Audit Logging¶
Campus WoL maintains a comprehensive audit log that records every significant action taken in the system. This provides accountability, supports troubleshooting, and creates a tamper-resistant record of system activity.
What Gets Logged¶
The audit log captures the following categories of events:
- Authentication -- All login attempts (successful and failed), logouts, and session expirations
- Wake operations -- Every wake command, including which devices were targeted and the outcome
- Device changes -- Adding, removing, importing, and exporting devices from inventory
- Schedule changes -- Creating, deleting, enabling, and disabling wake schedules
- User management -- Creating and deleting user accounts, role changes, and site assignments
- Settings changes -- Modifications to system configuration
Every action that changes the state of the system or represents an access attempt is recorded. Read-only operations like viewing the dashboard are not logged.
Log Fields¶
Each audit log entry contains the following information:
| Field | Description |
|---|---|
| Timestamp | When the action occurred (server time) |
| Username | Who performed the action |
| Action | The type of action (e.g., login, wake, device_create) |
| Target | What the action was performed on (e.g., a device name, classroom, or username) |
| Detail | Additional context in JSON format (e.g., the specific fields that changed) |
| Client IP | The IP address of the client that initiated the action |
Why track client IP?
Recording the client IP address helps administrators investigate suspicious activity. If an unauthorized action occurs, the IP address can help identify where the request originated -- whether from an internal workstation, a VPN, or an unexpected external source.
Viewing the Audit Log¶
The audit log is accessible from the Audit Log page in the Administration sidebar section.
Role Required: Admin
Only users with the Admin role can view the audit log. The Audit Log navigation item is not visible to Viewers or Operators.
The log view supports filtering by:
- User -- Show only actions from a specific user
- Action type -- Show only specific categories of events (e.g., only login attempts, only wake operations)
Entries are displayed in reverse chronological order, with the most recent actions at the top.
Exporting¶
The audit log can be exported to CSV format using the Export CSV button on the Audit Log page. The export downloads the current filtered view, so any active filters are applied to the export.
Export limits
The CSV export has a safety cap of 50,000 rows per export to prevent excessive memory usage. If your log exceeds this limit, apply filters to narrow the result set before exporting. The backend API supports date-range filters, but the UI does not currently expose date-range controls -- filter by user or action type instead.
Retention¶
Audit log retention is configurable. The system supports automatic purging of records older than a specified number of days. Your administrator configures the retention period during deployment. If no retention period is set, records are kept indefinitely.
Choosing a retention period
The right retention period depends on your organization's policies. Many organizations keep audit logs for 90 to 365 days. Shorter periods reduce storage requirements; longer periods provide a more complete history for investigations. Check with your compliance or security team for guidance.
Immutability¶
Audit log records cannot be edited or deleted through the application. There is no UI or API endpoint to modify or remove individual log entries. This ensures that the audit trail remains a reliable record of what happened, even if an account is compromised.
The only way records are removed is through the configured automatic retention purge, which removes entries in bulk based on age.
Next Steps¶
- Role-Based Access Control -- Who can view the audit log and what roles are tracked
- Authentication -- How login events appear in the log
- Network Security -- How client IP addresses are captured