Review the audit log

Preview

This page documents a feature that is live in production but still under active UI polish. Screenshots are placeholders until the Phase 1 capture pass completes.

The audit log is the first place to look when something has changed and you want to know who changed it. Entries are immutable — no admin, including the Owner, can edit or delete an entry. Retention is 90 days; entries older than that are purged by a background job. Export what you need for compliance before the window closes.

Caution

The audit log only records state-changing actions (create, update, delete, role change, password change, session revoke, etc.). It does not record read activity — you cannot use it to prove that a given user watched a given camera. If you need watch-history, that is a v2 feature.

Procedure

1. Open Admin → Audit Log from the left nav.

2. Apply one or more filters from the filter bar:
   • Actor — the user (or service account) who performed the action
   • Target type — user, site, camera, gateway, alert_rule, webhook, etc.
   • Action — for example user.role_changed, camera.deleted, webhook.secret_rotated
   • Date range — start date and end date

3. Click a row to expand the changes diff. Before-and-after values appear as JSON; password-like fields are replaced with a redaction marker.

4. Scroll with the cursor-paginated Next / Previous controls. Each page holds 20 entries by default.

5. If you need a permanent record, click Export CSV. The export contains every row that matches your current filters — watch the filter set before you click.

Common variations

• Compliance evidence pack: filter to the time window your auditor asked for, export CSV, keep the file in your compliance vault. NovaVMS retains only 90 days internally.
• Investigate a specific user: filter by that user as actor. Widen the date range to cover their whole tenure if you suspect long-running abuse.
• Platform support session review: filter by action platform.impersonation_started or look for the Platform Support badge on the actor column. See Five-role RBAC for how platform admins reach an org.

If this didn’t work

• If the Audit Log page is missing from the left nav, your role is Operator or Viewer. Audit log access is Admin/Owner only.
• If no rows appear even with filters cleared, your filter Date range may be set to a window that predates your org. Clear the filter and try again.
• If an entry you expected is not present, the action may not be audited (reads, for example, are never logged). Check Audit log actions for the full list of what gets recorded.

Related

• Audit log actions — every action name and what it means
• Roles and permissions
• Five-role RBAC
• Governance vs operations