System Logs

Every meaningful action in Aeglero (successful logins, failed logins, viewing a patient record, editing a chart, discharging a patient, creating a role, exporting data, even checking the audit log itself) writes an entry to your facility's audit log. Each entry captures the user who did it, their IP address, the exact action, the resource it touched (like 'patient/PT-009' or 'careteam/12'), whether it succeeded or failed, the UTC timestamp, and a human-readable description that often includes a diff (e.g., 'added permission: patients.acuity; removed: archive.export'). Logs are per-facility, so your data never mixes with another clinic's.

This is the part most EMRs don't have. Every audit log entry stores a SHA-256 hash of its own contents combined with the hash of the previous entry, forming an unbroken cryptographic chain. If anyone, including a database administrator with direct table access, modifies, inserts, or deletes a past row, every subsequent hash becomes invalid and the tampering is mathematically detectable. A built-in Verify endpoint walks the entire chain for your facility and reports either INTACT (everything matches) or TAMPERED (with the specific row IDs that don't add up). The verification action itself is logged, so even integrity checks leave an audit trail. This satisfies the ONC §170.315(d)(2) tamper-resistance requirement that most EMRs handwave around.

Open System Logs from your administration menu (gated by the System Logs permission) and filter the entire log stream by any combination of user, one or more action types, success vs failure, date range, or a resource substring. The resource-substring filter is especially useful for HIPAA investigations: type a patient code like PT-009 and you'll see every event involving that record across every user and every day. Results are keyset-paginated for fast scrolling through tens of thousands of entries without hitting the database hard. Each row shows the timestamp, the username, the action, the resource it touched, the status, the IP address, and the descriptive detail.

Above the searchable log table, Aeglero shows a live security stats panel for the current day: how many successful logins, how many failed login attempts, how many unauthenticated request attempts (401s), how many unauthorized actions blocked by the permission system (403s), how many server errors (500s), and how many sessions are currently active. This gives you an at-a-glance pulse on whether anything unusual is happening (a sudden spike in failed logins, an authenticated user repeatedly hitting 403s, or a flood of 500s) without having to run a query first.

When an outside auditor, accreditation surveyor, or compliance officer needs records, apply your filters (user, action, date range, status) and click Export. Aeglero generates a timestamped CSV containing every matching entry along with both hash columns (entry_hash and prev_hash), which means the recipient can run their own chain verification on the export, independently of your system, to confirm nothing was tampered with before delivery. Exports are capped at 50,000 rows per file (with a clear truncation header if you hit the limit), and the export action itself is logged with the exact filters used and the row count, so there's a permanent record of who pulled which data when.