Auditing refers to the ability to track all changes to the internal state of a fortress. Because the state of the fortress is effectively the content of the data strongbox, we can say that auditing is the ability to track all changes to the data strongbox.
There are four things we want tracked in an auditing system:
The fortress that made the request resulting in the change.
The exact request the fortress made.
The data that was sent with the request.
The time the request was made.
Other bits of information may be included in the audit trail, but these are the main points.
Hypothetically, auditing could be done in several places. It could be done at the worker level, with each worker in the fortress, when asked to do something, logging ...