Audit Log Management

Purpose

The purpose of this policy is to create, store, and analyse log files with the goal of detecting and responding to any suspicious or abnormal events that may occur within the organisation. It also allows for the prioritising, and remediating of any potential vulnerabilities in enterprise systems and software. The audit log management policy provides the processes and procedures for ensuring logs are created and properly analysed. This policy applies to all Evercam departments and critical assets.

Responsibility

The Engineering and BizOps departments are responsible for all log management functions. Specifically, administrators are responsible for configuring the correct devices to generate, store, and transmit logs. Assigned Team Leads are responsible for informing all users of their responsibilities in the use of any assets assigned to them, such as applying updates in a regular manner or restarting their systems. All Evercam assets are required to comply with this audit logging procedures.

Policy

Generation

Establish and document a company-wide strategy to manage and maintain an audit log process.
Review and update the strategy annually or upon significant change.
Specify log contents.
Enable audit logging on Evercam critical assets where practical.
Do not disable audit logs on Evercam critical assets.

Transmission

Procedures must be developed to move logs from Evercam critical assets to an audit log datastore.
Logging system (Engineering docs) details the procedures created to move logs from enterprise assets to a remote datastore.

Storage

All Evercam assets (servers, apps, edge devices) generate logs in json format locally.
Promtail is used to collect local logs from different sources (system, apps, files) and push them to logs data store. Loki, a log aggregator, ensures logs management, querying, storage, and retention, etc.
Sufficient storage space must be allocated for audit logs for the period of time required for analysis and retention.
Sufficient space must be allocated to store audit logs on all Evercam assets.
Sufficient space must be allocated to store audit logs on any centralised audit log datastore.

Review and Analysis

Respond to all high-severity events immediately, following the defined audit log management process.
Define audit log retention periods in accordance with the Evercam data management process.
General Retention & Availability:
- Logs are retained for a minimum of three (3) months.
- The most recent month's logs are immediately available for review and analysis.
- Logs from the previous two (2) months are archived.
Access and Integrity:
- Implement strict access controls to prevent unauthorised modification of audit logs.
- Logs, once stored, must be immutable (cannot be modified).
- The only authorised interface for querying general logs is Grafana (with implemented access control).
Specific audit logs (e.g., Camera logs) must be retained and available for the entire duration of the project they support. Access to these logs is limited to Evercam employees via the Evercam Admin.

Disposal

All audit logs must be stored for a period of time specified by the audit log management process.
Archived logs can be available for analysis.
Disposal of audit logs should be in accordance with the Evercam data management process.

Summary of Evercam Log management Systems

Log management system	Purpose (Use case)	Who reviews it (Teams)	Review process	Retention period
Grafana It is a platform for monitoring, visualisation, and alerting. It provides customisable dashboards that aggregate data from various sources. Loki It is a log aggregation system, enabling query-based analysis of logs. Prometheus It is a monitoring and alerting system designed for collecting time-series data from infrastructure and applications. Together, they ensure comprehensive observability, aiding in incident detection, response, and tracking.	App messages and logs Error logging Monitoring data like Battery readings. Data visualisation. Efficient Log Searching. Hardware monitoring and server metrics (data pulled from the edge)	Engineering/Backend Engineering/Devops Engineering/EdgeOps Ops/TechOps	Go to Grafana Daily checks for debugging/tracking. Automated alerts via internal channel messages and emails.	Loki 1 month in queryable state. Retained for 2 months as archives. Prometheus 15 days.
Sentry It is an application monitoring platform that tracks errors and performance issues in real-time. It offers detailed error logging, monitoring, and audit trails. It ensures efficient incident detection and resolution.	Error logging. Bug tracking. User experience across products. Loading metrics (in ms).	Engineering/QA Engineering/Frontend Engineering/Backend	Go to Sentry Daily checks for debugging by the different teams. Weekly reports created by the QA team to track user UX. Daily issues tracked by the Frontend/Backend teams using the analytics.	90 days basic metadata (like number of errors) are retained forever
Posthog It is a product analytics platform that provides insights into user behaviour through event tracking, session recordings, and feature flags.	Track Features/Products usage. Monitor user actions/clicks. Analyse user behaviour. Improve the products based on tracked data.	Product Engineering CS Sales	Go to Posthog Daily checks by the different teams. Reports created for user activity based on clients requests. Custom analytics dashboards based on internal/external use cases.	7 years based on our current tier.

Log management system

Purpose (Use case)

Who reviews it (Teams)

Review process

Retention period

Grafana

It is a platform for monitoring, visualisation, and alerting. It provides customisable dashboards that aggregate data from various sources.

Loki

It is a log aggregation system, enabling query-based analysis of logs.

Prometheus

It is a monitoring and alerting system designed for collecting time-series data from infrastructure and applications.

Together, they ensure comprehensive observability, aiding in incident detection, response, and tracking.

App messages and logs

Error logging
Monitoring data like Battery readings.
Data visualisation.
Efficient Log Searching.
Hardware monitoring and server metrics
(data pulled from the edge)

Engineering/Backend
Engineering/Devops
Engineering/EdgeOps
Ops/TechOps

Go to Grafana

Daily checks for debugging/tracking.
Automated alerts via internal channel messages and emails.

Loki

1 month in queryable state.
Retained for 2 months as archives.

Prometheus

15 days.

Sentry

It is an application monitoring platform that tracks errors and performance issues in real-time.

It offers detailed error logging, monitoring, and audit trails.

It ensures efficient incident detection and resolution.

Error logging.
Bug tracking.
User experience across products.
Loading metrics (in ms).

Engineering/QA
Engineering/Frontend
Engineering/Backend

Go to Sentry

Daily checks for debugging by the different teams.
Weekly reports created by the QA team to track user UX.
Daily issues tracked by the Frontend/Backend teams using the analytics.

90 days
basic metadata (like number of errors) are retained forever

Posthog

It is a product analytics platform that provides insights into user behaviour through event tracking, session recordings, and feature flags.

Track Features/Products usage.

Monitor user actions/clicks.
Analyse user behaviour.
Improve the products based on tracked data.

Product
Engineering
CS
Sales

Go to Posthog

Daily checks by the different teams.
Reports created for user activity based on clients requests.
Custom analytics dashboards based on internal/external use cases.

7 years based on our current tier.

—————————————————————

Created by: Compliance Manager (ISMS team)

Creation date: 17.02.2023

Last modification date: 27.11.2025

Document approver: Chief Technology Officer