ToolJet/docs/versioned_docs/version-3.0.0-LTS/security/audit-logs.md at d49fde2ccea52667f99675e1a7b25bdea54c580f

mirror of https://github.com/ToolJet/ToolJet synced 2026-04-25 15:37:37 +00:00

* Initial Structure Setup

* Add SMTP Configuration Content

* Add ToolJet Plan Content

* Update ToolJet Plan Docs

* Update SMȚP Configuration

* Add Organization Overview

* Update SMTP Cofig

* add licensing structure

* revert AppCard.jsx

* revert AppCard.jsx

* Revert AppMenu.jsx

* Revert Folders.jsx

* Revert ManageGroupPermissionResources.jsx

* revert mixins.scss

* revert tabler.scss

* revert tabler.scss

* revert tabler.scss

* revert tabler.scss

* add: white label doc

* Update overview

* add: instances and workspaces

* revert AppCard.jsx

* revert changes from EditVersionModal.jsx

* Revert Changes

* Delete Extra File

* fix: comments

* update interlink

* fix: multiple instance content

* tj deployment beta

* update tj deployment beta

* Update Email Server Beta

* Update Overview

* update setup email communication

* Update Licensing

* Update overview and self hosted docs

* Update self hosted beta

* Update Licensing

* minor improvments

* update link

* Update folder name

* minor updates

* Update Self Hosted

* Update Cloud and Overview

* Minor Updates and add Mailgun Screenshot

* Change beta folder structure and add sendgrid screenshot

* update setup tj folder

* Replicate changes to 3.0.0-LTS

* Add overview and onboard user structure in beta

* Add Overview for User Management and Access Control

* Add Invite User

* first draft - bulk invite, archive, self signup

* update: intance-workspace-whitelabelling

* fix: workspace-whitelable doc

* minor update in invite user

* Update Onboarding and Offboarding of Users - 03/01

* Add structure for authentication and rbac in beta

* update super admin file structure

* add super admin content

* Update overview page

* Overview for onboard and offboard user

* minor edit overview page

* Update Invite User

* Update Bulk Invite User

* updated archive user

* Update onboarding and offboarding

* Content Update

* Update Super Admin Structure

* Update Super Admin

* User Roles Content

* Custom Groups Content

* Granular Access Control [WIP]

* Add SSO Structure

* github sson 1

* github sso

* Google SSO

* ldap

* grammatical improvement

* Feedback Updates 1

* complete RBAC

* sso update

* SSO LDAP SAML OIDC

* OIDC Setup

* Google OIDC

* Update LDAP and SAML Intro

* Update Profile Management Structure

* Update Access Control Docs

* Update Custom Groups

* feat: authentication

* OIDC - Okta

* feat: cloud auth

* fix: overview typo

* fix: selfhosted auth titles

* Group Sync Structure

* User Metadata

* [WIP] OIDC Group Sync

* OIDC Group Sync

* Update use case example in user metadata

* Remove password management section

* Update reset password

* add: retry limit in password login

* Docs feedback update

* OIDC Group Sync Docs

* oidc grp sync

* Custom Group

* access control

* Profile Management Structure

* edit user details and reset password

* profile settings

* Development Lifecycle Structure

* [WIP] Version Control

* [WIP] Rollback

* Update GitSync Structure

* WIP GitSync

* Copy GitSync from the Develop

* Update version control as per feedback

* wip: release

* release and rollback

* GitSync

* GitSync

* feat: self-hosted and cloud

* gitsync backup docs

* [WIP] GitSync

* GitSync Backup

* share app ideation

* Share Application

* WIP Audit Logs

* WIP Okta SAML

* wip - okta saml

* Okta SAML

* Audit Logs

* Git Push and Pull

* GitSync Backup

* Release Management

* GitSync Config

* gitsync custom branch

* Workspace Constants

* Workspace Variables

* Update License

* update: images and css classes

* update: images

* update: envs

* update: images

* Img Update till Invite User

* update: removed cloud from Dev Life cycle

* feat: custom domain

* fix: formatting - custom domain

* update: workspace doc

* metadata img update

* Images till Onboard and Offboard

* SSO Images

* Image Update GitSync

* fix: naming

* delete sql backup

* update: images

* Add ToolJet API

* Enhance Nav Bar

* Update development lifecycle overview

* update: images

* Nav Bar Update

* fix: feedback

* Update FAQ dropdown

* feedback update

* Content Update

* fix: images

* fix: platform overview image

* Update Grammar and Links till Onboard Users

* Fix links

* Update Self Singup Screenshot

* Fix interlinking

* Fix GitSync Interlinks

* update: interlinking

* Delete Old Docs Beta

* Delete Old Files from LTS

* Replicate Files in LTS

* Update Home Page

* fix workspace login link

* fix links

* Deploy ToolJet

---------

Co-authored-by: PriteshKiri <pritesh.d.kiri@gmail.com>

2025-03-06 16:12:09 +05:30

9.2 KiB

Raw Blame History

id	title
audit-logs	Audit Logs

Available on: Paid plans

The audit log is the report of all the activities done in your ToolJet account. It will capture and display events automatically by recording who performed an activity, what when, and where the activity was performed, along with other information such as IP address.

Date Range

Retrieve the log of events that occurred within the specified date and time range using the range picker. By default, the system loads 24-hour logs for the initial view. The maximum duration that can be specified for the "from" and "to" dates is 30 days.

:::info Pagination at the bottom allows navigation through the pages, with each page displaying a maximum of 7 logs. :::

Filter Audit Logs

You can apply filters to the audited events based on the following criteria.

Select Users

Choose a specific user from the dropdown list to view all their activities.

Select Apps

The dropdown will display all the apps associated with your account. Select an app to filter the logs related to that particular app.

Select Resources

<div style={{ width:"100px"}}> Resources	<div style={{ width:"100px"}}> Description
User	Filter all the User events like `USER_LOGIN`, `USER_SIGNUP`, `USER_INVITE`, AND `USER_INVITE_REDEEM`.
App	Filter all the App events like `APP_CREATE`, `APP_UPDATE`,`APP_VIEW`,`APP_DELETE`,`APP_IMPORT`,`APP_EXPORT`,`APP_CLONE`.
Data Query	Filters the events associated with Data Query like `DATA_QUERY_RUN`.
Group Permission	All the events associated with Group Permissions will be filtered. Group Permissions include `GROUP_CREATE`, `GROUP_UPDATE`, `GROUP_DELETE`.
App Group Permission	Within each group, you can set apps for read or edit privileges. These events get recorded as App Group Permissions.

Select Actions

<div style={{ width:"100px"}}> Actions	<div style={{ width:"100px"}}> Description
USER_LOGIN	This event is recorded everytime a user logins.
USER_SIGNUP	This event is recorded everytime a new signup is made.
USER_INVITE	You can invite users to your account from `Manage Users` section and an event is audited everytime an invite is sent.
USER_INVITE_REDEEM	This event is recorded whenever an invite is redeemed.
APP_CREATE	This event is recorded when a user creates a new app.
APP_UPDATE	This event is recorded whenever actions like renaming the app, making the app public, editing shareable link, or deploying the app are made.
APP_VIEW	This event is logged when someone views the launched app. (public apps aren't accounted for)
APP_DELETE	This event is recorded whenever a user deletes an app from the dashboard.
APP_IMPORT	This event is recorded whenever a user imports an app.
APP_EXPORT	This event is recorded whenever an app is exported.
APP_CLONE	This event is recorded whenever a clone of the existing app is created.
DATA_QUERY_RUN	This event is logged whenever a data source is added, a query is created, or whenever a query is run either from the query editor or from the launched app.
GROUP_PERMISSION_CREATE	This event is recorded whenever a group is created.
GROUP_PERMISSION_UPDATE	This event is recorded whenever an app or user is added to or removed from a group, or the permissions for a group are updated.
GROUP_PERMISSION_DELETE	This event is recorded whenever a user group is deleted from an account.
APP_GROUP_PERMISSION_UPDATE	For every app added in to user group, you can set privileges like `View` or `Edit` and whenever these privileges are updated this event is recorded. By default, the permission of an app for a user group is set to `View`.

Understanding Log Information

<div style={{ width:"100px"}}> Property	<div style={{ width:"100px"}}> Description
action_type	This indicates the type of action that was logged in the event. Refer to this for more information on actions.
created_at	Shows the date and time when the event was logged.
id	Each logged event is assigned a unique event ID.
ip_address	Displays the IP address from which the event was logged.
metadata	The metadata includes two sub-properties: `tooljet_version` and `user_agent`. `tooljet_version` shows the version of ToolJet used for the event, while `user_agent` contains information about the device and browser used.
organization_id	Every organization in ToolJet has a unique ID associated with it, which is recorded when an event occurs.
resource_id	Different resources have their respective IDs associated with them. These IDs are assigned when the resources are created.
resource_name	Shows the name of the resources that were involved in the logged event. For example, if an app was created or deleted, it will display the name of that app.
resource_type	Indicates the type of the resources involved in the logged event.
user_id	Each user account in ToolJet has a unique ID associated with it, which is recorded when an event occurs.

Log File

The file will contain all the data from audit logs. The log file can be created by specifying the path in the environment variables. The log file is rotated on a daily basis and is updated dynamically every time a new audit log is generated.

Learn more about setting up the log file generation here.

Log Rotation

The log file is configured to rotate on a daily basis. This means that a new log file will be created every day, ensuring efficient management and organization of audit data.

Log Redaction

ToolJet implements log redaction to protect sensitive information. By default, the following headers are masked in the logs:

authorization
cookie
set-cookie
x-api-key
proxy-authorization
www-authenticate
authentication-info
x-forwarded-for

Additionally, you can specify custom fields to be masked using the LOGGER_REDACT environment variable.

<div style={{ width:"100px"}}> Variable	<div style={{ width:"100px"}}> Description
LOGGER_REDACT	Comma-separated list of additional fields to be masked in logs (e.g., req.headers["x-session-id"],req.headers["x-device-fingerprint"])

For example:

LOGGER_REDACT=res.headers["x-rate-limit-remaining"],res.headers["x-request-id"]

Log File Path

The path for the log file is defined using the LOG_FILE_PATH variable in the environment. It's important to understand that this path is relative to the home directory of the machine. For instance, if LOG_FILE_PATH is set to hsbc/dashboard/log, the resulting log file path will be structured as follows:

homepath/hsbc/dashboard/log/tooljet_log/{process_id}-{date}/audit.log

Here, {process_id} is a placeholder for the unique process identifier, and {date} represents the current date. This structured path ensures that audit logs are organized by both process and date, facilitating easy traceability and analysis.

<div style={{ width:"100px"}}> Variable	<div style={{ width:"100px"}}> Description
LOG_FILE_PATH	the path where the log file will be created ( eg: tooljet/log/tooljet-audit.log)

Example Log file data

{
  level: 'info',
  message: 'PERFORM APP_CREATE OF awdasdawdwd APP',
  timestamp: '2023-11-02 17:12:40',
  auditLog: {
    userId: '0ad48e21-e7a2-4597-9568-c4535aedf687',
    organizationId: 'cf8e132f-a68a-4c81-a0d4-3617b79e7b17',
    resourceId: 'eac02f79-b8e2-495a-bffe-82633416c829',
    resourceType: 'APP',
    actionType: 'APP_CREATE',
    resourceName: 'awdasdawdwd',
    ipAddress: '::1',
    metadata: {
      userAgent: 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36',
      tooljetVersion: '2.22.2-ee2.8.3'
    }
  },
  label: 'APP'
}

9.2 KiB Raw Blame History