Understanding the Activity and Audit Log

Understanding how changes are made to your monitoring configuration is crucial for security, compliance, and troubleshooting. Server Scout provides a comprehensive activity and audit log that tracks all significant actions performed within your account, giving you complete visibility into who made what changes and when.

What Is Logged

The Server Scout audit log captures a comprehensive range of activities across your monitoring environment:

• User authentication: Login and logout events, including failed login attempts
• Server management: Server additions, deletions, and configuration edits
• Alert configuration: Changes to alert conditions, thresholds, and monitoring rules
• Notification settings: Updates to notification channels, webhook configurations, and alert routing
• User account management: User additions, role changes, permission updates, and account modifications
• Security events: Password resets, two-factor authentication changes, and session management
• Administrative actions: Organisation settings changes, billing updates, and other system-level modifications

This comprehensive logging ensures that every significant action is recorded and can be reviewed when needed.

Accessing the Activity Log

The activity and audit log is accessible through your Server Scout dashboard at app.serverscout.ie. The visibility of log entries depends on your user role:

• Regular users can view their own activity, allowing them to track the changes they've made
• Admin users have access to the complete audit trail, showing activity from all users in the organisation

To access the log, navigate to the account or settings section of your dashboard where you'll find the activity log menu item.

Understanding Log Entries

Each audit log entry contains detailed information to help you understand exactly what occurred:

• Timestamp: The precise date and time when the action was performed
• User identification: The name and username of the person who performed the action
• Action type: A clear description of what was done (e.g., "Server Added", "Alert Rule Modified")
• IP address: The source IP address from which the action was performed
• Relevant details: Specific information such as server names, changed settings, or affected resources

This level of detail ensures you have complete context for every logged event.

Searching and Filtering

To help you find specific events quickly, the audit log includes robust search and filtering capabilities:

1. Filter by action type to focus on specific activities like server changes or user management actions
2. Filter by user to see all actions performed by a particular team member
3. Filter by date range to examine activity during specific periods
4. Combine filters for precise searches, such as finding all server additions by a specific user within the last month

These filtering options make it easy to locate relevant information, whether you're investigating a specific incident or conducting routine audits.

Data Retention

Audit log entries are retained according to Server Scout's standard data retention policy, ensuring you have access to historical activity records for compliance and investigation purposes. This retention period provides adequate coverage for most operational and compliance requirements.

Compliance and Accountability

The audit log serves as a crucial accountability trail, documenting:

• Change management compliance: Verify that changes follow your organisation's processes
• Incident investigation: Track what changes occurred before system issues
• Compliance reporting: Provide evidence of proper access controls and change management for regulatory requirements
• Security monitoring: Identify unusual patterns or unauthorised access attempts

Practical Applications

Regular review of the audit log can help you:

• Investigate configuration issues by identifying recent changes that might have caused problems
• Monitor team compliance with change management procedures
• Detect suspicious activity such as unusual login patterns or unexpected configuration changes
• Maintain security hygiene by reviewing who has access and how it's being used

The audit log is an essential tool for maintaining visibility and control over your monitoring environment, ensuring you can track changes, investigate issues, and maintain security standards effectively.