Audit Log
The Audit Log is the complete, tamper-evident history of every significant action taken in the system — who did what, when, from which IP address — used for accountability, troubleshooting, and security review.
Overview
Every create, update, delete, login, logout, export, import and print action across entities like sales, products, customers, users, inventory, expenses, settings and reports is captured here with a timestamp, the acting user, and a human-readable description.
A summary section shows Total Logs, Today's Actions, Active Users in the last 30 days, and how many distinct entity types have activity, plus three visual breakdowns: actions by frequency, entities by frequency, and the most active users over the last 30 days.
Below the summary is a searchable, filterable, exportable table of every individual log entry — this is the detailed record you drill into when investigating a specific change or user.
Before You Start
- Requires the
auditfeature at theAdvancedplan tier or above. - The Purge Old button only appears for users with delete permission on this page.
Step-by-Step Guide
1 Investigate a specific change
- Use the Action dropdown to narrow to a specific action type (CREATE, UPDATE, DELETE, LOGIN, LOGOUT, EXPORT, IMPORT, PRINT).
- Use the Entity dropdown to narrow to one record type (sale, product, customer, user, inventory, expense, setting, report).
- Set a From/To date range to bound the search window.
- Use the search box on the table itself for free-text matching on description, user name, or entity.
- Click any row's Description or use the table's detail view to see the full context, including the acting user's name/role and the IP address the action came from.
2 Review activity summary and top users
- Check the four summary KPI cards at the top for a quick health check: Total Logs, Today's Actions, Active Users (30d), Entity Types.
- Review the "Actions (last 30 days)" bar chart to see which action types dominate (e.g. a spike in DELETE might warrant investigation).
- Review "Entities (last 30 days)" to see which record types are being touched most.
- Check "Most Active Users (30d)" to see who is generating the most activity — useful both for recognising engaged staff and spotting unusual activity.
3 Export logs for external review
- Apply whatever filters you need, then use the export control in the table toolbar (visible only with export permission) to download the filtered results.
4 Purge old audit logs
Purging permanently deletes old log entries and cannot be undone — use it only for routine housekeeping on very old data.
- Click Purge Old (visible only to users with delete permission).
- Enter how many days of history to keep — a minimum of 7 days is enforced.
- Confirm to permanently delete every log entry older than that cutoff.
Every Field & Button, Explained
| Field / Button | What it does |
|---|---|
Total Logs | All-time count of every recorded audit entry. |
Today's Actions | Count of audit entries created so far today. |
Active Users (30d) | Number of distinct users who have appeared in the audit log in the last 30 days. |
Entity Types | Number of distinct entity categories (sale, product, customer, etc.) with activity in the last 30 days. |
Action filter | Restricts the table to one action type: CREATE, UPDATE, DELETE, LOGIN, LOGOUT, EXPORT, IMPORT, PRINT. |
Entity filter | Restricts the table to one entity type: sale, product, customer, user, inventory, expense, setting, report. |
From / To date filters | Bounds the table to a specific date range. |
Clear filters | Resets action, entity and date filters back to showing everything. |
Time column | Full timestamp of the action plus a relative "x ago" indicator. |
User column | The acting user's name and role, or "System" for automated actions. |
Action badge | Colour-coded label for the action type (e.g. green Create, blue Update, red Delete). |
Entity column | The type of record affected, shown as a small capsule. |
Description column | Human-readable summary of what happened, plus a truncated entity ID. |
IP Address column | The network address the action was performed from. |
Purge Old | Permanently deletes audit entries older than a chosen number of days (minimum 7); requires delete permission. |
Tips & Best Practices
- Check the Audit Log immediately after any unexpected data change — the Description and IP Address columns together usually make it obvious whether it was a genuine user action or something to investigate further.
- Use the "Most Active Users" panel periodically as a light-touch way to notice unusual behaviour, such as a user account active at hours they don't normally work.
- Only purge logs you are confident you no longer need for compliance or dispute resolution — purging is permanent and cannot be reversed.
Troubleshooting & FAQ
I don't see the Purge Old button.
The action/entity breakdown charts look empty.
Can I edit or delete a single audit entry?
Why don't I see this page in the sidebar?
🧑💻 Developer Notes
Source component(s):
frontend-app/packages/pos-react-lib/src/pages/AuditTrailPage.jsx
Backend endpoints used:
GET /audit/summaryGET /auditDELETE /audit/purge?days=
Related tables (db-core repositories):
AuditLog (best-effort — action, entity, entityId, description, userId, ipAddress, createdAt)
Redux slices:
scopeSlice (selectCurrentScope / getScopeQueryParams)
Feature flag key: audit (requires advanced plan tier or above)
A closely related but separate page, AuditSecurityReportsPage.jsx, offers five deeper security-focused report tabs on top of the same underlying audit data: User Activity Log, Deleted Invoices, Modified Invoices, Price Overrides, and a Failed Login Report (with a "Top Suspicious IPs" panel). It is reached from the Reports area rather than this Admin sidebar item, but shares the same /audit and dedicated /audit-security-reports/* endpoints and is worth checking when this page's general log needs a sharper, invoice- or security-specific lens.