logging in iconik

iconik produces several types of logs, both in the backend and in its companion applications running on premise. This document is intended to explain what is logged and how this helps us deliver the iconik service.

Cloud system logs

Audit logs

All API calls made to iconik's APIs are logged to our audit logs which are stored in a separate audit log database. Audit logs are retained for 12 months for forensic purposes. We currently cannot provide a real-time feed of audit logs. Please contact security@iconik.io to obtain an extract of audit logs for your system domain (account).

Audit logs contain information which resource was accessed, when and by whom. Information includes:

  • System domain id
  • Timestamp
  • Userid and related info (including email address)
  • Group membership at the time of the call
  • If the user is an admin user
  • Request URL
  • HTTP Operation (GET, POST, PATCH, etc)
  • Operation result code
  • Unique Request ID
  • Client IP address
  • Application ID

As can be seen above, the audit log does contain certain Personally Identyfiable Information and are therefore handled with special care in accordance with our Data Processing Agreement.

System logs

The iconik system itself creates a lot of logs and these are all collected into Google Stackdriver where our engineers can use the logs to trouble-shoot the system. The system logs are explicitly prevented from containing any Personally Identifiable Information to minimise the risk of such information. System logs are retained for 30 days before they are automatically purged.

On-premise systems

iconik Storage Gateway

The iconik Storage Gateway creates logs which are stored locally and synced to the iconik cloud service. Logs are synced to the cloud to visualise them in the iconik web interface an to help us provide support for the ISG. ISG logs are kept in secure cloud buckets for 30 days before they are rotated.

iconik Adobe Panel

The iconik Adobe Panel creates logs which are stored locally. These logs are not synced to the cloud. When reaching out to support our staff may ask a user to submit a copy of the logs for trouble-shooting via our support system.

iconik Agent

The iconik Agent creates logs which are stored locally. These logs are not synced to the cloud. When reaching out to support our staff may ask a user to submit a copy of the logs for trouble-shooting via our support system.

Learn more