> ## Documentation Index
> Fetch the complete documentation index at: https://docs.clearaml.com.au/llms.txt
> Use this file to discover all available pages before exploring further.

# Search and export your forensic audit trail

> ClearAML logs every action to a tamper-proof ledger. Search, filter, and export the audit trail to satisfy AUSTRAC record-keeping requirements.

ClearAML records every meaningful action taken in your firm's account to an immutable audit ledger. Every time a user creates or updates a client record, completes a risk assessment, makes an EDD decision, uploads a document, logs in, or triggers a system event, a new entry is written with a timestamp, the actor's identity, the affected entity, and the IP address and session context. You cannot edit or delete audit log entries — this is by design to satisfy AUSTRAC's record-keeping and independent review requirements.

## What the audit trail records

Each log entry captures the following fields:

| Field               | Description                                                                                                  |
| ------------------- | ------------------------------------------------------------------------------------------------------------ |
| **Date / Time**     | UTC timestamp of the action, displayed in your local timezone                                                |
| **User**            | Full name, email, and role of the person who triggered the action — or "System" for automated events         |
| **Action type**     | The type of operation: Create, Update, Delete, View, Verify, Upload, Export, Login, Alert Decision, and more |
| **Entity type**     | The object that was affected (e.g. Client, Risk Assessment, EDD Case, AML Program, Training Module)          |
| **Client / Entity** | Name or identifier of the specific record, with a direct link to the client profile where applicable         |
| **Description**     | A plain-language summary of what changed                                                                     |
| **Rationale**       | If the user provided a reason for the action (e.g. a risk override), it is captured verbatim                 |
| **IP address**      | The network address of the request                                                                           |
| **Session ID**      | A unique identifier for the authenticated session                                                            |
| **Data changes**    | Before and after values for update events, rendered as a structured diff                                     |

<Info>
  Logs are retained for 7 years in accordance with AUSTRAC record-keeping requirements. All data is stored in Australian data centres and encrypted at rest and in transit.
</Info>

## Navigate the audit trail dashboard

Go to **Audit Trail** in the left sidebar. The page opens with a full-firm log ordered by most recent activity.

The table shows 50 records per page. Use the **Previous** and **Next** buttons at the bottom of the page to paginate. The page header shows the total number of records matching your current filters.

Press `/` anywhere on the page to jump focus directly to the search input.

To view full details for any entry, click **View** (desktop) or **Details** (mobile) on the row. A detail panel opens showing the actor, entity, description, rationale, data changes (before/after diff), IP address, session ID, and user agent.

## Filter by date, user, entity, and action

The **Filters** panel at the top of the Audit Trail page lets you narrow results across five dimensions simultaneously:

<CardGroup cols={2}>
  <Card title="Date range" icon="calendar">
    Set a **Date From** and/or **Date To** using the date pickers. Dates are interpreted in your local timezone. Leave one end blank for an open-ended range.
  </Card>

  <Card title="Entity type" icon="layers">
    Choose from over 30 entity types including Client, Risk Assessment, EDD Case, AML Program, AUSTRAC ACR Submission, Training Module, Screening Decision, and more.
  </Card>

  <Card title="User" icon="user">
    Filter to a specific team member. The dropdown lists all users in your firm. Select **All Users** to see firm-wide activity.
  </Card>

  <Card title="Action type" icon="zap">
    Filter by operation: Create, Update, Delete, View, Verify, Upload, Export, Login, Program Generation, Alert Decision, Payment, and System Event.
  </Card>
</CardGroup>

You can also type a keyword into the **search** bar to match against the description or rationale text of log entries. Press **Enter** or click **Apply** to run the search. Click **Reset** to clear all active filters.

<Tip>
  Combining a date range with an entity type and a specific user is the fastest way to reconstruct a single officer's activity for a given period — useful when preparing for an independent evaluation.
</Tip>

## Audit & monitoring overview

The **Compliance Hub** also exposes an **Audit & Monitoring** tab (the second tab on the Compliance Hub page) with a summary view designed for compliance officers:

* **Audit Logs** — total number of immutable records stored for your firm
* **Activity (24h)** — count of log entries in the rolling 24-hour window
* **Retention** — fixed 7-year retention period, with the age of your oldest record shown beneath

Below the stats, the **Recent Critical Activity** feed surfaces the five most recent high-risk actions: deletions, EDD decisions, risk assessment updates, screening decisions, dismissed reports, and alert decisions. Each entry shows the description, actor, IP address, timestamp, and any rationale provided.

The **System Coverage** panel shows which audit logging points are active across your firm:

* **Active** (green) — a log entry for this entity type was recorded within the last 30 days
* **Idle** (yellow) — no activity in more than 30 days
* **Never recorded** — no entries of this type exist yet

Click **View All Logs** from the Audit & Monitoring tab to go directly to the full Audit Trail search page.

## Export audit logs

To export your current filtered view as a CSV file:

<Steps>
  <Step title="Apply your filters">
    Set any combination of date range, entity type, user, action type, and search text to narrow the export to the records you need.
  </Step>

  <Step title="Click Export">
    Click the **Export** button in the Filters panel. ClearAML generates a CSV file that matches your active filters exactly — the same records you see on screen.
  </Step>

  <Step title="Download the file">
    The file downloads automatically with the filename `Audit_Trail_YYYY-MM-DD.csv`. The export respects your local timezone for all timestamps.
  </Step>
</Steps>

<Warning>
  Exports are capped at a maximum row limit for performance. If your export is truncated, ClearAML will notify you with the row count. Narrow your date range and export in smaller windows to capture the full dataset.
</Warning>

## How the audit trail supports AUSTRAC inspections

When AUSTRAC conducts a supervisory review or your firm undergoes an independent AML/CTF evaluation, auditors will typically ask to see evidence of:

* Who performed specific actions and when
* Whether risk decisions were accompanied by a documented rationale
* Whether your firm's program and training records are current

The audit trail provides a complete, unedited record for all of these. You can filter to a specific date range, export the results to CSV, and share the file with your evaluator. Because entries are tamper-proof and include IP addresses and session IDs, they meet the evidentiary standard expected by AUSTRAC.

<AccordionGroup>
  <Accordion title="Which actions are always logged?">
    Every create, update, delete, view, verify, upload, export, and login event is logged automatically — you do not need to configure anything. System-generated events (such as automated screening runs and identity verification results) are also captured with an actor of "System".
  </Accordion>

  <Accordion title="Who can view the audit trail?">
    Audit trail access is role-gated. Users without sufficient permissions will see a "you don't have permission to view audit logs" message. Contact your firm's admin or compliance officer to request access.
  </Accordion>

  <Accordion title="Can log entries be modified or deleted?">
    No. Audit log entries are written once and cannot be edited, overwritten, or deleted by anyone — including ClearAML administrators. This immutability is what makes the ledger forensically reliable.
  </Accordion>

  <Accordion title="How long are logs retained?">
    All audit logs are retained for 7 years, consistent with AUSTRAC's record-keeping requirements under the AML/CTF Act.
  </Accordion>
</AccordionGroup>
