# Logging and Audit Logging

**Logging and audit logging** are critical components of security, compliance, and operational monitoring in ONEWEB.\
They provide visibility into system behavior, user activities, and potential security incidents, enabling organizations to detect issues, investigate events, and meet audit requirements.

ONEWEB implements **multi‑level logging** and supports **centralized log aggregation** for scalable and secure monitoring.

***

### Purpose of Logging & Audit Logging

Logging in ONEWEB is designed to:

* Record system and application events
* Track user actions and access activities
* Support incident investigation and forensics
* Enable compliance auditing and traceability
* Monitor system health and performance

Audit logging, in particular, ensures **accountability** by answering:

> *Who did what, when, and from where?*

***

### Logging Architecture in ONEWEB

#### Multi‑Level Logging

ONEWEB logging spans multiple levels across the platform, including:

* Application‑level logs
* Service and microservice logs
* Security and access‑related logs

In a **microservice‑based architecture**, ONEWEB uses the **ELK Stack (Elasticsearch, Logstash, Kibana)** for centralized logging and analysis.

***

### Logging Framework: Log4j

ONEWEB 4.0 uses **Log4j** as its primary logging framework.

Key characteristics:

* Log formatting patterns are defined in a **property file**
* Logging levels (INFO, WARN, ERROR, DEBUG, etc.) can be configured centrally
* Output file paths are configured via ONEWEB constants

#### Example: `log4j.properties`

<figure><img src="https://2015371994-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FMpDjHWFRUtZ5nJcSfVXd%2Fuploads%2FugLw8TPPimEyJTbWyFip%2Fimage.png?alt=media&#x26;token=71284089-a650-44b9-bb5a-3e13e41e7f8c" alt=""><figcaption></figcaption></figure>

*Figure: Example Log4j configuration file*

This configuration allows administrators to fine‑tune logging behavior without changing application code.

***

### Centralized Log Processing

ONEWEB uses centralized logging to ensure consistency and scalability.

The process includes:

* Filtering log entries to capture only relevant data
* Sending selected log data to a **central repository**
* Retaining logs according to operational or compliance needs

This approach avoids excessive log storage while preserving security‑critical information.

***

### Log Visualization & Analysis with ELK

Once logs are collected centrally, they can be visualized and analyzed using **Kibana**, part of the ELK Stack.

Capabilities include:

* Real‑time log searching and filtering
* Visualization of trends and anomalies
* Correlation of events across services
* Faster incident detection and root‑cause analysis

<figure><img src="https://2015371994-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FMpDjHWFRUtZ5nJcSfVXd%2Fuploads%2FgvMxGnlE1E9cmdnx5OYd%2Fimage.png?alt=media&#x26;token=ed83a348-acf4-4bec-9b6b-0fd8b6cbce88" alt=""><figcaption></figcaption></figure>

*Figure: Log monitoring and analysis using ELK*

***

### Audit Logging & Compliance

Audit logs are essential for:

* Security investigations
* Regulatory compliance
* Internal and external audits

Audit logging typically includes:

* Authentication and authorization events
* Role and permission changes
* Access to sensitive resources
* Administrative actions

These logs support **non‑repudiation**, ensuring that users cannot deny actions they performed.

***

### Best Practices for Logging & Audit Logging

* Enable detailed logging for authentication and access control events
* Protect log files from unauthorized access or tampering
* Define log retention policies aligned with compliance requirements
* Avoid logging sensitive data such as passwords or tokens
* Monitor logs continuously for suspicious behavior

***

### Summary

Logging and audit logging in ONEWEB provide the foundation for **security monitoring, compliance, and operational visibility**.

Key points:

* ONEWEB uses **Log4j** for configurable application logging
* Logs are centralized using the **ELK Stack**
* Audit logging ensures accountability and traceability
* Centralized visualization enables proactive security analysis

Together, logging and audit logging enable ONEWEB deployments to remain **secure, observable, and compliance‑ready** in enterprise environments.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.onewebstack.com/building-apps/security-and-compliance/logging-and-audit-logging.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.