Platform

Audit Logs

Comprehensive guide to audit logs in Erebus platform for security monitoring, and activity oversight.

Audit Logs

Audit logs provide complete visibility into all activities within your Erebus projects. Every significant action is automatically tracked, creating an immutable record for security monitoring, and operational oversight.

What are Audit Logs?

Audit logs are automatically generated records that capture all meaningful activities in your Erebus projects. They provide a complete trail of:

  • Who performed the action (actor identification)
  • What action was performed (create, update, delete)
  • When it happened (precise timestamps)
  • What was affected (resource type and ID)
  • Whether it succeeded or failed (status tracking)
  • Why it was done (descriptive context)

[Screenshot placeholder: Audit logs interface showing recent activity]

Tracked Activities

API Key Management

All API key operations are automatically logged:

  • Key Creation: New API key generation with environment type
  • Key Updates: Label changes and configuration modifications
  • Key Status Changes: Enabling, disabling, and revoking keys
  • Key Deletion: Permanent key removal (when permitted)

Project Management

Project-level changes are comprehensively tracked:

  • Project Creation: New project initialization
  • Project Updates: Name changes and configuration modifications
  • Project Settings: Webhook URL changes and other settings
  • Project Deletion: Project removal attempts and restrictions

System Events

Important system-level activities:

  • Configuration Changes: Platform setting modifications
  • Error Events: System errors and their resolution
  • Performance Events: Significant performance impact events

Audit Log Structure

Each audit log entry contains the following information:

Core Fields

Actor Information

  • User ID: Unique identifier of the person who performed the action
  • User Name: Display name of the actor
  • User Image: Profile image for visual identification in the interface

Action Details

  • Action Type: create, update, or delete
  • Action Description: Human-readable summary of what was done
  • Entity Type: The type of resource affected (e.g., "api_key", "project")
  • Entity ID: Unique identifier of the affected resource

Timing and Status

  • Timestamp: Precise date and time when the action occurred
  • Status: Boolean indicating success (true) or failure (false)
  • Description: Detailed human-readable explanation of the event

Example Audit Log Entry

{
  "id": "01HQXYZ123ABC456DEF789",
  "actorId": "user_01HQXYZ123ABC456",
  "action": "create",
  "actionDescription": "Generated new API key",
  "entityType": "api_key",
  "entityId": "key_01HQXYZ789DEF123ABC456",
  "projectId": "proj_01HQXYZ456ABC789DEF123",
  "description": "Created development API key 'My Dev Key' for project 'My Chat App'",
  "status": true,
  "createdAt": 1699123456789
}

Accessing Audit Logs

Platform Dashboard

[Screenshot placeholder: Navigation to audit logs section]

  1. Navigate to Your Project: Select the project you want to audit
  2. Open Audit Logs: Click "Audit Logs" in the project sidebar
  3. View Recent Activity: See the most recent 100 audit events

Audit Log Interface

[Screenshot placeholder: Audit logs list with filters and search]

The audit log interface provides:

  • Chronological Listing: Events ordered by most recent first
  • Visual Timeline: Easy-to-scan activity timeline with user avatars
  • Detailed Descriptions: Human-readable explanations of each event
  • Status Indicators: Clear success/failure visual indicators
  • Actor Attribution: See who performed each action

Empty State

[Screenshot placeholder: Empty audit logs state]

When no audit events exist yet:

  • Clean interface explaining what will be tracked
  • Links to documentation for understanding audit logs
  • Guidance on actions that will generate audit events

Retention and Limits

Current Retention Policy

  • Event Count: 100 most recent audit events per project
  • Time Limit: No time-based expiration (count-based only)
  • Storage: Events are permanently retained until displaced by newer events

Retention Policy

The system currently retains the 100 most recent audit events per project. Older events are automatically removed as new events are added. Time-based retention policies may be introduced in future updates.

Event Ordering

  • Chronological Order: Events are ordered by creation timestamp
  • Real-Time Updates: New events appear immediately after actions
  • Consistent Numbering: Each event has a unique identifier for reference

Security

Security Monitoring

Audit logs enable comprehensive security oversight:

Unauthorized Access Detection

  • Monitor for unexpected API key creation or modification
  • Track unusual project setting changes
  • Identify suspicious authentication patterns

Access Pattern Analysis

  • Review who is accessing which projects and when
  • Identify unusual activity patterns or timing
  • Monitor for privilege escalation attempts

Change Management

  • Track all configuration changes with full attribution
  • Maintain accountability for system modifications
  • Enable rollback planning with complete change history

Best Practices

Regular Review

Establish Review Schedules

  • Daily: Quick scan for any unusual activity
  • Weekly: Detailed review of all changes and access patterns
  • Monthly: Comprehensive audit of all activities and trends

Key Indicators to Monitor

  • Failed authentication attempts
  • API key modifications outside business hours
  • Unexpected project configuration changes
  • High-volume activity patterns

Security Workflows

Incident Response

  1. Initial Detection: Use audit logs to identify security events
  2. Impact Assessment: Review all related audit entries
  3. Timeline Construction: Build chronological sequence of events
  4. Attribution: Identify all actors involved in the incident

Preventive Measures

  • Regular audit of API key usage and permissions
  • Monitoring for dormant keys that should be revoked
  • Verification of project access patterns

Integration with Security Tools

While Erebus doesn't currently provide audit log export, you can:

Manual Documentation

  • Screenshot important audit events for records
  • Document significant changes in your security log
  • Maintain correlation with external security events

Future Integrations

  • API access for programmatic audit log retrieval (planned)
  • SIEM integration capabilities (under consideration)
  • Automated alerting for suspicious patterns (roadmap item)

Interpreting Common Audit Events

API Key Events

[Screenshot placeholder: API key audit events with descriptions]

"Generated new API key"

  • Trigger: User creates a new API key via the dashboard
  • Important Data: Environment type (dev/prod), key label
  • Security Note: Monitor for unexpected key generation

"Revoked API key"

  • Trigger: User permanently revokes an API key
  • Important Data: Which key was revoked and why
  • Security Note: Verify revocation was intentional

"Updated API key status"

  • Trigger: User enables or disables an API key
  • Important Data: Status change direction (active/disabled)
  • Security Note: Monitor for unauthorized status changes

Project Events

[Screenshot placeholder: Project audit events with descriptions]

"Created new project"

  • Trigger: User creates a project via the dashboard
  • Important Data: Project name and region selection
  • Security Note: Monitor for unexpected project creation

"Updated project settings"

  • Trigger: User modifies project configuration
  • Important Data: Which settings were changed
  • Security Note: Verify webhook URL changes are legitimate

Troubleshooting Audit Logs

Missing Events

Events Not Appearing

  • Immediate Check: Refresh the audit logs page
  • Timing: Some events may have a few seconds delay
  • Permissions: Verify you have access to the project

Historical Events Missing

  • Retention Limit: Only 100 most recent events are kept
  • Project Scope: Events are project-specific
  • Time Range: Check if you're looking at the correct project

Understanding Event Details

Cryptic Descriptions

  • Context: Refer to the action type and entity type for clarity
  • Timestamps: Use timestamps to correlate with your actions
  • Status: Check success/failure status for troubleshooting

Multiple Similar Events

  • Batch Operations: Some actions may generate multiple audit events
  • Retry Logic: Failed actions may create multiple entries
  • User Actions: Rapid successive actions will all be logged

Getting Help

Documentation Resources

Direct Support

  • Email: support@erebus.sh for audit log questions
  • Response Time: Direct support for security and compliance issues
  • Documentation: Comprehensive guides and troubleshooting help

Security First: Audit logs are a critical component of your security posture. Review them regularly and use them proactively to maintain the security of your real-time infrastructure.

API Keys

How to use API keys to interact with the Erebus platform - basic setup and essential concepts.

Getting Started

Complete step-by-step guide to get started with the Erebus platform, from sign-up to your first real-time connection.