Appearance
Audit Log
What Is the Audit Log?
The Audit Log is a detailed record of every security-relevant event that happens in your vault. It's like a security camera for your data — you can review who did what and when.
What You See
Where: Settings → Audit Log → Security Audit Log
The Audit Log screen shows:
Top Bar
- A search bar for full-text search
- A Filter icon button
- An Export icon button
Filter Chips
A horizontal row of category chips to quickly narrow the log:
- All — show everything
- Backups — backup and restore events
- Vault — vault-level events (unlock, lock, sync)
- Items — item creation, editing, deletion
- Security — authentication and security events
- Settings — settings changes
- Failures — failed operations
Log Entries
Entries are grouped by day (Today, Yesterday, Earlier). Each entry shows:
- A colored circle icon representing the event type
- What happened (e.g., "Created password 'Gmail'")
- When it happened (relative time: "5m ago", "2h ago", or full date)
- What changed (if applicable)
- Item type (Password, Note, Card, or Document)
- An integrity badge:
- ✓ Checkmark = verified (the entry hasn't been tampered with)
- ⚠ Warning = integrity check failed
Types of Events Logged
| Event Category | Examples |
|---|---|
| Authentication | Sign-in, sign-out, vault unlock, vault lock |
| Item Management | Created, viewed, modified, or deleted a password/note/card/document |
| Backup & Sync | Backup created, backup restored, cloud sync completed |
| Security | Master password changed, biometric enabled/disabled, recovery key used |
| Settings | Settings changed (auto-lock timeout, screenshots, etc.) |
| Emergency Access | Access requested, approved, rejected, revoked |
| Failures | Failed unlock attempts, sync errors |
Viewing Event Details
Tap any log entry to open a detail dialog showing:
| Field | Description |
|---|---|
| Timestamp | Exact date and time |
| What Happened | Description of the event |
| What Changed | Details of the change (if applicable) |
| Event ID | Unique identifier for this event |
| Item ID | The ID of the affected item (if applicable) |
| Item Type | Password, Note, Card, or Document |
| Device ID | Which device generated this event |
| Integrity Status | Verified or Failed |
| Cryptographic Hash | The hash used to verify integrity |
| Additional Metadata | Any extra details recorded |
Filtering the Log
Quick Filters (Category Chips)
Tap a category chip to show only events in that category. Only one chip is active at a time.
Advanced Filter
Tap the Filter icon in the top bar to open the filter dialog:
- Event Type dropdown — select a specific event type
- Category dropdown — select a category
- Date Range — use the calendar picker to set start and end dates
- Integrity Issues Only toggle — show only entries with failed integrity checks
- Clear button — reset all filters
- Apply button — apply the selected filters
Active filters appear as removable chips below the search bar.
Search
Type in the search bar to search across all fields: event descriptions, item names, dates, and metadata. Results filter in real time.
Exporting the Audit Log
- Tap the Export icon in the top bar
- A file save dialog opens
- Choose where to save the CSV file
- The export includes: timestamp, event type, what happened, what changed, item type, integrity status, and metadata
Item History
Where: Settings → Audit Log
Two additional settings control item history:
Track Item History
- When on (default): The app saves up to 10 previous versions of each password and note when they're modified
- When off: No history is kept (changes overwrite the previous version)
Clear Item History
Tap to permanently delete all saved password and note version history. A confirmation dialog appears first.
How Integrity Verification Works
Each audit log entry includes a cryptographic hash (like a digital fingerprint). When you view an entry, DavianVault verifies that the hash matches the event data. If someone tampered with the log, the integrity check would fail — you'd see a warning icon instead of a checkmark.
This ensures your audit log is tamper-evident — any modification would be detected.