New Audit Trail (aka History)

First of all - this new audit trail is a very welcoming update. Thank you!

Undo option is great, it would be better if it can be captured in the audit trail or the history itself and perhaps from controls point of view, auditors would like to see that there is a trail and history of users posting a certain transaction but then undo function was performed which works the same as delete function.

I have just updated to have a look at this and I see that I will need to use Manager for a few days to populate the history. I will provide feedback when I have used the history for a bit. I will concur with other users that the main issue that I can see is the sheer volume of data collected which may make it difficult to provide useful information to the administrator without good default search parameters and filters etc.

I don’t know if this can be implemented in Manager, but what I think would be very useful is the following:

History of Logins of user with details such as time, IP Address, especially repeated failed login attempts (to detect dictionary attacks). Maybe an email alert to warn administrator? This is obviously only for the Server and Cloud editions.

Would it also be possible to de-activate the account after 10 failed authentication attempts in a a 24 hour period or something like that. The administrator would be required to re-activate the account.

I have already setup in IIS to only allow my IP Address and that of my accountant. So it’s probably not necessary to include this in Manager itself, but obviously this only works for Server editions. For anyone using the Cloud edition, there is no way for them to restrict IP Addresses to their internal network if they wish to do so. I think that if Manager could be secured like this, that would be very good as it would make it virtually impossible for a hacker to breach the system.

Deleting or Renaming User Account and history trail. There are two questions that I have around this point. One - what happens to the history for this person if the user account is deleted? Two if I rename Joe Bloggs to Harry Potter - how does this affect the history of this account - does is show old name for past and new user name for future entries? I am happy to just delete the account and create a new one if this would retain the history of the old accountants name?

I noticed something rather interesting when I was looking at my profile. It showed me as logged in on this computer and two other logins showing Firefox 77 and Window 10 - which would have been me as I am the only one that currently has access to the system. I had not logged in for a few days and as far as I am aware I had logged out. Does Manager not have the ability to log you out after 1 hour inactivity period or something like that. Secondly based on this, it would seem that I can login to the same account on different computers simultaneously? I clicked logout for the two logins to close the sessions. I don’t know if this is intentional, but I think Manager should not allow you to login on different devices simultaneously for the same account.

1 Like

Just noticed:

  1. History doesn’t show changes made to transaction type eg. if marked “Payment” from “Receipt”

  2. Cash on hand accounts are titled as Bank account.

Must say the new audit trail is awesome. But what I noticed is how size of records has gone up. Before the Audit trail upgrade a batch create of couple of thousands records without any attachments and with the running of inbuilt vacuum, was round 120-150 bytes. After the upgrade a test of batch create of couple of thousands records seems to be up to round 350 bytes for sales records and round 540 bytes for Payment & Receipt records. @lubos is it possible to compress this somehow with code ? Purging the audit trail history down the road is not always an option in all countries if audit trail is mandatory in legislation.

I think the purging will be an option

@abeiku, sorry for not making this more clear but I was asking @lubos if it is possible to compress accounting records with audit trail records included, not purging the audit trail as such.

thanks brother , it solved my problem
Regards
Nasrullah .

This new feature is giving out wrong information recently. I was shocked to see multiple updates of payslips in History by my employee whose permitted actions are only view and create. I cross checked his permissions and can confirm that the new History needs more improvement.


Batch delete isn’t recorded in History.

@lubos The new Audit Trail is a great improvement over the previous version … many thanks. Could the date format of the Audit Trail output be set to whatever format has been selected in Preferences? Everything else in Manager seems to work this way except for the Audit Trails, which show the date in MM/DD/YYYY format only (I use DD/MM/YYYY as I am Australian based).

Also custom reports (only for custom fields) and batch create and batch update share this issue on dates format.

Can sent emails by added to History, as well?

Emails tab doesn’t show the user who sent the email.

Thank You @lubos These are long awaiting features we are expecting. Good Startt

I like the feature. At this time I only use the desktop version and am the only user. As such I am responsible for all entries and content. I do a lot of additions & deletions for testing purposes. Yes, I should have a test business for this. I would like the ability to be able to turn it on/off in settings.

Version 20.7.55 History doesn’t show deletions @lubos. At first, it wasn’t showing reference numbers of deleted transactions, now it doesn’t show deletions at all.

@lubos Will it be possible to purge the History/Audit Trail at some stage?

Why would you want to do that?

I don’t think I will implement purge history as a button but it will be possible to make a backup without history. So this will allow you to “purge it”. Would that be sufficent?

4 Likes

It will Better if History show Traction not need to be view

A backup without history would be good :smile: