logging in iconik
iconik produces several types of logs, both in the backend and in its companion applications running on premise. This document is intended to explain what is logged and how this helps us deliver the iconik service.
Cloud system logs
Audit logs
All API calls made to iconik's APIs are logged to our audit logs which are stored in a separate audit log database. Audit logs are retained for 12 months for forensic purposes.
User Audit Log Streaming which is part of iconik Shield can be used by customers to subscribe to the audit log stream for their entire domain.
Audit logs contain information which resource was accessed, when and by whom. Information includes:
- System domain id
- Timestamp
- Userid and related info (including email address)
- Group membership at the time of the call
- If the user is an admin user
- Request URL
- HTTP Operation (GET, POST, PATCH, etc)
- Operation result code
- Unique Request ID
- Client IP address
- Application ID
As can be seen above, the audit log does contain certain Personally Identyfiable Information and are therefore handled with special care in accordance with our Data Processing Agreement.
System logs
The iconik system itself creates a lot of logs and these are all collected into Google Stackdriver where our engineers can use the logs to trouble-shoot the system. The system logs are explicitly prevented from containing any Personally Identifiable Information to minimise the risk of such information. System logs are retained for 30 days before they are automatically purged.
On-premise systems
iconik Storage Gateway
The iconik Storage Gateway creates logs which are stored locally and synced to the iconik cloud service. Logs are synced to the cloud to visualise them in the iconik web interface an to help us provide support for the ISG. ISG logs are kept in secure cloud buckets for 30 days before they are rotated.
iconik Adobe Panel
The iconik Adobe Panel creates logs which are stored locally. These logs are not synced to the cloud. When reaching out to support our staff may ask a user to submit a copy of the logs for trouble-shooting via our support system.
iconik Agent
The iconik Agent creates logs which are stored locally. These logs are not synced to the cloud. When reaching out to support our staff may ask a user to submit a copy of the logs for trouble-shooting via our support system.