Overview

The Audit Log provides a tamper-evident record of all significant actions performed in Beeswax STP. This is a key requirement for OSF compliance and ATO Digital Service Provider registration.

What Gets Logged

The audit log captures:

  • User Authentication — logins, logouts, failed attempts, MFA events
  • Employer Changes — creating, updating, or deleting employers
  • Employee Changes — adding, modifying, or removing employees
  • Pay Event Actions — creating, editing, marking ready, and submitting pay events
  • API Access — all API token usage and mutations via the API
  • Security Events — MFA setup/disable, password changes, token creation/revocation

Audit Entry Details

Each log entry records:

  • Action — what happened (create, update, delete, login, submit, etc.)
  • User — who performed the action
  • Resource — what was affected (employer, employee, pay event, etc.)
  • Description — human-readable summary of the action
  • IP Address — the IP the action was performed from
  • User Agent — the browser or API client used
  • Timestamp — when the action occurred
  • Metadata — additional context (field changes, before/after values)

Viewing Details

Click on any audit log entry to see the full details, including:

  • The complete metadata JSON showing exactly what changed
  • Before and after values for update operations
  • Request details (IP, user agent)

Filtering

Use the filter bar to narrow the audit log by:

  • Action — filter by action type (create, update, delete, login, etc.)
  • Resource Type — filter by what was affected (Employer, Employee, PayEvent, etc.)
  • Employer — show events for a specific employer
  • Date Range — filter by start and end dates

Retention

Audit logs are retained for a minimum of 12 months as required by the OSF compliance framework. This ensures a complete audit trail is available for ATO review if required.

Important Notes

  • Audit logs are read-only — they cannot be edited or deleted
  • All entries include the originating IP address for traceability
  • API-initiated actions are logged with the token identifier
  • The audit log is essential for demonstrating compliance during ATO assessments