SecureAI records user activity across the platform — logins, conversations, file uploads, model usage, and administrative actions. This guide covers how to view audit logs, export activity data, and use these tools for compliance reporting in your automotive aftermarket organization.
Why Audit User Activity?
Automotive aftermarket organizations using SecureAI may need to track user activity for several reasons:
- Compliance requirements — industry regulations or internal policies that require logging who accessed what data and when.
- Usage accountability — understanding which team members are using the platform, how frequently, and for what purposes.
- Security investigations — tracing activity after a suspected unauthorized access or policy violation.
- Cost management — correlating usage patterns with API costs across models and departments.
Accessing the Audit Log
Audit logs are available to administrators in the OpenWebUI admin panel.
- Log in to SecureAI with an administrator account.
- Navigate to Admin Panel > Settings > Audit Log (or Admin Panel > Activity Log depending on your version).
- The log displays a chronological list of events with timestamps, user identities, and action types.
What Gets Logged
SecureAI records the following event types:
| Event Type | What It Captures |
|---|---|
| Authentication | Login attempts (successful and failed), logouts, password changes, SSO events |
| Conversations | New conversation created, model selected, conversation deleted |
| File operations | Document uploads, file deletions, knowledge base modifications |
| Model usage | Which model was used per conversation, token counts, API calls |
| Administrative actions | User creation/deletion, role changes, settings modifications, API key generation |
| System events | Configuration changes, integration connections, scheduled task execution |
Filtering the Audit Log
Use the filter controls at the top of the audit log to narrow results:
- Date range — select a start and end date. For compliance reports, match your reporting period.
- User — filter by specific user account to see all activity from one person.
- Event type — show only authentication events, file operations, or other specific categories.
- Search — free-text search across event descriptions.
Example: To see all failed login attempts in the last 30 days, set the date range to the past month, filter by event type "Authentication", and search for "failed".
Exporting Activity Data
For compliance reporting or offline analysis, you can export audit log data.
Export From the Admin Panel
- Navigate to the audit log view.
- Apply any filters you need (date range, user, event type).
- Click Export (or Download) in the top-right corner of the log view.
- Choose your format:
- CSV — for spreadsheet analysis in Excel or Google Sheets. Best for sharing with non-technical stakeholders.
- JSON — for programmatic processing or integration with SIEM tools. Preserves full event metadata.
Export via API
For automated or scheduled exports, use the SecureAI API:
# Export audit events for a date range
curl -X GET "https://your-secureai-instance/api/v1/auditlog?from=2026-03-01&to=2026-03-18" \
-H "Authorization: Bearer $API_TOKEN" \
-H "Content-Type: application/json" \
-o audit-export.json
Parameters:
from/to— ISO 8601 date rangeuser— filter by user ID (optional)event_type— filter by event category (optional)limit/offset— pagination for large result sets
Scheduling Regular Exports
For organizations that require periodic audit reports:
- Use a cron job or scheduled task to call the API export endpoint on a regular cadence (weekly, monthly).
- Store exports in a secure, append-only location outside SecureAI for retention compliance.
- Consider forwarding events to your organization's SIEM (Splunk, Elastic, etc.) for centralized monitoring.
Compliance Reporting
Building a Compliance Report
A typical compliance report for SecureAI usage includes:
- User access summary — who has access, when they last logged in, role assignments.
- Usage statistics — number of conversations, queries by department, models used.
- Data handling — files uploaded, documents accessed, knowledge base queries.
- Security events — failed login attempts, permission changes, API key rotations.
- Data retention status — what data is retained, for how long, and deletion records.
Step-by-Step: Monthly Compliance Report
- Export the full audit log for the reporting period (see export instructions above).
- Pull the user roster: Navigate to Admin Panel > Users and export the current user list.
- Cross-reference access: Compare active users against your organization's authorized user list. Flag any discrepancies.
- Summarize usage by department: Group conversations and model usage by user role or department. Most spreadsheet tools can pivot on the CSV export.
- Flag security events: Filter for failed logins, role changes, and API key events. Document any that required follow-up.
- Note data retention actions: If data retention policies triggered automatic deletions during the period, include those records. See the "Configuring Data Retention Policies" article for retention setup.
- Archive the report: Store the completed report per your organization's record-keeping requirements.
Common Compliance Frameworks
SecureAI audit capabilities support common compliance needs in the automotive aftermarket:
| Framework / Requirement | Relevant Audit Data |
|---|---|
| SOC 2 Type II | Authentication logs, access controls, change management events |
| GDPR / CCPA | Data access logs, deletion records, consent tracking |
| Internal IT policy | Usage reports, failed login monitoring, API key lifecycle |
| Customer data agreements | File upload/deletion logs, conversation data handling records |
Best Practices
Log Retention
- Keep exports beyond the platform's retention window. SecureAI's built-in audit log has a configurable retention period. Export and archive before records age out.
- Store exports in immutable storage (write-once, read-many) for audit defensibility.
Access Control for Audit Data
- Limit audit log access to administrators and compliance staff. Audit logs contain user activity details that are sensitive.
- Use separate API tokens for audit export automation. Do not reuse tokens that have broader permissions.
Monitoring and Alerting
- Set up alerts for suspicious patterns: multiple failed logins from the same account, logins from unusual IP ranges, or bulk file deletions.
- Review audit logs regularly — do not wait for a compliance audit to look at them for the first time.
Documentation
- Document your audit process. Write down what you export, how often, where you store it, and who reviews it. This documentation is itself a compliance artifact.
- Keep a log of who accessed the audit logs. Some compliance frameworks require this level of traceability.
Troubleshooting
Audit log shows no events
- Verify you are logged in as an administrator. Standard users cannot access the audit log.
- Check that audit logging is enabled in Admin Panel > Settings. Some deployments may have logging disabled by default.
Export is missing expected events
- Confirm your date range filter covers the time period in question.
- Events are logged in UTC. If your local timezone differs, adjust the date range accordingly.
- Some events may take a few minutes to appear in the log after they occur.
Large exports time out
- Use the API with pagination (
limitandoffsetparameters) to fetch data in batches. - Narrow the date range to smaller intervals and combine the results.
Related Articles
- Configuring Data Retention Policies — set retention windows and automatic deletion rules
- Content Filtering and Safety Settings — manage what content users can access
- Setting Up IP Allowlisting for Enterprise Access — restrict access by network