Introducing Audit Logs in Appsmith Business
Ideal conditions
You have “Eye Of The Tiger” playing in the background, “Carpe Diem” on your wall in the foreground, dark coffee in hand, game face on your, er, face starting at your friendly Appsmith log-in screen. You log in with confidence, your app loads up in a jiff, and you get to your day with a bias toward action.
Seize the day.
For non-ideal conditions—your speaker conked, your coffee ran, “Carpe Diem” was droopy, your Appsmith app showed an ugly “Resource not found” error—, you now have Audit Logs.
What Audit Logs are
An immutable history of user-generated events in your Appsmith instance—yes, instance—, Audit Logs help instance admins track changes to workspaces, apps, pages, datasource, queries, and JS Objects.
A much needed improvement to known workarounds, Audit Logs now offer a central interface to see activity filtered by users, resources, and time.
For all the context you need to decode an event, each log line offers you five key pieces of info as shown below.
{
"event": "query.executed",
"timestamp": "17/11/2022, 18:17:46",
"resource": {
"id": "63762d6654553a32c2397d63",
"type": "Query",
"name": "getCustomers",
"executionStatus": "success",
"responseTime": 404,
"responseCode": ""
},
"page": {
"id": "63762d6654553a32c2397d61",
"name": "Page1"
},
"application": {
"id": "63762d6654553a32c2397d5f",
"name": "Customer Support Dashboard (1)",
"visibility": "private",
"mode": "edit"
},
"workspace": {
"id": "63762d3554553a32c2397d3d",
"name": "new-user-612ds459683's apps"
},
"user": {
"id": "63762d3554553a32c2397d3b",
"email": "new-user-612ds459683@tanvibhakta.in"
},
"metadata": {
"appsmithVersion": "v1.8.8"
},
"id": "63762d7254553a32c2397d6d"
}
When Audit Logs help most
While just looking at log lines scroll up and out of view is a great reason, we built the feature for the top three use cases we heard from all of you.
Debugging
Your group Inbox filling up with end-user complaints about your app not loading? Probably a bad query that was recently introduced or a change that broke a connection to the datasource, so hop over to Audit Logs, filter by query.executed
or datasource.updated
and correlate to end-user and app developer actions to quickly RCA the perp.
Incident management
With filters for app-specific activity like app.deleted
and the context you need per log line, you can now hold users accountable to breaking actions. Combined with Granular Access Controls, you can limit the scope of damage to approved users and groups for now and the future.
Security and compliance
While Granular Access Controls go a long way in perimeter and inside-out security, your apps are only as secure as your monitoring of potentially dangerous events like instance_setting.updated
. Set overwatch for those events, roll back changes, and inform downstream action with contexts for who, what, and when.
What’s next for Audit Logs
We don't have anything planned for broken speakers or droopy mottos on walls, but besides adding to the library of tracked events, we are rolling out updates to Audit Logs that will let you,
Export them out to compliance tools so you can get ready all-checks-passed reports on-demand
Configure retention periods in line with compliance policies for your industry and geography
Stream them to monitoring tools like DataDog or Splunk for real-time monitoring and alerts
Let us know which you would like us to prioritize and if there’s more we could add to our immediate roadmap. But first, try out Audit Logs on Appsmith Business and see non-ideal situations turn into, “Phew! Not so bad.”