entries older than your retention window. You set the cadence, the start time, and the number of days to keep, on the Audit Log Cleanup card in Settings.

Raw JSON Export for Support

Every entry has a Show Raw JSON toggle in its details modal. Copy the underlying record when you need to share the full payload with support or attach it to a compliance ticket.

What Gets Captured

Every entry includes a timestamp, an activity type, an actor, and structured details. Entries fall into two groups, distinguished in the viewer by a person icon or a bot icon:

User actions: Things a signed-in user did inside StratoLens, like granting or revoking access, changing settings, starting or deleting a scan, adding ignore rules, or linking a mailbox. The actor is the user's display name.
Automated processes: Things StratoLens did on its own, like scheduled scans, the audit-log cleanup job, scheduled report emails, and license registration. The actor is shown as System (or a more specific system actor name).
IP address: Captured when available for user actions. Automated activity has no user IP, so the field reads unavailable.

A new install starts empty

There is no historical backfill. Entries accumulate as activity occurs, so a fresh install will look sparse until you've performed actions or run scans.

Activity Categories

Each activity type belongs to a category that gives it a consistent icon and color in the viewer.

Access & Security: Granting and revoking access, role changes, sign-in related events.
Scanning: Manual scans, scheduled scans, and scan deletions.
Data Management: Bulk operations on scans and other stored data.
Settings & Configuration: Every Settings Updated activity, including audit log cleanup, scan schedules, and auto-delete.
Annotations & Preferences: Comments, tags, and per-user preferences.
Filtering & Rules: Adding and editing ignore rules.
System Operations: Generic system activity, also used as a fallback for activity types without an assigned category.
Cancelled Actions: Operations that were cancelled before completing.
Errors & Failures: Activity that ended in failure.

The activity-type list grows over time

There are over 50 activity types today, and any new feature can introduce more. The viewer's Type: filter only lists types that exist in your audit log right now, so the dropdown will look short until activity has occurred.

Multi-Phase Activities

Some operations are recorded as a sequence of related entries, for example a scheduled cleanup logs a Started entry and a later Completed or Failed entry. The viewer collapses these into a single row showing the most recent phase, with an N phases label under the type.

Open the entry to navigate phase-by-phase, with each phase's timestamp, summary, and details on its own tab. See the details modal section for the full walkthrough.

Retention & Cleanup

Audit entries are kept until the scheduled Audit Log Cleanup job deletes anything older than the retention window you've configured. The cadence, start time, and retention days are all controlled from the Audit Log Cleanup card on the Settings page (defaults: cleanup runs Daily, entries are kept for 365 days).

Cleanup is destructive

Entries deleted by cleanup cannot be recovered from inside StratoLens. Set retention deliberately, with your compliance window in mind, before enabling automated cleanup. See the Audit Log Cleanup card for the full settings walkthrough.

Permissions

View the audit log: Requires a role with read access to the audit log. Without it, opening Audit Log shows a full-page Access Restricted message instead of the viewer.
Change cleanup settings: Requires a role with audit-log management access. Read-only viewers can see the Audit Log Cleanup card and its current values, but the form fields and the Save Schedule button are disabled.

Continue Reading

Reading the Audit Log Viewer

Walk through the filters, table columns, the details modal with phase tabs and Settings Comparison, and the Audit Log Cleanup settings card.

Read: Reading the Viewer →

Want to learn more about what Audit Log System can do?

Check out the feature page for benefits, use cases, and highlights.

View Feature Page