Attachment Audit Log

Complete Audit Trail for File Attachments

Overview

Attachment Audit Log provides a complete audit trail for every action performed on file attachments (ir.attachment) in Odoo. Every upload, view, download, rename, update, and delete operation is automatically logged with full context: who performed the action, which file was involved, when it occurred, and from which IP address.

This module helps organizations meet internal audit requirements and data governance standards by maintaining a reliable, tamper-resistant history of all file activity across the platform.

Features

• Upload tracking: logs whenever a file is created
• View tracking: intercepts /web/content and /web/image routes
• Download tracking: detects download parameter in requests
• Delete tracking: preserves audit record even after the attachment is removed
• Rename and update tracking: detects changes to name, datas, mimetype
• Dedicated security group "Attachment Audit Manager" restricts access to logs
• Smart button "Audit History" on the attachment form
• Filters: Today, Uploads, Downloads, Views, Deletes, Current User
• Group by: Action, User, Model, Date
• Multi-company support
• No duplicate logs during the same HTTP request (thread-safe)
• Automatic monthly cleanup of old records
• No additional configuration required after installation

How It Works

Once installed, the module hooks into the ir.attachment model to intercept all CRUD operations. For view and download actions, it extends the ir.binary model to track file access via /web/content and /web/image routes. Each event is silently captured and stored as an audit record containing the action details, the user who triggered it, the associated file metadata, IP address, and a precise timestamp. Authorized users can then query this history at any time using the dedicated Audit Logs menu under Settings - Technical.

Configuration

1. Grant Access to Users

Go to Settings - Users & Companies - Groups and open the Attachment Audit Manager group. Add the users who should have access to the audit logs. By default, users with the Settings / Technical Features group are granted access automatically. Only members of this group can view the audit log menu and records.

2. Review the Audit Log

Go to Settings - Technical - Attachments Audit Logs to view all recorded events. Each entry includes the date and time, the action performed, the file name, the related model and record ID, the user, and the IP address. No manual action is required: the module records every file action automatically from the moment it is installed.

3. Filter and Analyze Activity

Use the built-in filters and groupings to analyze file activity. For example, find all files uploaded by a specific user, identify who last viewed or downloaded a confidential document, or review all deletions in a given period. Records can be grouped by action type, user, model, or date to simplify analysis and reporting.