Audit & Activity Logs
Phase 9 — Security & Access Control · OpenFrame Onboarding
When something changes on a machine — an agent installs, a device joins a group, a query runs — OpenFrame writes it down. The Logs page is your single, searchable record of activity across every tool in the platform. It's where you go to answer "what happened, when, and on which device?"
Before you start
- You need an Admin role.
- Open Logs from the left sidebar.
What you're looking at
Each row is one event, with:
- Log ID — a unique reference for the event (and a timestamp).
- Status — the severity: INFO for normal activity, with higher levels for warnings and errors.
- Tool — which underlying system logged it: Fleet (queries/inventory), Tactical (RMM agent actions), MeshCentral (remote/device group changes).
- Source — the device or system that generated the event.
- Log Details — a plain-English description, e.g. "installed new agent WIN-…" or "Query 'Windows Machine Summary' executed successfully."
Because OpenFrame sits on top of Fleet, TacticalRMM, and MeshCentral, this one feed pulls their activity into a single timeline — no jumping between three consoles.
Find what you need
- Search for Logs — type to filter by detail text, device, or ID.
- Filter by Status, Tool, or Source using the column controls — e.g. show only errors, or only MeshCentral events.
- Refresh to pull the latest.
Drill into an event
Click the eye icon on a row to open Log Details: the full message, severity, timestamp, Log ID, the source tool, and the device involved. From there a device card lets you jump straight to that machine (with its online status and last-seen time) via Details — so you can go from "what happened" to "the machine it happened on" in one click.
Why this matters for security
The log is your accountability trail. Use it to:
- Investigate — when a client asks "who touched this server?", the log has the answer.
- Verify automation — confirm a script or AI action actually ran, and on the right device.
- Spot the unexpected — an agent install or group change you didn't initiate is worth a second look.
Make scanning the log part of your routine, not just something you do after an incident.
Quick checklist
- Opened Logs from the sidebar
- Understood the columns: Status, Tool, Source, Details
- Used Search and Status/Tool/Source filters to narrow down
- Opened a row's eye to see full Log Details and the linked device
- Made log review a regular habit, not just an incident response
What's next
That completes Phase 9 — Security & Access Control: your team, your AI guardrails, and your audit trail are all locked down. Next is Phase 10 — Ongoing Operations, the day-to-day rhythm that keeps everything healthy in production.
Based on OpenFrame v0.9.19. The Logs feed reflects the integrated tools (Fleet, TacticalRMM, MeshCentral) and evolves between releases — what's in your console wins.
