Audit overview

Alpacon keeps a complete record of what happened across your workspace, so you can answer the audit questions that come up later: who connected to which server, what they ran, who approved a sensitive request, and when it all happened.

The Audit section in the sidebar collects those records into one place.

What’s in this section

Sessions

Sessions — work sessions: each scoped, time-bounded grant of access. See who asked for the work, who approved it, what was in scope, and how it ended.

Events

The Events group covers individual actions that happened inside sessions. Open each page to dig into one event type.

  • Websh — terminal sessions opened against your servers. Who connected, when, and what they ran.
  • Sudo — sudo authorizations: who was allowed to run which privileged command on which server, and how that authorization was granted.
  • Commands — commands sent to your servers, the result, and the verification outcome.
  • File transfers — uploads and downloads through WebFTP: which files moved, who moved them, and where.

Governance

The Governance group covers admin-level decisions and is only visible to administrators.

  • Approvals — past approval decisions: what was requested, who reviewed it, the outcome, and any justification.
  • Activity log — workspace-level events that don’t fit the Events group: sign-ins, permission changes, setting updates, resource access.

What you see depends on your role

Audit shows the same section to everyone, but the menu labels and the rows you see adapt to your role.

Regular users

The sidebar shows My sessions and My events instead of “Sessions” and “Events.” Pages list only the activity tied to you — sessions you requested, sudo grants you received, commands you ran, files you transferred.

The Governance group doesn’t appear in your sidebar at all. If you try to open one of those pages by URL, Alpacon redirects you to an access-denied page.

Administrators

The sidebar shows Session history, Events, and Governance. Pages list everything across the workspace, not just your own activity. Governance gives you the full approval history and the workspace activity log.

If you’re promoted from regular user to administrator later, the same Audit menu just reveals more entries — the structure stays familiar.

Common things you’d come here to find

Security review

  • See who has been getting privileged access to production servers
  • Spot unusual approval patterns or repeated sign-in failures
  • Trace what an account did during an incident window

Operations

  • Look up the result of a command that should have run
  • Confirm that a sudo grant or scope change actually went through
  • Tie a configuration change on a server back to a session and a person

Compliance reporting

  • Build a report of who accessed which servers and when
  • Pull the approval history for a quarter of changes
  • Keep a retention copy of session, command, and approval records

End-user checks

  • Replay your own Websh session to find a command you ran earlier
  • Confirm that a file transfer or sudo request you submitted actually completed

Tips

Pick the right page. “Who ran this command?” → Commands. “What did this session do?” → Sessions. “Who approved this request?” → Approvals.

Filter before you scroll. Most pages support filtering by user, server, scope, or date. Narrow first.

Audit ≠ alerting. This section is for review after the fact. For real-time visibility into ongoing work, see Live activity under the Execution group in the sidebar.

Last updated: