An audit log is a running, time-stamped record of meaningful actions inside a system: who logged in, who changed a price, who deleted a customer. Each entry says who did it and exactly when, so the history can be reviewed long after the moment has passed.
Think of the visitor book at a reception desk. Every person who enters signs their name and the time, so weeks later you can answer “who was in the building that afternoon?” An audit log does the same for software, except it captures clicks and changes instead of signatures. When a record mysteriously goes missing, the log is the first place anyone looks. It works closely with access control, which decides what people may do, while the audit log records what they actually did.
The important detail is that a real audit log is append-only. Entries can be added but not quietly edited, which is what makes it trustworthy as evidence after a data breach. The broader, user-facing version of this idea is often called an audit trail.
There is a balance to strike on what you record. Log too little and the gap you care about is missing; log every keystroke and you bury the one event that matters under noise, while also storing data you may not be allowed to keep. Good practice is to capture the actions that change state or touch sensitive data, such as logins, edits, deletions and exports, with enough context to reconstruct events but no more.
At TopDevs we build audit logging into the systems we deliver, so you always have a clear, tamper-resistant answer to “who changed this, and when?”