Audit Logs

Monitor organizational operations, track resource changes, and audit user activity across Infralo.

Infralo provides a centralized, secure Audit Logs portal that records all administrative actions, resource modifications, and security events across your tenant organization.

Designed for security officers, platform administrators, and compliance auditors, Infralo's audit system provides full visibility into who did what, when, and from where, ensuring complete operational accountability.

Audited Resources

The audit system automatically tracks changes across all core platform resources:

  • Tenants: Organization settings, billing preferences, and tenant-level configurations.
  • Users: Onboarding, role adjustments, status deactivation, and deletions (see User Management).
  • Workspaces: Workspace provisioning, settings modifications, and deletions (see Workspaces).
  • Workspace Memberships: Inviting, updating roles, or removing users from individual workspaces.
  • LLMs: Adding new models to the global catalog, editing provider keys, or modifying rate limits (see Global Collection).
  • Workspace Models: Whitelisting global models or toggling model availability inside a workspace (see Workspace Collection).
  • Deployments: Creating virtual load balancers, adjusting fallback rules, or chaining pre/post-processing plugins (see Deployments).
  • Virtual API Keys: Generating, scoping permissions, expiring, or revoking API credentials (see Virtual API Keys).

Security & Data Redaction

To ensure compliance with corporate security standards, Infralo enforces at-the-source data redaction for sensitive fields.

Any column classified as containing secrets or sensitive information is automatically intercepted and replaced with a static [REDACTED] placeholder before it is written to the audit log. The plain-text values never appear in the database records or the UI.

Redacted Fields Reference

  • Users: Passwords and OIDC subject identifiers.
  • Global LLMs: Provider credentials and API keys.
  • Virtual API Keys: Gateway token hashes.

Severity Classifications

Audit events are classified into three severity levels to help administrators identify high-impact or potentially destructive actions quickly:

SeverityColorTriggering OperationsDescription
InfoBlueStandard creations and updates (e.g. Workspace created, Deployment updated).General operational adjustments that do not pose a security risk.
WarningOrangeModifications to sensitive security parameters (e.g., changing member roles, editing API permissions).Critical operations that alter permission boundaries or credentials.
DangerRedExplicit resource deletions (e.g. API Key deleted, Workspace deleted).High-impact actions resulting in the permanent removal of a resource.

User Interface & Workflows

Platform administrators can access the audit trail by navigating to Audit Logs in the sidebar.

1. Advanced Filtering

The filter bar allows you to quickly locate specific activities:

  • Resource & Action Filters: Filter by target entity types (e.g. Workspace, User, API Key) and operations.
  • Time Range Preset: Filter by Today, Last 7 Days, Last 30 Days, or select Custom Range... to pick a precise window using a date picker.

2. Audit Trail List

The list view displays the high-level forensic context of each event:

  • Date & Time: Exact timestamp of the operation in UTC.
  • Actor: The name and profile avatar of the user who performed the change. For system-driven tasks, the actor displays as System Worker or Anonymous.
  • Entity: The category of the resource touched (e.g., workspace_deployments).
  • Summary: A human-friendly description of the transition (e.g., Workspace Member invited, API Key name updated).
  • Source: Indicates where the request originated (typically App for dashboard changes).
  • Severity: The color-coded severity badge (Info, Warning, Danger).

3. Log Details Drawer

Clicking the View (Eye) icon next to any log row opens a detailed slide-out drawer providing granular inspection tools:

  • State Transitions: A before-and-after visual card comparison showing exactly which fields were modified. This view filters out system noise (like updated_at timestamps) to highlight only meaningful changes.
  • Traceability Metadata: Exposes the unique Entity ID, Request ID, and Transaction ID. These IDs can be copied to your clipboard to correlate database actions with gateway traces in the observability logs.
  • Raw Forensic Payload: An expandable console displaying the complete, raw JSON document of both the pre-change (Old State) and post-change (New State) database records.

SSO / OIDC Integration

Configure OpenID Connect (OIDC) Single Sign-On (SSO) to federate authentication and map provider claims to Infralo permissions.

On this page

Audited ResourcesSecurity & Data RedactionRedacted Fields ReferenceSeverity ClassificationsUser Interface & Workflows1. Advanced Filtering2. Audit Trail List3. Log Details Drawer