Audit Logs System
The Audit Logs System is a key component of the security architecture, responsible for recording, archiving, and organizing all system events. This architecture ensures order and easy scalability of data by categorizing events by type (e.g., authorization, application) and associating them with specific units (e.g., companies).
Organizational Data Structure
Data is organized in a logical manner, allowing for quick retrieval of the required information.
| Structure Level | Purpose | Content |
| Main Repository | A central location for storing all logs. | All log categories and templates. |
| Aggregate Logs | A registry of all events (both access-related and system-related). | Data for anonymous users as well as specific companies. |
| Application Logs | A record of activities within the application. | User actions within a given organization. |
| Authorization Logs | A record of login and authentication processes. | Access attempts and permission changes. |
| Templates | A repository of log structure templates. | Predefined event reporting templates. |
Management and Archiving
The system allows flexible definition of how data is stored, tailored to the organization’s needs.
Archiving Rules:
- Division by Company: All events of a given unit are stored in a dedicated data set.
- Time-Based Archiving (Yearly/Monthly): New data sets are automatically created over time (e.g., a new set each month or year).
- Threshold-Based Archiving: The system closes the current set and opens a new one after a specified number of recorded events is reached.
System Components and Their Roles
Instead of direct code, the system relies on modules with specific tasks:
- Logging Module (Logger):
Responsible for direct communication with data sets.
Formats entries according to the international event standard (CEF). - Log Data Model:
Serves as a standardized container for information about a single event. - Event Type Dictionary:
Stores definitions of all possible actions: their unique identifiers, readable names, and severity (importance).
Example Event Definition
In the system, each event is described in a way understandable to administrators, without needing to check the code:
- Event ID: AUTH_LOGIN_SUCCESS_001
- Event Name: User login successful
- Severity: 2
