Audit Logs
Track all administrative actions. User creation/modification, tenant changes, role updates, system setting changes, sync operations. Filter by date, user, action. Superadmin-only.
Audit Logs
Audit logs record all administrative actions performed in CrystalQore. They provide accountability, compliance support, and troubleshooting history. Access to audit logs is Superadmin-only.
Overview
Every significant administrative action is logged:
- User operations — Create, edit, disable, delete
- Tenant operations — Create, edit, disable
- Role and permission changes — Role assignments, permission updates
- System setting changes — Configuration updates
- Sync operations — FusionPBX sync runs and results
- PBX instance changes — Add, edit, remove instances
- SMS and API client changes — Number assignments, campaign updates, API key creation
Accessing Audit Logs
- Log in as a user with the Superadmin role
- Navigate to Admin → Audit Logs
- View the log stream; use filters to narrow results
Only Superadmins can access audit logs. Standard Admins and Users cannot view this data.
Log Contents
Each audit log entry typically includes:
| Field | Description |
|---|---|
| Timestamp | When the action occurred |
| User | Who performed the action (user ID or email) |
| Action | What was done (e.g., "user.created", "tenant.updated") |
| Resource | Affected entity (e.g., user ID, tenant ID) |
| Details | Additional context (e.g., field changes, old/new values) |
| IP address | Client IP (if captured) |
Filtering
Use filters to find specific events:
- Date range — Start and end date/time
- User — Filter by who performed the action
- Action type — Filter by action category (user, tenant, role, settings, sync, etc.)
- Resource — Filter by affected resource (e.g., specific user or tenant)
Logged Events
User Events
user.created— New user account createduser.updated— User details modified (email, tenant, role, password reset)user.disabled— User account disableduser.enabled— User account re-enableduser.deleted— User account removed (if supported)
Tenant Events
tenant.created— New tenant createdtenant.updated— Tenant settings modifiedtenant.disabled— Tenant disabledtenant.enabled— Tenant re-enabled
Role and Permission Events
role.updated— Role or permission changed for a userpermission.updated— Module or widget permissions modified
System Events
settings.updated— System setting changed (e.g., application name, URL, API credentials, feature flags)encryption.updated— Encryption configuration changed
Sync Events
sync.started— FusionPBX sync initiatedsync.completed— Sync finished (with summary: users created/updated, etc.)sync.failed— Sync encountered errors
PBX and Integration Events
pbx.added— PBX instance addedpbx.updated— PBX instance modifiedpbx.removed— PBX instance removedsms.number.assigned— SMS number assignedapi_client.created— API client/key created
Retention
Audit log retention is configurable via Retention Policies. Retain logs long enough for compliance and forensics. Many organizations keep audit logs for 1–7 years depending on regulatory requirements.
Compliance
Audit logs support compliance with:
- GDPR — Track access and changes to personal data
- HIPAA — Maintain audit trails for healthcare communications
- SOC 2 — Demonstrate access control and change management
- Internal policies — Enforce accountability for admin actions
Best Practices
- Review regularly — Spot unusual or unauthorized activity
- Set retention appropriately — Balance storage cost with compliance needs
- Export for archival — Consider exporting logs to long-term storage
- Protect log access — Limit Superadmin role to trusted personnel
Related Documentation
| Page | Description |
|---|---|
| Retention Policies | Configure audit log retention |
| User Management | User operations that are logged |
| Roles and Permissions | Role changes that are logged |