PayGate Desktop maintains a log of auditable events that occur on the system.  The audit log can be used to provide an audit trail of system and payment level activity on a PayGate Desktop system.

Viewing the Audit Log

To view a sortable list of all audit messages, log into PayGate with an admin account. Navigate to the audit log page Admin > Logs > View Audit Log.
You can view an individual audit message in detail by clicking the ‘Select’ links.

Restricting access to the Audit log

By default, only the PayGate administrator can view the audit log.  You can optionally add selected users to this role which allows them to view the audit log.  The role is called ‘ViewAuditLog’ and you can add a use into this role using the Manage Users page.

Be aware that the ‘ViewAuditLog’ role is highly privileged and can view potentially sensitive information.  Once a use is in the ‘role that will be able to view all audit logs across all groups and users.

Audit Message Integrity

PayGate creates a special checksum code form each generated audit message.  If a rogue user gained access to the system and tried to maliciously alter an audit message or create a bogus message the system would detect this and show the audit message as being invalid. From within the Audit Message page look for the item marked ‘Verifed’. A valid message is easy to detect as the following label is shown.

A valid message is shown as follows:

If you see a message with this label then it cannot be trusted as being genuine.

Exporting the Audit Log.