Audit Logging & Compliance
ChainLaunch Pro includes comprehensive audit logging for compliance, security monitoring, and troubleshooting. This guide covers how to use audit logs, configure logging, and generate compliance reports.
Overview
The audit logging system tracks:
- User Actions - Who did what, when, and from where
- Resource Changes - Before/after snapshots of modifications
- Permission Changes - Role and permission assignments
- System Events - Backups, restores, deployments
- Security Events - Authentication, authorization denials
- API Access - All API calls and their results
Audit Log Components
User Information
- User ID - Unique identifier for the user
- Username - User's login name
- Email - User's email address
- IP Address - Source IP of the request
- Session ID - Unique session identifier
Action Information
- Action Type - CREATE, READ, UPDATE, DELETE, EXECUTE, SIGN, etc.
- Resource Type - Network, Node, Key, User, etc.
- Resource ID - Unique identifier for the affected resource
- Resource Name - Human-readable name
- Timestamp - When the action occurred (UTC)
Change Details
- Before State - Previous values (for updates)
- After State - New values (for updates)
- Status - Success, Failed, Denied
- Error Message - Details if action failed
- Duration - Execution time in milliseconds
Request Information
- HTTP Method - GET, POST, PUT, DELETE, etc.
- Endpoint - API endpoint called
- Request ID - Unique request identifier for tracing
- User Agent - Client software information
- Response Code - HTTP status code (200, 403, 500, etc.)
Viewing Audit Logs
Via UI
Navigate to Audit Logs:
- Go to Settings → Audit Logs
- View recent activities with filtering options
- Click an entry to see full details
Filter By:
- User - Select specific user
- Action - CREATE, UPDATE, DELETE, EXECUTE, etc.
- Resource Type - Network, Node, Key, User, etc.
- Resource - Specific resource name
- Date Range - Custom time period
- Status - Success or Failed
Via API
Get Recent Audit Logs:
curl -X GET "http://localhost:8080/api/v1/audit-logs?limit=50&offset=0" \
-H "Authorization: Bearer YOUR_API_KEY"
Filter by User:
curl -X GET "http://localhost:8080/api/v1/audit-logs?user_id=user-123" \
-H "Authorization: Bearer YOUR_API_KEY"
Filter by Date Range:
curl -X GET "http://localhost:8080/api/v1/audit-logs?start_date=2024-01-01&end_date=2024-01-31" \
-H "Authorization: Bearer YOUR_API_KEY"
Filter by Action Type:
curl -X GET "http://localhost:8080/api/v1/audit-logs?action=NETWORK_CREATE" \
-H "Authorization: Bearer YOUR_API_KEY"
Get Full Event Details:
curl -X GET "http://localhost:8080/api/v1/audit-logs/{logId}" \
-H "Authorization: Bearer YOUR_API_KEY"
Audit Log Examples
Network Creation
{
"id": "audit-log-1",
"timestamp": "2024-01-15T10:30:00Z",
"user": "alice@example.com",
"action": "NETWORK_CREATE",
"resource_type": "network",
"resource_name": "prod-fabric-network",
"status": "success",
"details": {
"network_type": "fabric",
"orderer_count": 3,
"peer_count": 4
},
"ip_address": "192.168.1.100",
"user_agent": "Mozilla/5.0..."
}
Node Configuration Update
{
"id": "audit-log-2",
"timestamp": "2024-01-15T11:45:00Z",
"user": "bob@example.com",
"action": "NODE_UPDATE",
"resource_type": "node",
"resource_name": "peer-org1",
"status": "success",
"before": {
"cpu_limit": "4",
"memory_limit": "8Gi"
},
"after": {
"cpu_limit": "8",
"memory_limit": "16Gi"
},
"ip_address": "192.168.1.101"
}
Permission Denial
{
"id": "audit-log-3",
"timestamp": "2024-01-15T12:00:00Z",
"user": "charlie@example.com",
"action": "NETWORK_DELETE",
"resource_type": "network",
"resource_name": "prod-fabric-network",
"status": "denied",
"error_message": "User lacks NETWORK_DELETE permission",
"ip_address": "192.168.1.102"
}
API Key Revocation
{
"id": "audit-log-4",
"timestamp": "2024-01-15T13:15:00Z",
"user": "admin@example.com",
"action": "API_KEY_REVOKE",
"resource_type": "api_key",
"resource_name": "ci-cd-key",
"status": "success",
"reason": "Key expiration policy",
"ip_address": "192.168.1.100"
}
Audit Log Retention
Default Policy
- Active Logs: Last 90 days available in UI
- Archive: Logs older than 90 days automatically archived
- Compliance Backups: All logs included in system backups
Configuring Retention
Via Configuration File:
audit:
retention_days: 365 # Keep for 1 year
archive_interval_days: 30 # Archive after 30 days
backup_with_audit_logs: true # Include in backups
max_log_size_gb: 10 # Rotate when hitting size
Via API:
curl -X POST http://localhost:8080/api/v1/settings/audit \
-H "Authorization: Bearer YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"retention_days": 365,
"archive_after_days": 30,
"include_in_backups": true
}'
Generating Compliance Reports
Activity Report
Via UI:
- Go to Settings → Audit Logs
- Click Generate Report
- Select Activity Report
- Choose date range
- Click Generate and download CSV
Via API:
curl -X POST http://localhost:8080/api/v1/reports/activity \
-H "Authorization: Bearer YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"start_date": "2024-01-01",
"end_date": "2024-01-31",
"format": "csv"
}' \
--output activity-report.csv
User Access Report
Via UI:
- Go to Settings → Audit Logs
- Click Generate Report
- Select User Access Report
- Choose user (or all users)
- Click Generate and download
Via API:
curl -X POST http://localhost:8080/api/v1/reports/user-access \
-H "Authorization: Bearer YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"user_id": "user-123",
"start_date": "2024-01-01",
"end_date": "2024-01-31",
"format": "pdf"
}' \
--output user-access-report.pdf
Permission Changes Report
Track all RBAC modifications:
curl -X GET "http://localhost:8080/api/v1/audit-logs?action=permission_changed&days=30" \
-H "Authorization: Bearer YOUR_API_KEY"
Security Events Report
Identify authentication failures and denied actions:
curl -X GET "http://localhost:8080/api/v1/audit-logs?status=denied&days=30" \
-H "Authorization: Bearer YOUR_API_KEY"
Compliance Certifications
ChainLaunch Pro audit logging supports compliance with:
SOC 2 Type II
- ✅ Access controls logging
- ✅ Change management tracking
- ✅ User activity monitoring
- ✅ Audit log retention (configurable up to 7 years)
- ✅ Log integrity verification
HIPAA (Healthcare)
- ✅ Comprehensive audit trails
- ✅ User identification and authentication
- ✅ Access logs with timestamps
- ✅ Accountability for actions
- ✅ Data retention policies
GDPR (Data Protection)
- ✅ Data access logging
- ✅ Data deletion tracking
- ✅ Purpose limitation logging
- ✅ Consent tracking
- ✅ Right to audit compliance
PCI DSS (Payment Cards)
- ✅ User access tracking
- ✅ Administrative action logging
- ✅ Failed access attempt logging
- ✅ System logs retention
- ✅ Log protection mechanisms
FedRAMP (Government)
- ✅ Audit event types
- ✅ Audit trail generation
- ✅ Audit log protection
- ✅ Audit log retention
- ✅ Audit log analysis
Log Integrity & Security
Protection Mechanisms
- Write-Once Storage - Audit logs cannot be modified once created
- Integrity Verification - Cryptographic checksums prevent tampering
- Immutable Archive - Archived logs are read-only
- Access Control - Only authorized users can view logs
- Encryption - Logs encrypted at rest (AES-256)
- Backup Verification - Logs verified during backup/restore
Verification
Verify log integrity:
curl -X POST http://localhost:8080/api/v1/audit-logs/verify \
-H "Authorization: Bearer YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"start_id": "audit-log-1000",
"end_id": "audit-log-2000"
}'
Log Analysis Examples
Find All Network Changes in Last 7 Days
curl -X GET "http://localhost:8080/api/v1/audit-logs?resource_type=network&action=NETWORK_UPDATE&days=7" \
-H "Authorization: Bearer YOUR_API_KEY"
Find Failed API Calls
curl -X GET "http://localhost:8080/api/v1/audit-logs?status=failed" \
-H "Authorization: Bearer YOUR_API_KEY"
Find User Activity for Specific User
curl -X GET "http://localhost:8080/api/v1/audit-logs?user_id=user-123&days=30" \
-H "Authorization: Bearer YOUR_API_KEY"
Find All Deletion Events
curl -X GET "http://localhost:8080/api/v1/audit-logs?action=DELETE&days=90" \
-H "Authorization: Bearer YOUR_API_KEY"
Find Suspicious Activity (Multiple Failures)
curl -X GET "http://localhost:8080/api/v1/audit-logs?status=denied&limit=100" \
-H "Authorization: Bearer YOUR_API_KEY"
Best Practices
1. Regular Audit Review
- Weekly: Check for failed access attempts
- Monthly: Review permission changes
- Quarterly: Generate compliance reports
- Annually: Perform full security audit
2. Alert on Critical Events
Set up notifications for:
- User deletion
- Permission elevation
- Failed authentication attempts (>5 in 5 minutes)
- System configuration changes
- Network deletion
3. Separate Audit Admin Role
Create a dedicated audit administrator role with:
- Full audit log READ access
- Report generation permission
- No other operational permissions
4. Export and Archive
- Export logs regularly for long-term storage
- Archive to write-once storage for legal holds
- Maintain offline backups for disaster recovery
- Use cryptographic verification
5. Monitor for Anomalies
- Alert if user performs unusual actions
- Flag bulk deletions
- Detect unusual access times
- Monitor failed login attempts
Troubleshooting
Missing Audit Logs
- Check retention settings - Verify logs haven't been purged
- Check user permissions - Verify user has audit log access
- Check date range - Verify querying correct time period
- Check API key permissions - Ensure key includes
SYSTEM_MONITOR
Audit Log Export Fails
- Check disk space - Ensure sufficient storage for export
- Check network connectivity - If exporting to S3/GCS
- Check credentials - Verify cloud storage credentials
- Check file permissions - Ensure write permissions to export directory
Report Generation Slow
- Reduce date range - Query shorter time periods
- Filter results - Use specific action or resource type
- Archive old logs - Move logs older than 6 months to archive
- Check system load - Audit query may be resource intensive