FWCloud-UI

# Audit logs

FWCloud stores an audit trail of mutating operations performed through the application. Each entry keeps the timestamp, the user, the session identifier, the source IP address, the affected FWCloud, firewall or cluster, the API call, and a short human-readable description.

Read-only requests are not registered in this panel. Sensitive values such as passwords, tokens, API keys, cookies, and authorization headers are redacted before the audit entry is stored.

# Opening the audit log viewer

You can open the audit log panel from several places in the interface:

  • From the main FWCloud screen, click the blue book icon in the top toolbar to open the global audit log viewer.

ALT

  • From the FWCloud list, open the cloud menu and select Logs to show the entries related to the selected FWCloud.

ALT

  • From the firewall or cluster context menu, select Audit logs to show the entries related to that object.

ALT

When the panel is opened from a FWCloud, firewall, or cluster, the corresponding filter is prefilled and the query remains scoped internally by the numeric object identifier. This avoids mixing entries from other objects that may have the same name.

ALT

# Filtering and navigation

The audit log panel provides the following filters:

  • From timestamp
  • To timestamp
  • User name
  • Session ID
  • Source IP
  • FWCloud
  • Firewall
  • Cluster

FWCloud, firewall, and cluster filters accept either the object name or its numeric identifier. In the results table these objects are displayed with their name and ID, for example Production FW (10).

ALT

The table uses server-side pagination, so the filters are applied directly in FWCloud-API. The selected rows-per-page value and the last filters used are kept in the browser, so they are restored the next time the panel is opened.

# Latest post-install logs

From the firewall and cluster context menus you can also open Latest post-install logs. This uses the same audit log panel, but it preloads the From timestamp filter with the latest installation date of the selected firewall or cluster.

ALT

If the object has never been installed, FWCloud uses its creation date as the initial reference instead. This view is useful to review the changes made after the last deployment.

# Downloading and permissions

The Download button exports the currently displayed rows to a JSON file. This is useful for external review, incident analysis, or sharing a filtered subset of the audit trail.

Administrators can query the complete audit log dataset. Non-administrator users can only see entries associated with their own user or current session.

If internal audit logging is enabled on the server, this same panel can also show background events generated by internal processes such as archivers, workers, and import tasks.

To configure how long audit entries remain in the live database and archive files, visit Audit log history archiver .