Enterprise surveillance networks require rigorous accountability. OpenNVR actively tracks every authenticated action across the platform to ensure regulatory compliance and provide exact traceability in the event of a security audit.

Immutable Event Tracking

The FastAPI backend utilizes an internal auditing middleware that strictly logs the following platform modifications:

• Authentication: Successful logins, IP addresses, and repetitive rejected login attempts indicating potential brute-force vectors.
• Cryptographic Operations: Key rotations, BYOK imports, and encryption subsystem modifications.
• Administrative Actions: Camera destruction, retention policy alterations, and user role (RBAC) escalations.
• AI Routing Updates: Any modifications connecting or disconnecting AI adapters and cloud tensor routing.

Investigating Logs

Administrators can transparently query the exact history of the platform via the GUI.

1. Navigate to the Audit Logs panel.
2. Utilize the robust querying interface to filter events by specific Users, Event Severities (e.g., CRITICAL, WARNING), or precise chronological timestamps.

Exporting for Regulators

If your organization is subject to strict data governance (such as GDPR, HIPAA, or SOC2), the platform allows you to export raw JSON/CSV traces of the audit tables. Ensure these exports are securely transmitted alongside your incident response reports.

[!TIP] Audit logs are written to an append-only table in the PostgreSQL layer. With a secure offsite backup, you retain a tamper-evident record even if the core NVR volume is compromised. Cryptographic hash-chaining of the audit log — making tampering detectable, not just discouraged — is on the roadmap.