Audit log records detect problem

Detect software anomalies with the audit log

Patrick Vigeant

Patrick Vigeant

Solutions architect at Witify

In today's digital ecosystem, information security is not an option but a necessity. As companies strive to protect their critical data, they turn to a variety of security strategies. Logging is an automated data collection process used to record all key actions and changes in software.

Traditionally seen as a means of collecting data for diagnosis and incident resolution after the fact, logging can also be transformed into a powerful prevention mechanism through automation. Here's an overview of what we'll be covering:

  1. Global action logging and audit logging
  2. Resource modification logging
    1. Global and custom actions: Record actions such as creation, modification and deletion in systems, as well as custom actions for various company workflows.
    2. Time logging: Track the precise time of modifications for traceability and chronological analysis.
    3. Informative logging: Detect not only the "when" but also the "what" of modifications, offering a wealth of information for auditing and incident prevention.
  3. Data exploitation: The benefits of a control register and logging

At Witify, we are convinced that the digitization of SMEs must be accompanied by a sophisticated security strategy, in which logging plays a key role. This article sets out to demonstrate how, far beyond its traditional function, logging can be a pillar of security and compliance.

Global action logging and audit trails

At the heart of effective management software is the ability to track and audit user actions. Let's take the example of a ticketing system designed to manage external customer requests. Global actions, such as viewing, creating, modifying and deleting a ticket, form the basis of user interaction management. However, beyond these standard actions, there are a multitude of customized actions that reflect a company's unique processes: sending a response email, assigning a ticket to a colleague and closing a ticket are examples.

Each time a user performs one of these actions, the system records key information: the user's identity, the date and time, and the specific action performed. This mechanism creates a detailed and accurate history of interactions within the system. For example, it is possible to retrace the path of a particular ticket, noting that supervisor Josée McCortez first assigned ticket #13255A to John Doe on March 5, 2024 at 1:22 p.m., before the latter deleted the same ticket #13255A a few hours later.

NB: It's important to note that the logging system often acts as a detection mechanism, not a prevention one. A number of other security strategies, including a well-designed permission system, can help to avoid undesirable upstream scenarios. For example, is it appropriate here for a user to be able to delete a ticket assigned to him by a supervisor? Shouldn't the system prevent the deletion of a ticket by a user without special permission, or require validation at the very least?

In short, global and customized action logging offers greater transparency and control over internal processes, which are essential for corporate security, compliance and operational efficiency.

Resource modification logging

Time-based logging

Level 1 - No time logging

At this stage, no time data is associated with ticket modifications. For example, if a ticket concerning a feature request is updated several times, the system does not record the time of these modifications. Without this information, it is impossible to trace the evolution of the ticket, or to understand when requests or problems were addressed.

Level 2 - Record last modification

Here, the system records the date and time of the last action taken on a ticket. Let's take the case of ticket 9548-B1: if the last modification took place on March 16, 2024 at 1:12 p.m., this information will be recorded. However, if this ticket had been modified previously, the details of these earlier modifications would remain unknown. This level offers a partial but useful view of the most recent interventions.

Level 3 - Full logging

This level provides a detailed trace of all temporal modifications made to a ticket. For example, ticket 9548-B1 might have a history of actions recorded such as: "Created on March 14 2024 at 09:45", "Modified on March 15 2024 at 11:17", and "Modified on March 16 2024 at 13:12". Each action is documented with its precise date and time, providing a complete view of the ticket's lifecycle. This approach makes it possible to accurately trace all the moments when the ticket was modified.

Time logging at this level of detail is particularly valuable for support and development teams, as it enables them to track changes efficiently, identify trends or recurring problems, and ensure proactive management of user requests.

Informative logging

Informative logging goes beyond simply recording when changes are made; it focuses on the "what" of those changes. This approach captures the specific details of changes made to a resource, such as a ticket in our system, providing a wealth of information crucial to analyzing and understanding interactions within the system.

Level 1 - No informative record

At this stage, although changes may be made to a ticket, no information is kept as to the nature of these changes. For example, if the status of a ticket is changed, or if comments are added, the system does not record these details. This makes it difficult to analyze the actions taken and limits the ability to trace the evolution of queries or problems.

Level 2 - Record of last user to modify

This level introduces an additional piece of information by recording the identity of the user who last modified a ticket. For example, if Stefany Ilds was the last person to modify ticket 9548-B1 on March 16, 2024, this information is saved. However, without details on the nature of the modification (change of priority, addition of comment, etc.), the usefulness of this information remains limited.

Level 3 - Detailed change logging

The most advanced level captures not only the identity of the user making the changes, but also the precise details of those changes. Let's take ticket 9548-B1 as an example. It would be possible to know that Stefany Ilds changed the priority indicator from urgent to normal. This level of detail provides an exhaustive view of interactions with the ticket, enabling us to understand precisely who changed what.

The ability to capture and analyze this detailed information transforms informative logging into a powerful tool for auditing, performance monitoring and problem resolution. It enables teams to detect trends, identify friction points, and continuously improve request and incident management.

Synergize information and temporality

Change logging combines temporal and informative aspects to provide a complete picture of activity within a system, such as ticket management. This combination creates a detailed historical trace of every action, offering maximum transparency and a solid basis for analysis, auditing and problem-solving.

The effectiveness of change logging lies in the integration of temporal and informative levels. By combining these two dimensions, we can not only know when an action has been carried out (temporal aspect), but also understand in detail what has been changed (informative aspect). It is generally recommended to have at least level 2 for both the temporal and informative aspects. However, the ideal would be to have a level 3 for both, allowing full traceability of all changes.

Ticket example: Let's take the example of ticket 9548-B1 to illustrate this integrated approach. Let's imagine a series of changes:

  • March 14, 2024 at 09:45: Ticket created by Alex Mercer (Global action)
  • March 15, 2024 at 11:17 a.m. : Jack Peltrow changes the priority of the ticket from "Normal" to "Urgent". (Action on resource)
  • March 16, 2024 at 1:12pm: Addition of a proposed solution to the ticket problem by Stefany Ilds and change of priority from "Urgent" to "Normal". (Action on resource)

Each record details not only the time of modification, but also the identity of the user and the precise nature of the change. This level of detail gives system managers and development teams a complete understanding of ticket interactions, facilitating auditing, problem management and continuous process improvement.

Matrice de journalisation temporelle et informative
Temporal and informative logging matrix

The benefits of logging and control logging

For SMEs going digital, integrating a robust auditing system into software solutions increases security and ensures compliance, while optimizing operational processes. At Witify, we integrate advanced audit logging systems into our tailor-made software solutions. Here's what such a system actually does for your business:

1. Enhanced security

The ability to monitor, record and analyze all actions carried out in your IT systems helps to identify and react quickly to any suspicious or malicious activity, reducing the risk of data breaches and other forms of cyber-attack.

2. Easier compliance

With increasingly stringent regulatory requirements, particularly in terms of personal data protection (such as the RGPD in Europe), a robust auditing system makes it easy to demonstrate your company's compliance.

3. Continuous improvement

By analyzing the data collected by the audit system, it's possible to identify trends, inefficiencies and sticking points in your operational processes. This enables you to initiate corrective action and continuously optimize the performance of your systems.

4. Operational transparency

An audit system provides a clear, detailed overview of activities within your system, increasing transparency for managers and auditors alike. This contributes to better decision-making based on reliable data.

5. Greater accountability

By recording who did what and when, the audit system reinforces individual and collective responsibility within your organization. This is particularly valuable in environments where permissions and access management is complex.

6. Data recovery and resilience

In the event of human error or technical failure, the ability to trace previous actions enables faster and more efficient data recovery, contributing to your company's resilience in the face of the unexpected.

Conclusion

In conclusion, the integration of an audit logging system into Witify's software for SMBs represents much more than a security or compliance measure. It's an essential strategic step that supports your company in its quest for digitization, automation and increased efficiency. Through global and customized actions, temporal and informative logging, we have explored how such a system not only guarantees security and transparency, but also provides a solid basis for analysis, auditing and continuous improvement.

At Witify, we are committed to providing tailor-made software solutions that not only meet our customers' immediate needs, but also equip them for the future. Implementing a high-performance auditing system is a cornerstone of this approach, enabling your SME not only to confidently navigate today's complex and ever-changing digital environment, but also to position itself to take full advantage of tomorrow's opportunities.

We are convinced that the key to success in the digital world lies in a solid foundation of transparency, security and adaptability.

The auditing systems we integrate into our solutions are designed to provide you with this assurance, enabling you to concentrate on what you do best: innovate and grow. Together, let's make digitalization a strength for your company.

Patrick Vigeant

Patrick Vigeant

Solutions architect at Witify

Patrick Vigeant is co-founder and solutions architect at Witify. Specializing in technology, he has spent over 10 years designing innovative digital solutions and developing tailor-made management systems. Particularly experienced in solution architecture, he designs and equips SMEs with a customized technological infrastructure focused on efficiency and effectiveness. Teaching the graduate Web Analytics course at HEC, Patrick enjoys sharing the latest digital trends and keeping in touch with the academic world. Finally, he is involved in his business community as President of La Relève d'Affaires lavalloise.

Witify Logo Icon

Interested in growing your business?