Skip to main content

Audit Logs & Security Auditing

The Fami Hero Admin Portal maintains a comprehensive, read-only audit log of all system administrative activities. This ensures compliance, traces modifications back to individual administrators, and provides an essential record for platform security audits.

๐Ÿ” 1. Activity Audit Logs Registryโ€‹

Route: /audit-logs

Every critical administrative action triggers an immediate, immutable log entry in the system database.

Search and Filtering:โ€‹

  1. Search: Find logs by entering an administrator's email address, action description keywords, or target user email.
  2. Action Filters: Filter results by specific logged actions to isolate key events:
    • User Enabled / Disabled: Track blocks and unblocks of parent/child accounts.
    • Blocklist Updated: Track changes made to the global domain classification database.
    • Config Updated: Track modifications to SMTP settings, Firebase sync latencies, or OTP gateways.
    • Admin Actions: Trace when admins are created, enabled/disabled, or have passwords reset.
    • Login Events: Track successful and failed administrator login attempts.
  3. Date Filters: Select starting and ending timestamps to view historical records.

Admin Portal: Activity Audit Logs Caption: The Audit Logs table displaying administrative emails, action types, specific descriptions, IP addresses, and timestamps.

๐Ÿ—ƒ๏ธ 2. Audited System Actionsโ€‹

Fami Hero logs the following categories of events automatically:

Event CategoryLogged MetadataSystem Impact
Admin LoginAdmin ID, IP Address, Session TokenValidates admin session start. Logs failed login attempts.
User SuspensionTarget Parent ID, Status (Suspended/Active), ReasonDenies the parent app access immediately.
Blacklist/Whitelist ChangeAffected Domain, Action (Add/Remove), CategorySynced to children's devices via Firebase Realtime Database.
API Keys UpdateGateway Name (e.g., Twilio), Masked CredentialsReloads SMS or Email dispatch parameters.

๐Ÿ“ฅ 3. Exporting Audit Reportsโ€‹

Super-Administrators can download local copies of activity logs for reporting or external review:

  1. Navigate to /audit-logs.
  2. Apply any desired date range or action filters.
  3. Tap Export Logs in the top right corner.
  4. Select your preferred format: CSV (for spreadsheets) or JSON (for machine reading).
  5. Enforce Super-Admin secondary 2FA verification to authorize the download.
  6. The file downloads directly to your device once verified.

โญ๏ธ Next Stepโ€‹

Administrators also manage global application parameters, screen time limits, default content filters, security policies, mobile app versioning, support information, and system email templates. Continue to System Settings & Templates.