Viewing Logs
Authorized users with the correct permissions can use Audit Viewer to search and inspect key user actions within the Cogynt application from the last 90 days.
Viewing Logs within a Date Range
Logs can be filtered using the date range filter element at the top of the screen. This filter includes various time options:
- Today
- Yesterday
- This Week
- Last Week
- This Month
- Last Month
- All Time (all records audit logs in Elasticsearch that are still in the 30-day period retention period)
- Custom Date Range (a user-defined start and end date/time)
Searching Logs
The Search Facets search box allows performing text searches to return any audit logs matching the search term. When performing a text search, the following fields on an audit log are queried to determine whether there is a match with the search term:
- Object Type: The type of object the audit log was created for.
- Audit Action: The action the audit log was created for.
- Change Type: Whether the user-performed action was a
Create
,Update
, orDelete
of the item the action was performed against. - Object Reference: The system-generated ID for the object that an action was performed against. For example, if a collection (case file) is created in Workstation, the "Object Reference" is the unique system ID for that collection. Searching by this object reference finds any audit logs generated for that specific collection.
- User: Actions triggered by specific users. Upon typing in the search box, if any user account matches the term searched, a visual element appears that allows selecting the user account.
Multiple search terms can be applied in the Search box. The search operates in an "or" manner, and returns any audit logs that fulfill at least one of the search terms.
Example
Searching for the term "collection" and by the user "John Smith" returns any audit logs that contain either "collection" or "John Smith" in any of their fields.
Viewing Detailed Audit Information
To view more detailed information for each audit log, click the row to open a detail panel to inspect the information. The detail panel displays the following information:
- Timestamp: What time the action was performed.
- Object Type: The system-generated ID for the object that an action was performed against.
- Audit Action: The action the audit log was created for.
- Change Type: Whether the user-performed action was a
Create
,Update
, orDelete
of the item the action was performed against. - Object Reference: The system-generated ID for the object that an action was performed against.
- User: The user that performed the action.
- Client IP: The IP address of the client used by the user.
- Object Information: An expandable view of the data on the object that was changed. Click each section within the
change_log
portion to hide or show specific information:- Added: What values were added to the object in the action.
- Removed: what values were removed to the object in the action.
- Value: An alternative set of data that shows the resulting values of all the object's fields after the action is performed. This also includes showing changes in specific values from before and after the action.