Skip to content

Audit Log Reference

The Audit Log records every significant action taken by ntkDeploy — profile changes, deployments, policy events, and system telemetry. It serves as the primary trail for compliance review, incident investigation, and operational monitoring.

Prerequisites

  • ntkDeploy running with at least one completed action (profile creation, deployment, etc.)
  • No special permissions are required to read the audit log.

Accessing the Audit Log

Navigate to Audit Log in the left sidebar. The view loads the most recent 50 entries automatically. Pull-to-refresh re-fetches the same limit from the local database.

The Audit Log view can also be embedded inline within other feature screens (for example, within a profile or device group detail view) where it is automatically pre-filtered to entries for that specific entity.

Recorded Event Types

Action key Triggered by Color
profile_created A new profile is saved for the first time Green
profile_updated An existing profile version is edited and saved Blue
assignment_created A new deployment assignment is created Orange
rollout_succeeded A deployment rollout completes successfully Green
rollout_failed A deployment rollout fails Red
profile_priority_changed The priority order of assignments is changed Grey (no dedicated color mapping in current implementation)
priority_changed Legacy alias handled by the display layer for backward compatibility Purple
policy_capabilities_check Policy capabilities check ran (system telemetry) Grey
policy_connectivity_gate Policy connectivity gate failure or error outcome (system telemetry — ready and unavailable outcomes are not persisted) Grey
(other) Any other system event Grey

Entry Structure

Each audit log entry contains the following fields:

Field Description
Action One of the action keys listed above
Entity Type The type of entity affected (e.g., profile, assignment, rollout)
Entity ID The unique identifier of the affected entity
Actor The user or system component that triggered the action
Occurred At UTC timestamp in yyyy-MM-dd HH:mm:ss format
Metadata Optional structured details specific to the action (e.g., failure code, old/new values)

Audit Log UI

Row Layout

Column Content
Leading icon Color-coded action type indicator
Title Human-readable action label
Subtitle line 1 entityType/entityId
Subtitle line 2 By: <actor> • <timestamp>

Rows are three-line tiles. The list renders all loaded entries without pagination in the current implementation.

Filtering

The Audit Log view supports two optional filter parameters:

Parameter Effect
entityType Supplied together with entityId to scope the view to a specific entity
entityId Supplied together with entityType to scope the view to a specific entity

The entity filter is active only when both entityType and entityId are provided. Supplying entityType alone does not filter entries. When neither parameter is set, the view shows the most recent 50 entries across all entity types (the repository default limit). No additional in-UI filter controls (date range, text search) are available in the current release.

Refreshing

Pull down on the list to trigger a refresh. The view re-fetches entries from the local database.

Storage and Retention

Property Value
Storage engine Local SQLite (Drift) — no cloud dependency
Location Application data directory on the Windows device running ntkDeploy
Retention Entries are not automatically purged; manual deletion is not exposed in the UI
Scope All audit entries are local to the machine and environment where ntkDeploy runs

Note: Exporting the audit log to CSV or JSON is not available in the current release.

Audit Events Generated by Preflight

Policy preflight and connectivity gate transitions are also recorded in the audit log as telemetry events. For details on these event types see Deployment Preflight Reference.

Next Steps