• Toll-free  888-665-8637
  • International  +1 717-220-0012
Welcome Guest! To enable all features please Login or Register.

Notification

Icon
Error

avmwebguy
#1 Posted : Monday, March 3, 2008 1:20:07 PM(UTC)
avmwebguy

Rank: Member

Joined: 1/24/2008(UTC)
Posts: 60

Audit Log for the Admin Section.


1. Logs every action done by admins (For Example: Actions, like Saving a Product/Category, Deleting a Customer Order, or Changing a customer's password, etc) with date and time.
2. Logs are Protected, and *cannot* be deleted manually from the site (which excludes those that have direct access to the database)
3. Settings to determine how long to keep the logs (ie only keep last x days/months/years worth of logs)
4. Access to logs are restricted and only people with appropriate permissions may access them.




The purpose of this is to keep track of who all is doing what on your website. At my previous job we had a problem with an irate employee randomly messing with our site (renaming products to garbage, changing prices, etc) before quitting later that day. Without our audit log we'd have had no idea who messed everything up. We were also able to restore the site to its pre-messed up condition since we had an exact record of what all he did.


At my new job here, I kept having to re-enter the same product over and over. It turns out one of our newbie admins (and one of my bosses), didn't know what she was doing and kept deleting my products.


Anyways, that's my idea.
- Brian

Web Developer/IT Manager
MitchA
#2 Posted : Monday, March 3, 2008 1:24:14 PM(UTC)
MitchA

Rank: Member

Joined: 3/3/2006(UTC)
Posts: 1,737

This is a good one. I'd put this in my top 20 requests.

Perhaps in Excel or sim you could come up with what this log might look like on the screen. Rows, columns. This needs some more/varied input.
Optimists invent airplanes,
Pessimists buy parachutes.
avmwebguy
#3 Posted : Monday, March 3, 2008 2:05:58 PM(UTC)
avmwebguy

Rank: Member

Joined: 1/24/2008(UTC)
Posts: 60

This is sorta what our old one looked like:





Key points are:

1. The actual action Performed, Modify, Delete, Add
2. What was actually affected by the action. This can vary greatly depending on what was done.
3. Any details that will help identify exactly was was done. This should also show what the old value Used to be before the change.
4. Date change was made.
5. User that made the change.


The details section could actually be multiple lines, like for instance if someone Modified multiple fields in a product, it would be one for each line (as shown).



Its also important to be able to search/sort/filter the logs so you can find exactly what you are looking for (ie when someone breaks your site, or you changed the wrong product name but forgot which product you changed, etc).
- Brian

Web Developer/IT Manager
MitchA
#4 Posted : Monday, March 3, 2008 4:31:36 PM(UTC)
MitchA

Rank: Member

Joined: 3/3/2006(UTC)
Posts: 1,737

You'd need a good long list of triggers and descriptions - ie: "Changed [[product name]] to [[product name]]".

Have you got a list handy? Was this list admin editable?
Optimists invent airplanes,
Pessimists buy parachutes.
avmwebguy
#5 Posted : Wednesday, March 5, 2008 10:47:39 AM(UTC)
avmwebguy

Rank: Member

Joined: 1/24/2008(UTC)
Posts: 60

Nah. When I created the audit log for my previous company, I wrote an object to handle the code and hardcoded all of the values. So for each action my program took, it would call the AdutiLog Function, which looked something like this:



Function AuditLog(Action as String, Effected as String, Details as String, Date as String, User as String)
'Add Record to Log in database
End Function


When someone modified an order, it would also call the function:


AuditLog("Modify Order", "Order Number: " & iOrderNumber, "Added Product " & sProductSku & " to Order", DateTime.Now.ToString, sUser)



I just hardcoded all of the Actions and such depending on what they were doing.


Its not really that hard of a project to write. . . its just really really long and tedious.


Our solution was for a very proprietary application and wasn't nearly as flexible as BV Commerce is on the configuration side of things, so we didn't care about allowing the admins to change the descriptions and such as you suggested, heh.
- Brian

Web Developer/IT Manager
Forum Jump  
You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.

©2024 Develisys. All rights reserved.
  • Toll-free  888-665-8637
  • International  +1 717-220-0012