Audit & Activity Logs

AUDITDOCUMENTATIONOPENFRAMESECURITY

Phase 9 — Security & Access Control · Step 3

Section

June 24, 2026

Published

Vladislav Marchenko

Vladislav Marchenko

Head Of Marketing

Audit & Activity Logs

Phase 9 — Security & Access Control · OpenFrame Onboarding

When something changes on a machine — an agent installs, a device joins a group, a query runs — OpenFrame writes it down. The Logs page is your single, searchable record of activity across every tool in the platform. It's where you go to answer "what happened, when, and on which device?"


Before you start

  • You need an Admin role.
  • Open Logs from the left sidebar.

What you're looking at

Each row is one event, with:

  • Log ID — a unique reference for the event (and a timestamp).
  • Status — the severity: INFO for normal activity, with higher levels for warnings and errors.
  • Tool — which underlying system logged it: Fleet (queries/inventory), Tactical (RMM agent actions), MeshCentral (remote/device group changes).
  • Source — the device or system that generated the event.
  • Log Details — a plain-English description, e.g. "installed new agent WIN-…" or "Query 'Windows Machine Summary' executed successfully."

Because OpenFrame sits on top of Fleet, TacticalRMM, and MeshCentral, this one feed pulls their activity into a single timeline — no jumping between three consoles.


Find what you need

  • Search for Logs — type to filter by detail text, device, or ID.
  • Filter by Status, Tool, or Source using the column controls — e.g. show only errors, or only MeshCentral events.
  • Refresh to pull the latest.

Drill into an event

Click the eye icon on a row to open Log Details: the full message, severity, timestamp, Log ID, the source tool, and the device involved. From there a device card lets you jump straight to that machine (with its online status and last-seen time) via Details — so you can go from "what happened" to "the machine it happened on" in one click.


Why this matters for security

The log is your accountability trail. Use it to:

  • Investigate — when a client asks "who touched this server?", the log has the answer.
  • Verify automation — confirm a script or AI action actually ran, and on the right device.
  • Spot the unexpected — an agent install or group change you didn't initiate is worth a second look.

Make scanning the log part of your routine, not just something you do after an incident.


Quick checklist

  • Opened Logs from the sidebar
  • Understood the columns: Status, Tool, Source, Details
  • Used Search and Status/Tool/Source filters to narrow down
  • Opened a row's eye to see full Log Details and the linked device
  • Made log review a regular habit, not just an incident response

What's next

That completes Phase 9 — Security & Access Control: your team, your AI guardrails, and your audit trail are all locked down. Next is Phase 10 — Ongoing Operations, the day-to-day rhythm that keeps everything healthy in production.


Based on OpenFrame v0.9.19. The Logs feed reflects the integrated tools (Fleet, TacticalRMM, MeshCentral) and evolves between releases — what's in your console wins.

Vladislav Marchenko

Head Of Marketing

Hi all! My name is Vlad and I’ve been brought on to head the marketing team at Flamingo. Thankfully, this isn’t the first time I will be building a marketing department from scratch, so the experience should come in handy. Now it’s time to dive into the world of MSPs and find myself in this new world.

Related Content

Product Releases

Webinars

Case Studies

Blog Posts

Frequently Asked Questions

MSP AI Agents

Yes. In production MSP shops today, 10% to 25% of tickets close before a human opens them. Thread alone has processed 173 million tickets across 750-plus MSP partners at 96% triage accuracy, handing back 490,000-plus technician hours. Agents own the low-risk, high-volume work (password resets, MFA enrollment, known installs, onboarding and offboarding) and flag anything that touches production data or needs judgment for a human to take.
On a five-person desk, reported deployments show $78,000 to $130,000 in annual direct labor savings, roughly 30% fewer escalations, and 15% to 20% better SLA compliance. Broader MSP adoption data adds ticket handling time cut by 45% and five to 12 points of margin, all from reclaimed capacity rather than headcount cuts.

AI Safety

It can be, with governance. Keep a human in the loop on high-risk actions, log every automated step for audit, and choose platforms that keep your data yours with no vendor lock-in. Pilot on internal data first so you catch issues before client systems are involved.

About OpenFrame

OpenFrame isn't built to plug into your stack. It replaces it. Instead of duct-taping a dozen tools together (RMM, MDM, SIEM, patching, remote access, each its own login and bill), we bundle it into one unified platform: RMM, MDM, monitoring, automation, remote access, patch management, security monitoring, and ticketing, plus built-in AI copilots. So "does it integrate with X?" usually means: you won't need X anymore.

IT Documentation

Hudu is IT documentation software that MSPs and internal IT teams use to centralize client documentation, network details, encrypted passwords, IT assets, and SOP runbooks in one searchable platform, so technicians find what they need without digging through scattered files.

Password Manager

Yes. Passbolt's Community edition is free under the AGPLv3 license with unlimited users, but you self-host it yourself. Paid Pro and Cloud tiers, starting around $5.40 per user monthly with a 10-seat minimum, add LDAP, SSO, and audit logs.

Open Source SIEM

Yes, Wazuh is free and open source with no per-agent or ingestion fees at any scale. The license costs nothing, but self-managed deployments still pay for log storage, infrastructure, and the engineering labor to tune and maintain the platform.

Endpoint Security

Bitdefender GravityZone is a cloud-native endpoint protection platform that combines prevention, EDR, and XDR in one agent and console. For MSPs, it adds multi-tenant management, so one team can protect and monitor every client's endpoints from a single dashboard.
Yes, for MSPs that want one vendor across endpoint, firewall, and managed detection. Sophos Central Partner gives true multi-tenant control, and MSP Connect Flex bills monthly by usage. Plan around occasional CPU spikes on busy servers and a console learning curve.

Sophos XDR

Sophos XDR is extended detection and response built on Intercept X. It correlates telemetry from endpoints, the Sophos firewall, email, cloud, and identity inside Sophos Central, then lets technicians hunt across that data with Live Discover queries.