Back to Documentation

Audit Logs

Comprehensive activity tracking and compliance reporting for your database infrastructure

Overview

DB24x7 maintains detailed audit logs of all activities within your database infrastructure. These logs provide visibility into user actions, system events, and security-related activities, enabling compliance, troubleshooting, and security monitoring.

Complete Visibility

Track all user and system activities

Compliance Ready

Meet regulatory audit requirements

Real-time Monitoring

Stream logs to your SIEM solution

What is Logged

DB24x7 captures a comprehensive range of events across different categories to provide complete audit trail visibility.

Authentication Events

User Authentication

  • Successful and failed login attempts
  • Logout events
  • Password changes and resets
  • Two-factor authentication setup and usage
  • SSO/SAML authentication events
  • OAuth provider authentication
  • Session creation and termination
  • Account lockouts due to failed attempts

Authorization Events

Access Control

  • Role assignments and changes
  • Permission grants and revocations
  • Team membership changes
  • Database access grants
  • Custom role creation and modification
  • Access denied events (unauthorized attempts)
  • Privilege escalation events

Database Operations

Database Activities

  • Database creation and deletion
  • Schema modifications (DDL operations)
  • Data modifications (INSERT, UPDATE, DELETE)
  • Query executions (SELECT queries)
  • Backup creation and restoration
  • Database configuration changes
  • Connection events
  • Slow query executions

API and Integration Events

Programmatic Access

  • API key creation and deletion
  • API requests (successful and failed)
  • Rate limit violations
  • Webhook configuration changes
  • Integration installations and removals
  • Service account activity

Configuration Changes

System Configuration

  • Organization settings modifications
  • Security policy changes
  • Encryption configuration updates
  • Audit log settings changes
  • Notification preferences
  • Billing and subscription changes
  • IP allowlist modifications

Security Events

Security Monitoring

  • Suspicious activity detection
  • Brute force attempt detection
  • Unusual access patterns
  • Encryption key rotation events
  • Certificate updates
  • Security alerts triggered
  • Data export events

Log Entry Structure

Each audit log entry contains comprehensive metadata to provide context and enable effective analysis.

Standard Fields

timestamp

ISO 8601 timestamp with millisecond precision

event_type

Category of the event (auth, database, api, etc.)

action

Specific action performed (login, create, delete, etc.)

actor

User or service account that performed the action

resource

Resource affected by the action

result

Success or failure status of the action

ip_address

Source IP address of the request

user_agent

Client application or browser information

Example Log Entry

{
  "id": "log_2kJ9xM5pQw1zN3R7",
  "timestamp": "2026-02-07T14:23:45.123Z",
  "event_type": "database.query",
  "action": "execute",
  "actor": {
    "id": "user_abc123",
    "email": "[email protected]",
    "type": "user"
  },
  "resource": {
    "id": "db_xyz789",
    "name": "production_analytics",
    "type": "database"
  },
  "result": "success",
  "ip_address": "203.0.113.42",
  "user_agent": "DB24x7-Client/2.1.0",
  "metadata": {
    "query_duration_ms": 1250,
    "rows_affected": 15420,
    "query_type": "SELECT"
  }
}

Accessing Audit Logs

DB24x7 provides multiple ways to access and analyze audit logs, from the web interface to programmatic access via API.

Web Dashboard

  1. Navigate to Settings Organization Audit Logs
  2. Use filters to narrow down logs by time range, event type, user, or resource
  3. Click on any log entry to view full details
  4. Export results as CSV or JSON for offline analysis

Search and Filtering

Advanced Filters

  • Date and time range
  • Event type and action
  • User or service account
  • Resource name or ID
  • IP address or range
  • Success or failure status

Full-Text Search

Search across all log fields including metadata:

  • User emails and names
  • Resource identifiers
  • Error messages
  • Custom metadata fields

API Access

Programmatically retrieve audit logs using the REST API:

curl -X GET "https://api.db24x7.com/v1/audit-logs" \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "start_date": "2026-02-01T00:00:00Z",
    "end_date": "2026-02-07T23:59:59Z",
    "event_type": "database.query",
    "limit": 100
  }'

Log Retention Policies

Audit logs are retained according to your subscription plan and compliance requirements.

Retention by Plan

Starter Plan

30 days

Logs are retained for 30 days. Sufficient for basic auditing and troubleshooting.

Professional Plan

90 days

Three months of retention for quarterly compliance reviews and analysis.

Enterprise Plan

1 year (configurable)

One year of retention by default. Can be extended up to 7 years for regulatory compliance (HIPAA, SOX, etc.).

Extended Retention

Enterprise customers can configure custom retention policies to meet specific compliance requirements. Contact support to discuss your retention needs.

Archival Options

For long-term storage beyond the retention period:

  • Export logs regularly to your own storage (S3, Azure Blob, etc.)
  • Configure automatic log forwarding to archive storage
  • Use SIEM integration for centralized log management
  • Export compressed log bundles for offline archival

Exporting Logs

Export audit logs in multiple formats for analysis, compliance reporting, or long-term archival.

Export Formats

CSV

Comma-separated values for spreadsheet analysis

Best for: Excel, data analysis

JSON

Structured JSON with full metadata

Best for: Programmatic processing

NDJSON

Newline-delimited JSON for streaming

Best for: Log aggregation tools

Manual Export

  1. Navigate to Settings Organization Audit Logs
  2. Apply desired filters for the logs you want to export
  3. Click "Export" button in the top right
  4. Select export format (CSV, JSON, or NDJSON)
  5. Download will begin automatically (large exports may be emailed)

Automated Export

Configure scheduled exports to automatically archive logs:

  1. Go to Settings Organization Audit Logs Export
  2. Click "Configure Automated Export"
  3. Set export frequency (daily, weekly, monthly)
  4. Choose destination (email, S3, SFTP, webhook)
  5. Select format and filters
  6. Save configuration

SIEM Integration

Stream audit logs in real-time to your Security Information and Event Management (SIEM) solution for centralized monitoring and correlation.

Supported SIEM Platforms

Splunk

Native Splunk HEC (HTTP Event Collector) integration

Datadog

Direct log forwarding to Datadog Log Management

Elastic Stack (ELK)

Stream to Elasticsearch via Logstash or Beats

AWS Security Hub

Integration with AWS Security Hub and CloudWatch

Azure Sentinel

Native connector for Microsoft Azure Sentinel

Custom SIEM

Webhook or syslog integration for any SIEM platform

Setting Up SIEM Integration

  1. Navigate to Settings Organization Integrations
  2. Click "Add Integration" and select your SIEM platform
  3. Configure connection details (endpoint, API key, etc.)
  4. Select which log types to forward (all or specific event types)
  5. Test the connection to verify logs are flowing
  6. Enable the integration and monitor delivery metrics

Real-Time Streaming

SIEM integrations stream logs in real-time with typical latency under 30 seconds. This enables immediate alerting on security events and anomalous behavior.

Compliance Reporting

Generate compliance reports from audit logs to demonstrate adherence to regulatory requirements.

Pre-Built Report Templates

Access Review Report

Summary of all user access changes, role assignments, and permission modifications over a specified period.

Authentication Report

Login attempts, authentication failures, and session activity for security audits.

Data Access Report

Database queries, data exports, and access patterns for data privacy compliance (GDPR, CCPA).

Configuration Change Report

All system configuration modifications with change tracking for SOC 2, ISO 27001 audits.

Security Events Report

Failed access attempts, suspicious activity, and security alerts for incident response.

Generating Compliance Reports

  1. Go to Settings Organization Audit Logs Reports
  2. Select a pre-built report template or create custom
  3. Choose date range (monthly, quarterly, annually)
  4. Configure additional filters if needed
  5. Generate report (PDF or Excel format)
  6. Schedule recurring reports for automatic compliance tracking

Compliance Standards Supported

SOC 2 Type II

Audit trails for security, availability, and confidentiality

HIPAA

PHI access logging and breach notification support

GDPR

Data subject access requests and processing records

ISO 27001

Information security management system audit logs

Related Documentation

Authentication

Authentication events logged in audit trail

Role-Based Access Control

Permission changes tracked in audit logs