Skip to content
Xferity

Audit Logging for File Transfer — What Good Evidence Looks Like

Audit Logging for File Transfer

Section titled “Audit Logging for File Transfer”

Audit logging in managed file transfer is the systematic recording of what happened to each file: when it was picked up, what the outcome was, which run it belonged to, and whether it was already processed.

Without it, answering a partner’s question — “did you receive our file from Monday?” — requires reconstructing an answer from multiple partial sources.

What good audit logs cover for file transfer

Section titled “What good audit logs cover for file transfer”

A useful audit trail for file transfer should answer:

  • What ran: which flows executed and when
  • What was processed: which files were picked up and delivered
  • What happened: success, failure, or skipped as a duplicate
  • When it happened: precise timestamps for each event
  • Why it failed: error context when something went wrong
  • Who was involved: which partner endpoint was involved

How Xferity implements audit logging

Section titled “How Xferity implements audit logging”

Xferity writes structured JSON audit events to an append-oriented .jsonl file with one event per line.

Events cover:

  • run lifecycle (started, completed, failed)
  • file lifecycle (matched, processed, skipped, failed)
  • idempotency decisions (file was already processed)

Fields include: timestamp, flow, run_id, event_type, file_name, outcome, error_code, metadata, and more.

File lifecycle tracing

Section titled “File lifecycle tracing”

The xferity trace <filename> command queries audit records by file basename and returns the complete lifecycle history for that file across all runs.

This is the fastest path to answering “what happened to this file” without parsing the raw JSONL manually.

Tamper evidence

Section titled “Tamper evidence”

When enabled, Xferity adds hash-chain linkage between events:

  • each event contains chain_seq, prev_hash, and event_hash
  • any modification to a prior event breaks chain continuity for all subsequent events

Tamper evidence provides useful forensic signal but does not replace external immutable storage. A privileged actor on the same host could theoretically rewrite the file.

Retention

Section titled “Retention”

Audit retention is controlled by audit.retention_days. When retention is enforced, older events are trimmed from the JSONL file. Plan retention to meet business or compliance requirements.

For compliance-sensitive paths, ship audit records to an external immutable store before the retention window expires.

Audit logging limits

Section titled “Audit logging limits”

Audit logging in Xferity:

  • does not create legal non-repudiation by itself
  • does not replace a SIEM or external log management system
  • does not guarantee immutability without external controls
  • does provide strong operational evidence for investigation and investigation support
Section titled “Related pages”