Audit Logs
A chronological record of every significant action taken in your Hygate workspace.
Overview
Audit logs create an immutable record of system activity. They support security investigations, compliance requirements, change management, and operational troubleshooting.
What's Logged
| Category | Examples | |---|---|---| | Authentication | Login, logout, failed login, password change, password reset | | 2FA | TOTP setup, email OTP sent, 2FA method changed | | User Management | User invited, role changed, user deactivated, user deleted | | Integrations | TTLock credentials updated, Shelly auth key changed, Stripe keys updated | | Door Operations | Door added, door deleted, door status changed, QR code regenerated | | Device Operations | Device added, device deleted, relay turned on/off, maintenance mode toggled | | Session Management | Session started, session force-ended, session marked failed, session recovered | | Settings | Branding updated, security policy changed, global defaults modified |
Reading a Log Entry
Each entry shows:
| Field | Description |
|---|---|
| Action | Human-readable description (e.g., "Updated Stripe secret key") |
| User | Email of the user who performed the action |
| Timestamp | When the action occurred (formatted: "07 May 2026, 14:32") |
| Entity | The type of object affected (e.g., "StripeConfig", "Door", "User") |
| Entity ID | The ID of the affected object |
| Details | Expandable JSON with the full context of the change |
Example Log Entry
Action: Door status changed to Maintenance Mode
User: admin@company.com
Timestamp: 07 May 2026, 14:32
Entity: Door
Entity ID: clx123abc
Details: [Expandable JSON]
Details (Expanded JSON)
{
"doorId": "clx123abc",
"doorName": "Main Entrance",
"previousStatus": "ACTIVE",
"newStatus": "MAINTENANCE",
"changedBy": "admin@company.com",
"ipAddress": "192.168.1.42"
}
Filtering Logs
| Filter | Description |
|---|---|
| Action type | Filter by category (e.g., all door operations) |
| Date range | View logs from a specific time period |
Key Events to Monitor
Security-Critical Events
| Event | What It Indicates |
|---|---|
User login from new device | Potential account compromise |
Failed login attempt | Brute force attack |
2FA method changed | Account takeover attempt |
Security settings modified | Policy relaxation |
Stripe keys updated | Credential rotation or compromise |
User deactivated | Access revocation |
Operational Events
| Event | What It Indicates |
|---|---|
Relay turned on | Session started |
Relay turned off | Session ended |
Maintenance mode enabled | Equipment taken offline |
Session force-ended by admin | Manual intervention |
Door status changed | Operational mode change |
Integration Events
| Event | What It Indicates |
|---|---|
TTLock credentials verified | Integration active |
Shelly connection test failed | Connectivity issue |
Stripe webhook received | Payment activity |
Session recovered on startup | Server restart or failure |
Structured Logging
Hygate uses structured JSON logging for machine-readable events. Key events include:
| Event | When It Fires |
|---|---|
payment_confirmed | Stripe webhook receives payment confirmation |
duplicate_payment_ignored | Webhook received for already-processed payment |
session_start_requested | Session creation requested |
shelly_on_requested | Relay ON command sent to Shelly |
shelly_on_success | Relay ON confirmed |
shelly_on_failed | Relay ON command failed |
session_activated | Session fully started (relay ON confirmed) |
session_expired | Session timer reached zero |
shelly_off_requested | Relay OFF command sent |
session_ended | Session completed normally |
session_interrupted | Session cancelled early |
startup_recovery | Startup recovery action performed |
reconciliation | Periodic reconciliation result |
force_off_by_admin | Admin forced relay OFF |
Compliance Benefits
Audit logs support compliance with common regulations:
| Benefit | Description |
|---|---|
| Access auditing | Know who accessed the system, when, and from where |
| Change history | Track every configuration change with before/after state |
| Incident reconstruction | Replay the sequence of events leading to an issue |
| Regulatory evidence | Provide audit evidence for compliance audits |
| Security monitoring | Detect suspicious patterns in user behavior |
Retention
Audit logs are retained as long as the database is maintained. Contact your hosting provider for data retention policies.
Role Permissions
| Action | Administrator | Operator |
|---|---|---|
| View audit logs | Yes | No |
| Export audit logs | Yes | No |
Operators do not have access to audit logs. This prevents operational staff from viewing sensitive security events.