# Admin Audit Log (Syslog)

Tracking Apono system changes and gaining an understanding of administrative actions is crucial for control over change management:

* Changes occur without a clear audit trail, making accountability difficult.
* Lack of visibility into events can delay issue resolution and introduce security risks.

The Audit Log page provides a record of administrative events in the Apono admin console, detailing who did what, when, and where, to ensure transparency and accountability.

{% hint style="success" %}
You can create an [audit log webhook](https://docs.apono.io/docs/webhook-integrations/audit-log-webhook) to automatically send Apono audit log notifications to a target system whenever an audit log event occurs.
{% endhint %}

***

### Page Layout

The [**Audit Log**](https://app.apono.io/audit-log) page consists of an event [table](#table) and [filtering options](#filters).

#### Table

<figure><img src="https://lh7-rt.googleusercontent.com/docsz/AD_4nXfBncnreu8n2PORqZDla9WvNP4cT9pKpT1UC4VVWMHbQ26hP_JaT1EsaAZtTTDOyMtF6-v448CprJRGFR8XSsbuX3VRKFVqma-tbcAqxU2IGbevlVOgyCMO75lrMgzLJPPYaYVpxQ?key=W0fuD4IRiXftpHWQGkXMNYZ_" alt="" width="563"><figcaption><p>Audit Log table</p></figcaption></figure>

\
The **Audit Log** page presents a table containing all administrative events. Each row summarizes the high-level details of an event.

The columns are defined in the following table.

<table><thead><tr><th width="207">Column</th><th>Description</th></tr></thead><tbody><tr><td><strong>Time</strong></td><td><p>Date and time the event occurred</p><p>The most recent events are listed first.</p></td></tr><tr><td><strong>Action</strong></td><td>Event performed, such as creating, editing, or deleting an item</td></tr><tr><td><strong>Actor</strong></td><td><p>Name of the user who performed the action</p><p><strong>Possible Values</strong>:</p><ul><li>System (Apono)</li><li>Full name and Email (User)</li></ul></td></tr><tr><td><strong>Target</strong></td><td>Specific object affected by the action</td></tr><tr><td><strong>Source</strong></td><td><p>Location where the action originated<br></p><p><strong>Possible Sources</strong>:</p><ul><li>Web Application (UI)</li><li>Integration</li><li>Terraform (identified by the actor's personal API token</li><li>API (public API identified by the actor's personal API token)</li></ul></td></tr></tbody></table>

#### Filters

<figure><img src="https://lh7-rt.googleusercontent.com/docsz/AD_4nXcsdUp4GILkwxOXTIqLie-1obtC5khrJlxSyU_qpQHCgg5nvipKYOpojdjS_XZKAyPBSwQhgpm_G5UbHjMCyK1nYoQw6NSQG8FkAFbALFawMjjYtnMJ-0VsDVbuD53kIfe2TdLg?key=W0fuD4IRiXftpHWQGkXMNYZ_" alt="" width="563"><figcaption><p>Audit Log filters</p></figcaption></figure>

You can filter the list of events by one or several of the following filters.

<details>

<summary>All Time</summary>

**Relative**

Follow these steps to set the relative time filter:

1. Click **All time**, a menu appears.
2. On the **Relative** tab, from the **Last** dropdown menu, select a time measure.
3. In the **Last** text field, enter a number.
4. (Optional) Click **Round to the hours|days|months** to begin the time filtering from the nearest hour, day, or month.
5. Click **Apply**. The filter turns blue and shows a summary.

​

**Absolute**

Follow these steps to set the absolute time filter:

1. Click **All time**, a menu appears.
2. On the **Absolute** tab, under **From**, select the start date from the date picker.
3. Select the start time (local system time) from the time picker.
4. Under **To**, select the end date from the date picker.
5. Select the end time (local system time) from the time picker.
6. (Optional) Click **Use UTC** to apply the Coordinated Universal Time (UTC) timezone to the start and end times instead of the local system time.
7. Click **Apply**. The filter turns blue and shows a summary.

</details>

<details>

<summary>Action</summary>

Follow these steps to filter the logs by action:

1. Click **Action**, a menu appears.
2. Select one or several actions.
3. Click the top or outside of the dropdown menu to close it. The filter turns blue and shows a summary.

</details>

<details>

<summary>Source</summary>

Follow these steps to filter the logs by source:

1. Click **Source**, a menu appears.
2. Select one or several sources.
3. Click the top or outside of the dropdown menu to close it. The filter turns blue and shows a summary.

</details>

<details>

<summary>Actor</summary>

Follow these steps to filter the logs by actor:

1. Click **Actor**, a menu appears.
2. Select one or several actors.
3. Click the top or outside of the dropdown menu to close it. The filter turns blue and shows a summary.

</details>

<details>

<summary>Target Type</summary>

Follow these steps to filter the logs by target type:

1. Click **Target Type**, a menu appears.
2. Select one or several target types.
3. Click the top or outside of the dropdown menu to close it. The filter turns blue and shows a summary.

</details>

***

### View event information

Apono allows you to see specific event changes.

Follow these steps to view the details of an event:

1. On the [**Audit Log**](https://app.apono.io/audit-log) page, click the row of the event in the table. A panel opens displaying the [Event details](#event-details) and [Event changes](#event-changes).
2. Click the **X** in the top right corner to close the panel.

#### Event Details

The top of the panel summarizes the audit log information from the table on the **Audit Log** page.

<figure><img src="https://1094436629-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2Fv6MBfUGvblSdAz31yJXm%2Fuploads%2Fgit-blob-b72639e06d76f8c7718d270d7ab380532b76699f%2Faudit-log-event-details.png?alt=media" alt="" width="563"><figcaption><p>Event details sections</p></figcaption></figure>

#### Event Changes

In the **Event changes** section, changes to the JSON are displayed using a Git-like diff format.

The characteristics of the old and new information are compared in the following table.

| Characteristic         | Old Information                                                     | New Information |
| ---------------------- | ------------------------------------------------------------------- | --------------- |
| **Sign Prefix**        | Minus sign (-)                                                      | Plus sign (+)   |
| **Color Highlighting** | Red                                                                 | Green           |
| **Special Formatting** | Specific words or text fragments that have changed are highlighted. | N/A             |

By default, a truncated JSON with the highlighted information is shown. To see the entire JSON, you can click the **Expand** link.

In the following screenshot, the user group (`attribute_value`) within this access flow and the most recent updated date (`updated_date`) are highlighted because they have been updated.

<figure><img src="https://lh7-rt.googleusercontent.com/docsz/AD_4nXfbcGmnpplnSoQpMq5a8fOhltgZn5k7DVHGcdyd5DVeA-VMH0YQSUM4W-icI8Fs91hMv_ABu7IVaL6IU-HKjwQk4wIT1fChRQrFjnbkjqylmcBBnflEBdBa2cPyr9mbsYQEjTqz?key=W0fuD4IRiXftpHWQGkXMNYZ_" alt="" width="563"><figcaption><p>Event changes section</p></figcaption></figure>