Back to Learning Center

System Logs

How Aeglero's audit log system works: comprehensive event logging, a tamper-evident SHA-256 hash chain, and CSV exports that include the chain hashes so any outside auditor can verify integrity independently.

How Audit Logging Works in Aeglero

Every meaningful action in Aeglero (successful logins, failed logins, viewing a patient record, editing a chart, discharging a patient, creating a role, exporting data, even checking the audit log itself) writes an entry to your facility's audit log. Each entry captures the user who did it, their IP address, the exact action, the resource it touched (like 'patient/PT-009' or 'careteam/12'), whether it succeeded or failed, the UTC timestamp, and a human-readable description that often includes a diff (e.g., 'added permission: patients.acuity; removed: archive.export'). Logs are per-facility, so your data never mixes with another clinic's.

Tamper-Evident Hash Chain

This is the part most EMRs don't have. Every audit log entry stores a SHA-256 hash of its own contents combined with the hash of the previous entry, forming an unbroken cryptographic chain. If anyone, including a database administrator with direct table access, modifies, inserts, or deletes a past row, every subsequent hash becomes invalid and the tampering is mathematically detectable. Aeglero can run a full chain verification for your facility on request and produce a report identifying any broken entries. The verification action itself is logged, so even integrity checks leave an audit trail. The hash columns are also included in every CSV export, so an outside auditor can independently verify the chain on the file you give them. This satisfies the ONC §170.315(d)(2) tamper-resistance requirement that most EMRs handwave around.

System Logs in Action

A tour of the System Logs page — the daily security pulse, filtering by user or patient, the cryptographic hash chain underneath every entry, and CSV export with chain hashes that any outside auditor can verify independently.

Searching and Filtering Logs

Open System Logs from your administration menu (gated by the System Logs permission) and filter the entire log stream by any combination of user, one or more action types, success vs failure, date range, or a resource substring. The resource-substring filter is especially useful for HIPAA investigations: type a patient code like PT-009 and you'll see every event involving that record across every user and every day. Results are keyset-paginated for fast scrolling through tens of thousands of entries without hitting the database hard. Each row shows the timestamp, the username, the action, the resource it touched, the status, the IP address, and the descriptive detail.

Security Pulse Dashboard

Above the searchable log table, Aeglero shows a live security stats panel for the current day: how many successful logins, how many failed login attempts, how many unauthenticated request attempts (401s), how many unauthorized actions blocked by the permission system (403s), how many server errors (500s), and how many sessions are currently active. This gives you an at-a-glance pulse on whether anything unusual is happening (a sudden spike in failed logins, an authenticated user repeatedly hitting 403s, or a flood of 500s) without having to run a query first.

CSV Export for Auditors and Compliance Reviews

When an outside auditor, accreditation surveyor, or compliance officer needs records, apply your filters (user, action, date range, status) and click Export. Aeglero generates a timestamped CSV containing every matching entry along with both hash columns (entry_hash and prev_hash), which means the recipient can run their own chain verification on the export, independently of your system, to confirm nothing was tampered with before delivery. Exports are capped at 50,000 rows per file (with a clear truncation header if you hit the limit), and the export action itself is logged with the exact filters used and the row count, so there's a permanent record of who pulled which data when.