Administrator Guide
Audit Log
The Audit Log comprehensively records all critical operations across enterprise resources, giving administrators full visibility into user actions and ensuring data security and operational traceability.
Overview
The audit log system includes the following core capabilities:
- Comprehensive Coverage: Automatically logs key operations in both workspaces and the admin console.
- Multi-dimensional Query: Filter logs by time, user, resource type, operation type, etc.
- Detailed Tracking: Includes operator, timestamp, resource object, source IP, and more.
- Data Security: Sensitive information is automatically masked to ensure log security.
Viewing the Audit Log
Click Audit Log in the left menu of the Admin Console to enter the audit log view. System administrators can access operation records across all enterprise workspaces and admin console operations.
Log Format
Each audit log entry includes the following key fields:
| Field Type | Content | Description |
|---|---|---|
| Time | Format: YYYY/MM/DD | Precise to the second |
| Workspace | Workspace name, ID | Hover to view ID |
| Operator Info | Email, type, name | Includes member info, permissions, API, SSO types |
| Operation | Create, delete, update, login, publish, etc. | - |
| Resource Type | Admins, user groups, etc. | (May include mixed values like user groups, API, etc.) |
| Resource | - | (May contain mixed resource values) |
| Parent Resource | Type, ID, name | Shows resource hierarchy in detail view |
Click the Details button on the right of a log entry to view full content:
A parent resource refers to a higher-level resource that created the current one. For example, when a file is uploaded to a knowledge base, a Knowledge Base File resource is created, with the Knowledge Base as its parent.
Workspace Resource Logs
| Module | Resource Type | Operation Type | Example Resource | Parent Resource | Notes |
|---|---|---|---|---|---|
| Workspace | App | Create | Finance Assistant | - | |
| App | Delete | Finance Assistant | - | ||
| App | Import DSL | Finance Assistant | - | ||
| App | Export DSL | Finance Assistant | - | ||
| App | Publish | Finance Assistant | - | ||
| App | Enable Web App | Finance Assistant | - | ||
| App | Disable Web App | Finance Assistant | - | ||
| App | Modify Web App Access | Finance Assistant | - | ||
| App | Enable Backend API | Finance Assistant | - | ||
| App | Disable Backend API | Finance Assistant | - | ||
| API Key | Create | app-****3e80 | App | Logs parent resource ID and name | |
| API Key | Delete | app-****3e80 | App | Logs parent resource ID and name | |
| Knowledge Base | Create | Finance KB | - | ||
| Knowledge Base | Delete | Finance KB | - | ||
| Knowledge Base | Modify Access | Finance KB | - | ||
| KB File | Delete | FinancePolicy.doc | Knowledge Base | Logs parent resource ID and name | |
| KB File | Import | FinancePolicy.doc | Knowledge Base | ||
| Settings | Member | Invite | Peter | - | |
| Member | Delete | Peter | - | ||
| Account | Member | Login | Peter | - | |
| Member | Change Password | Peter | - |
Admin Console Resource Logs
| Module | Resource Type | Operation | Example Resource | Parent Resource | Notes |
|---|---|---|---|---|---|
| Workspace | Workspace | Create | Ops Workspace | - | Operator marked as “API” if created via API; logs masked keys |
| Workspace | Delete | Ops Workspace | - | ||
| Auth Method Config | Modify | Auth Methods - SSO Config | - | Includes email/password, code, TTL, registration config | |
| External User Auth Config | Modify | SSO Config | - | Includes SSO enablement and details | |
| Members | Member | Create | Anderson | - | |
| Member | Delete | Anderson | - | ||
| Member | Modify | Anderson | - | ||
| Member | Change Password | Anderson | - | ||
| Member Group | Modify | IT Ops Group | - | ||
| Member Group | Create | IT Ops Group | - | If via API or SCIM 2.0, operator is “Admin API” or “SCIM 2.0” | |
| Member Group | Delete | IT Ops Group | - | ||
| Member/Group Sync Config | Modify Config | Sync Toggle | - | ||
| Member/Group Sync Config | Modify Config | Generate Token | - | ||
| Settings | System User | Create | Admin 01 | - | |
| System User | Delete | Admin 01 | - | ||
| System User | Change Password | Admin 01 | - | ||
| System User | Login | Admin 01 | - | ||
| System User | Logout | Admin 01 | - | ||
| Enterprise API Key | Create | 237d****dca7 | - | ||
| Enterprise API Key | Delete | 237d****dca7 | - | ||
| Account / 2FA | Bind 2FA | Super Admin | - | ||
| Account / 2FA | Generate Backup Code | Super Admin | - |
Querying Logs
System administrators can filter logs by various conditions to locate specific entries quickly:
| Filter Dimension | Description | Required |
|---|---|---|
| Workspace ID | Precise filtering by workspace | No |
| Resource Type | Filter by app, KB, member, etc. | No |
| Operation Type | Filter by create, delete, modify, etc. | No |
| Resource ID | Filter by specific resource | No |
| Time Range | Up to 3 months | Yes (defaults to 1 month) |
Example Log Cases
Workspace Operations
- Member “Zhang San” deleted the app “Salary Assistant” in the Finance workspace.
- Member “Li Si” uploaded the file “ReimbursementProcess.pdf” to the “Finance Policies” knowledge base.
Admin Console Operations
- Admin “Admin” created the “Marketing” workspace.
- API deleted “Member 01” via the admin console.
- Admin “Charlie” updated the SSO configuration.
Compliance & Security
Compliance Guarantee
- Data Integrity: All key actions are recorded fully.
- Time Accuracy: Unified timestamps ensure proper event ordering.
- Immutability: Logs cannot be altered after generation.
- Long-term Retention: Supports enterprise-grade retention strategies.
Security Considerations
- Access Control: Only system admins can access the audit log.
- Sensitive Info Protection: Sensitive data is masked to prevent leaks.
Best Practices
Routine Monitoring
- Regular Reviews: Review logs periodically to spot irregular activity.
- Key Event Monitoring: Focus on delete actions, permission changes, and config updates.
- Compliance Reporting: Use logs to create regular compliance reports.
Incident Response
- Anomaly Detection: Detect suspicious behavior via log analysis.
- Event Tracing: Trace full operation chains during incidents.
- Forensics Support: Provide reliable evidence during investigations.
The Audit Log offers full transparency and compliance support, making it a critical feature for enterprise AI application management.