Audit Logs – Track Administrative Actions and Configuration Changes
Overview
Section titled “Overview”The Audit Logs page records all significant administrative and security events in MideyeServer. Every configuration change, Assisted Login session, and password reset operation is logged with a timestamp, the identity of the performing user (principal), the event type, and detailed structured data about the operation.
Audit logs are critical for regulatory compliance, security incident investigation, and change management. They provide an immutable trail of who did what, when, and what data was affected — enabling organizations to support requirements in standards such as ISO 27001, SOC 2, and PCI-DSS.
Access & Permissions
Section titled “Access & Permissions”Required Role: ROOT, SUPER_ADMIN, ADMIN, or OPERATOR
Navigation: Home → Logs → Audit Logs
All authenticated users with the required role can view audit logs. This is a read-only view.
Features & Configuration
Section titled “Features & Configuration”Viewing Audit Events
Section titled “Viewing Audit Events”The data grid displays audit events with server-side pagination and sorting, defaulting to time descending (newest first) with today’s date range pre-selected.
| Column | Hideable | Description |
|---|---|---|
| Time | No | Timestamp of the audit event (always visible) |
| Principal | No | Identity of the user who performed the action (always visible) |
| Event Type | Yes | Category of the audit event |
| Additional Information | Yes | Summary text describing the action |
Filtering Audit Logs
Section titled “Filtering Audit Logs”Click the Filter icon in the toolbar to open the filter panel. All filters are debounced (1-second delay).
| Filter | Type | Description |
|---|---|---|
| Start Date | Date picker | Beginning of the time range (defaults to today at midnight) |
| End Date | Date picker | End of the time range (defaults to end of today) |
| Principal | Text input | Filter by the username of the performing user |
| Event Type | Multi-select | Filter by one or more event types |
Available Event Types:
| Event Type | Description |
|---|---|
| ASSISTED_LOGIN | An assisted login session was initiated, approved, or completed |
| PASSWORD_RESET | A password reset operation was performed through the self-service portal |
Viewing Event Details
Section titled “Viewing Event Details”Click any row to open the detail drawer on the right side. The drawer displays:
- Time — Event timestamp
- Principal — User who performed the action
- Event Type — Category of the event
- Additional Information — Summary description
Below the summary, the Audit Log Details section renders the event’s structured data as an interactive JSON tree. Key names are translated to human-readable labels where translations are available; otherwise, raw key names are displayed.
The JSON tree is expandable — click on nodes to drill into nested data structures. This enables detailed inspection of exactly what was changed, including before/after values for configuration modifications.
Field Reference
Section titled “Field Reference”| Field Name | Type | Required | Description |
|---|---|---|---|
| time | ZonedDateTime | Yes | When the audit event occurred |
| principal | String | Yes | Identity of the user who performed the action |
| type | AuditEventType | Yes | Category: ASSISTED_LOGIN or PASSWORD_RESET |
| information | String | No | Human-readable summary of the action |
| data | JSON | No | Structured detail data (rendered as interactive tree) |
Actions
Section titled “Actions”Filter
Section titled “Filter”Purpose: Narrow down audit events by time range, principal, or event type. Steps:
- Click the Filter icon.
- Set the desired date range and optional principal or event type filters.
- Click Apply.
Result: The data grid updates to show only matching audit events.
Refresh
Section titled “Refresh”Purpose: Reload the latest audit log data. Steps: Click the Refresh (loop) icon in the toolbar. Result: The data grid refreshes with current data.
View Details
Section titled “View Details”Purpose: Inspect the full structured data of an audit event. Steps: Click on any row in the data grid. Result: A detail drawer opens on the right with the event summary and an expandable JSON tree of the event data.
Common Use Cases
Section titled “Common Use Cases”Compliance Audit Reporting
Section titled “Compliance Audit Reporting”- Set the date range to cover the audit period (e.g., last quarter).
- Review all events to verify that administrative actions are properly logged.
- Click on individual events to inspect the detailed data for completeness.
Investigating a Configuration Change
Section titled “Investigating a Configuration Change”- Filter by Principal to find events performed by a specific administrator.
- Review the Event Type and Additional Information columns.
- Click on the relevant event to view the JSON detail tree showing exactly what was changed.
Monitoring Password Reset Activity
Section titled “Monitoring Password Reset Activity”- Filter by Event Type: PASSWORD_RESET.
- Review which users performed password resets and when.
- Identify any unusual patterns such as high-volume resets from a single principal.
Troubleshooting
Section titled “Troubleshooting”| Issue | Possible Cause | Resolution |
|---|---|---|
| No audit logs appear | Date range too narrow | Expand the date range or reset all filters |
| Principal field shows “system” | Automated system action | Some events like scheduled tasks are logged under the system principal |
| JSON tree shows raw keys | Missing translations | Untranslated keys display their raw names; this is expected for lesser-used fields |
| Expected event not in logs | Event type not currently tracked | Only ASSISTED_LOGIN and PASSWORD_RESET events are captured |
Related Pages
Section titled “Related Pages”- Authentication Logs — View individual RADIUS authentication events and results
- Assisted Login Profiles — Configure the assisted login profiles that generate audit events
- Password Reset Endpoints — Manage the password reset portals that generate audit events