Audit logging

Access to all system components is traceable through automated audit trail logging. The platform backend implements a centralised audit middleware that wraps all externally accessible user endpoints.

Audit events are persisted in a dedicated logging service and also streamed to Datadog for centralised observability and incident response.

Automated Audit Middleware

All user-facing endpoints (auth-svc, broker-svc) are wrapped with the Audit or AuditWithDynamicOperation middlewares.

The middlewares capture:

User and organisation from the session
- In the case of an anonymous request, these details are only set if the user resolved as part of the request
IP address (via X-Forwarded-For)
Route pattern, method, and operation name

Log Persistence

Logs are structured as Audit records and written via RPC to the logger-svc
The logger service stores audit logs in a centralised database, enabling full reconstruction of user and system access.

Datadog Integration

Audit logs are also sent to Datadog using logrus.

Benefits:

Real-time activity monitoring
Centralized visibility and retention

Coverage & Traceability

Middleware is applied across all external endpoints.
Internal RPC traffic passes through services that enforce the same logging, ensuring end-to-end traceability.

Event Types

Audit trail entries are recorded for all system components with a clearly defined event type. Each audited action across services is assigned an explicit operation value representing the type of event (e.g., CreateUser, DeleteSession, UpdateWorkspace).

These event types are logged and persisted in a centralized audit trail system. The operation field can then be used as a searchable tag to trace activity across the system via either the logger-svc or Datadog.

Origination

Audit trail entries are recorded with information to identify the origination of each event. This includes capturing the user's IP address, identity and organization, and route that event was initiated on.

In all cases the audit middleware client’s IP address from the X-Forwarded-For header. If the user is authenticated the user and organization IDs are also stored.

Changes to Audit Logs

Audit Logs Are Automatically Generated

All audit trail entries are automatically generated via middleware and cannot be disabled or bypassed by users.
Logs Cannot Be Edited or Deleted

Audit logs are transmitted to the logging service and Datadog in real time, and no functionality exists to pause, stop, or modify audit log entries.
Any Logging Changes Require a Code Push

Any tampering with log infrastructure (e.g., disabling agents or muting middleware) would require a code or config change, would be visible in version control and would require peer review before being merged into the codebase.
Monitoring of Logging Infrastructure

The platform relies on centralised logging to Datadog. Any interruptions in logging (e.g., container failures) can be detected via Datadog log-based alerts.

Audit log sample output

{
  "level": "info",
  "msg": "",
  "time": "2025-04-11T11:45:23Z",
  "operation": "CreateUser",
  "route": "/api/v1/user/new",
  "routePattern": "/api/v1/user/new",
  "routeMethod": "POST",
  "ip": "192.0.2.42",
  "user": "2b65b3ef-a46c-4bf4-97cd-1591f08bddb2",
  "audit": true
}

Automated Audit Middleware​

Log Persistence​

Datadog Integration​

Coverage & Traceability​

Event Types​

Origination​

Changes to Audit Logs​

Audit log sample output​