What fields are in each entry?

Each entry has an event ID, ISO timestamp, actor, action, resource path, outcome, source IP, and user agent. Together they mirror a typical structured audit record.

Are the entries time-ordered?

Yes. Timestamps are drawn from the last seven days and then sorted oldest to newest, so the result reads like a real append-only audit trail.

What kinds of actions appear?

Actions cover authentication events like logins and failures, record create, update, and delete, permission grants and revokes, settings changes, exports, and API key lifecycle events.

Are the IP addresses real?

They are syntactically valid IPv4 addresses, deliberately mixing private RFC1918 ranges with public-looking ones for realism, but they are randomly generated and not tied to any real host.

Does anything leave my browser?

No. Every actor, IP, and event is randomly generated locally and the JSON never leaves your device.

Audit Log Entry Generator

The Audit Log Entry Generator produces batches of believable system audit-log records. It is built for engineers and compliance teams who need realistic event data to demo a SIEM, populate a security dashboard, or test audit-trail rendering and filtering without exposing any real activity.

How it works

The tool picks each field from curated banks — actors (including service accounts and a system principal), actions, resource paths, and outcomes weighted toward success with occasional failure and denied results. Each entry also gets a syntactically valid source IP and a realistic user-agent string.

Chronology is handled deliberately:

A timestamp is drawn for each entry within the last seven days.
All timestamps are sorted ascending before entries are assembled.
Each entry is emitted with an ISO 8601 timestamp, so the array reads as a genuine append-only trail.

Click Generate audit log to redraw, and Copy JSON to export the array.

Tips and notes

The success-weighted outcome mix means you will usually see a handful of failure or denied events per batch — useful for testing alert rules and filters.
Generate up to 200 entries at a time; rerun and concatenate for larger logs.
Action names follow a domain.verb convention (for example permission.grant), which maps cleanly onto most audit schemas.
All generation is local — no API key, no network call.