These logs record what users do within the system (e.g., on documents) and provide information about events related to the health and security of the entire infrastructure.
Document Operations (DOC)
Tracking the entire lifecycle of documents and workflows.
| Action Type | What do we track? | Examples of Logged Actions |
| CRUD | Create, Read, Update, Delete. | Successful document creation/deletion, unauthorized deletion attempt (very important), read/modification of a sensitive document. |
| Distribution | Data sharing. | Successful sharing, export, or download of a document; unauthorized attempt to export/download. |
| Workflow/Actions | Internal processes. | Sending a document for approval, changing the organizational unit, performing document validation (on save, send, approval). |
Security and System (SEC / SYS)
Recording security incidents, compliance events, and technical issues.
| Action Type | What do we track? | Severity Level |
| Compliance | Adherence to regulations and policies. | Detection of GDPR violation (High), attempt to manipulate audit logs (CRITICAL). |
| Anomalies | Unusual or malicious activities. | Detection of attacks (e.g., Brute Force, Injection), detection of potential data leak (CRITICAL). |
| System | Application operation and its configuration. | System configuration change, violation of system security policy, encryption/decryption error (High). |
| Application Health | Availability and performance. | Application start/stop, application error (High), performance issue. |
| Database | Data operations and stability. | Backup success/failure (High), database connection error (High), detection of slow query. |
Application logs can be viewed directly in the application using the dedicated view: Permissions -> Logs -> Audit logs – app.
Application logs, like authorization logs, contain a set of key fields for analysis:
- Timestamp (Event Time): The exact time the event occurred.
- Severity (Severity Level): The seriousness of the event (scale 0–10).
- Event ID (Event Identifier): A unique event code, e.g., DOC_CREATE_SUCCESS_101.
- Event Name: A readable name of the event, e.g., Document created.
- Source User Name: The user who performed the action in the application.
- Source IP: The IP address of the device from which the action was performed.
- Outcome: The status of the action (e.g., Success, Failure).
- Message: A detailed description of the event.
- Target Document ID: The unique identifier of the document on which the operation was performed.
- Target Document Type: The type of document (e.g., Invoice, Contract, Bill).
- Target Document Status: The current status of the document after the operation.
- Additional Fields: May include workflow context, approval path, or error details.
