# Elasticsearch security logs For enterprise clients we can provide our security logs from elasticsearch. Contact us for more details about connecting and pulling logs. ### Logs structure Our logs monitors all HTTP requests that could change configuration of your organization from users. All logs have `@timestamp` field which provides time when request was executed. Also you can find field `message.source.ip` containing requester ip address. When user is authenticated we include `message.user.id` field which provides user's ID in Closer and `message.user.roles` which describes roles of the user. We also provide `message.http.request.body` and `message.http.request.method` so you can identify what action user was trying to made. Fields `message.http.response.body` and `message.http.response.status_code` gives you information about result of the action. Full url address at which user was executing request is provided in field `message.url.full`. For better filtering of logs we provide fields `message.event.category`, `message.event.kind`, `message.event.type`, `message.event.outcome` and `message.event.action`. Those fields are compilant with [ECS event fields](https://www.elastic.co/guide/en/ecs/current/ecs-event.html).\ List of our event actions: * `org_config_change`- change made to general config of organization * `free_org_creation`- creation of org with free plan * `stripe_org_creation`- creation of org with paid plan * `widget_logo_creation`- creation of new logo on widget header * `widget_logo_deletion`- deletion of logo on widget header * `widget_background_creation`- creation of new background image on widget header * `widget_background_deletion`- deletion of background image on widget header * `agent_profile_change`- change made to agent profile * `agent_deactivation`- agent deactivation in organization * `agent_restore`- agent restore in organization * `agent_login`- agent login to closer using email and password * `agent_login_with_magic_link`- agent login using magic link * `agent_logout`- agent logout from closer * `agent_password_change`- agent password change from settings * `agent_password_change_with_token`- agent password change using token * `agent_password_reset`- agent password reset request * `agent_skills_change`- change of agent's skills * `agent_preferences_change`- change of agent preferences about notifications and inbox sorting * `agent_limit_change`- change of agent assigned conversations limit, currently not used * `agent_role_change`- change of agent's role, from admin or to admin * `agent_invitation`- invitation to organization for new agent * `agent_invitation_acceptation`- invitation to organization accepted from new agent * `agent_avatar_creation`- creation of new agent avatar * `agent_avatar_deletion`- deletion of agent avatar * `unavailability_reason_creation`- creation of unavailability reason for agent on unavailable status * `unavailability_reason_change`- change of unavailability reason for agent on unavailable status * `unavailability_reason_deletion`- deletion of unavailability reason for agent on unavailable status * `bot_type_change`- change of bot type in closer * `lekta_config_creation`- creation of lekta integration config for bot * `lekta_config_change`- change in lekta integration config for bot * `event_action_config_creation`- creation of event action config, response that is send by bot on specific event * `event_action_config_change`- change of event action config * `event_action_config_deletion`- deletion of event action config * `ai_suggestions_config_change`- change on ai suggestions config * `ai_suggestions_intent_creation`- creation of ai suggestions intent * `ai_suggestions_intent_change`- change of ai suggestions intent * `ai_suggestions_intent_deletion`- deletion of ai suggestions intent * `ai_suggestions_dataset_creation`- creation of ai suggestions dataset for nlu * `ai_suggestions_dataset_change`- change of ai suggestions dataset for nlu * `ai_suggestions_dataset_deletion`- deletion of ai suggestions dataset for nlu * `widget_form_config_creation`- creation of widget form config to display for customer on widget * `widget_form_config_change`- change of widget form config * `widget_form_config_deletion`- deletion of widget form config * `oauth_authorization`- authorization of customer using oauth * `oauth_config_creation`- creation of oauth config for customer authorization * `oauth_config_change`- change of oauth config * `oauth_config_deletion`- deletion of oauth config * `proactive_messages_config_creation`- creation of proactive message config displayed over widget * `proactive_messages_config_change`- change of proactive message config * `proactive_messages_config_deletion`- deletion of proactive message config * `profanities_config_creation`- creation of profanities config that is used to block some words for sending * `profanities_config_change`- change of profanities config * `tag_mapping_config_creation`- creation of tag mapping config for tagging customers on specific page * `tag_mapping_config_change`- change of tag mapping config * `tag_mapping_config_deletion`- deletion of tag mapping config * `org_topic_creation`- creation of topic in org * `org_topic_change`- change of topic in org * `org_topic_deletion`- deletion of topic in org ### Example event from elasticsearch ``` { "_index": "closer", "_type": "entry", "_id": "s3baO3kBZbVQk2pxTK-w", "_version": 1, "_score": 0, "_source": { "@timestamp": "2021-05-05T09:27:12.529+0000", "message": { "event.kind": [ "event" ], "event.category": [ "configuration" ], "event.type": [ "change", "user" ], "event.action": "agent_skills_change", "event.outcome": "success", "http.request.body.content": "{\"skills\":[\"skill\"]}", "http.request.method": "PUT", "http.response.status_code": 204, "user.id": "00000000-0000-0000-0000-000000000000", "user.roles": [ "ADMIN" ], "source.ip": "/89.187.249.34", "url.full": "http://spinner.stage.closer.app/api/users/agents/00000000-0000-0000-0000-000000000000/skills", "ecs.version": "1.9" } } } ```