Audit Log Viewer (GUI)
The Audit Log Viewer provides a GUI for browsing, filtering, and verifying audit trail entries. It is accessible from the Dashboard via the Audit status tile by clicking View. The window title is "Audit Log Reports".
Opening the Audit Log Viewer
On the Dashboard, the Audit status tile shows a live summary of the audit trail including entry count and integrity status (green = OK, red = violations detected). Click View to open the full Audit Log Viewer.
Window Layout
The top row of the Audit Log Viewer is organized into three columns:
| Column | Section | Description |
|---|---|---|
| Left | Filters | Date range, user, action, app, and status filters with Apply and Refresh buttons |
| Center | Compliance Report | Start/end date pickers and a Generate Report button to produce an HTML compliance report directly from the viewer |
| Right | Info | Integrity check result and retention policy summary |
Below the top row, the Audit Entries DataGrid fills the remaining window area.
Filters
The Filters group on the left provides the following controls:
| Filter | Type | Description |
|---|---|---|
| Start Date / End Date | Date picker | Limits entries to the selected date range. Default: last 30 days. |
| User ID | Text field | Filters by user name or ID (partial match) |
| Action | Drop-down | Filters by audit action type: All, ExportStarted, ExportCompleted, ExportFailed, ImportStarted, ImportCompleted, ImportFailed, and others |
| App | Text field | Filters by application name using a contains search (case-insensitive). For example, entering "Fire" matches entries for "Firefox". |
| Status | Drop-down | Filters by result: All, Success, Failure |
Click Apply Filter to update the list, or Refresh to reload entries from disk without changing the filter settings. Both buttons are located below the filter controls.
Compliance Report
The Compliance Report group in the center column allows generating an HTML compliance report directly from the Audit Log Viewer:
| Control | Description |
|---|---|
| Start Date | Report period start. Default: first day of the previous month. |
| End Date | Report period end. Default: last day of the previous month. |
| Generate Report | Creates the report and opens it in the default browser. The file is saved in the ComplianceReports subfolder of the audit folder. |
A status text below the button shows the generated filename or any error message. The generated report is identical to the one produced by the CLI --generateComplianceReport command. See Compliance Reports for details on report contents.
Info Panel
The Info group on the right side displays two sections:
- Integrity — Shows the result of the hash chain verification. A green checkmark indicates all entries and files are valid. A red cross identifies the number and type of violations detected.
- Retention Policy — Shows the total number of audit files, their combined size, the date range of the oldest and newest file, and the configured archive period (default: 365 days).
Audit Entries Grid
The main area shows a sortable DataGrid with the following columns:
| Column | Description |
|---|---|
| Timestamp | Local time (converted from UTC) in yyyy-MM-dd HH:mm:ss format |
| Seq | Sequence number (monotonically increasing across all files) |
| User | The user who performed the action (Domain\Username) |
| Machine | Machine name where the action was executed |
| Action | The audit action (e.g. ExportCompleted, ImportFailed) |
| Apps | The application names that were processed (e.g. "Firefox, Chrome") |
| Status | Success or Failure (color-coded) |
| Duration | Operation duration (formatted as ms, s, m, or h) |
| Folders | Number of folders affected |
| Files | Number of files affected |
| Size | Total data size (formatted as B, KB, MB, GB) |
| RegKeys | Number of registry keys affected |
| RegVals | Number of registry values affected |
Entries are sorted by timestamp (newest first) by default. Click any column header to re-sort. Columns showing a dash (–) indicate that the count was not recorded for that entry (e.g. for actions like ExportStarted that precede the actual operation).
Entry Details Window
Double-click any row to open the "Audit Entry Details" window. It shows:
- Event Information — All fields from the selected entry (timestamp, sequence, user, machine, action, apps, details, status)
- Folders & Files tab — Shows a Folders section listing all folder paths and a Files section listing all file paths affected by the operation. Data is loaded from a per-entry JSON detail file stored in the
Audit\Detailssubfolder. The tab header shows the combined count (e.g. "Folders & Files (42)"). - Registry Keys & Values tab — Shows a Registry Keys section and a Registry Values section. The tab header shows the combined count (e.g. "Registry Keys & Values (15)").
- Error tab — Displays the full error message (only visible when the entry recorded a failure)
- Statistics — Six fields in a summary bar: Folders, Files, Data Size, Registry Keys, Registry Values, and Duration
If no detail file exists for an older entry, the tabs display "(No detailed information available)".
Summary Status Bar
The status bar at the bottom of the window shows aggregated statistics for the current filter selection: total entries, success count, failure count, export count, import count, and the number of unique users.