Skip to Content
Odoo Menu
  • Sign in
  • Try it free
  • Apps
    Finance
    • Accounting
    • Invoicing
    • Expenses
    • Spreadsheet (BI)
    • Documents
    • Sign
    Sales
    • CRM
    • Sales
    • POS Shop
    • POS Restaurant
    • Subscriptions
    • Rental
    Websites
    • Website Builder
    • eCommerce
    • Blog
    • Forum
    • Live Chat
    • eLearning
    Supply Chain
    • Inventory
    • Manufacturing
    • PLM
    • Purchase
    • Maintenance
    • Quality
    Human Resources
    • Employees
    • Recruitment
    • Time Off
    • Appraisals
    • Referrals
    • Fleet
    Marketing
    • Social Marketing
    • Email Marketing
    • SMS Marketing
    • Events
    • Marketing Automation
    • Surveys
    Services
    • Project
    • Timesheets
    • Field Service
    • Helpdesk
    • Planning
    • Appointments
    Productivity
    • Discuss
    • Approvals
    • IoT
    • VoIP
    • Knowledge
    • WhatsApp
    Third party apps Odoo Studio Odoo Cloud Platform
  • Industries
    Retail
    • Book Store
    • Clothing Store
    • Furniture Store
    • Grocery Store
    • Hardware Store
    • Toy Store
    Food & Hospitality
    • Bar and Pub
    • Restaurant
    • Fast Food
    • Guest House
    • Beverage Distributor
    • Hotel
    Real Estate
    • Real Estate Agency
    • Architecture Firm
    • Construction
    • Property Management
    • Gardening
    • Property Owner Association
    Consulting
    • Accounting Firm
    • Odoo Partner
    • Marketing Agency
    • Law firm
    • Talent Acquisition
    • Audit & Certification
    Manufacturing
    • Textile
    • Metal
    • Furnitures
    • Food
    • Brewery
    • Corporate Gifts
    Health & Fitness
    • Sports Club
    • Eyewear Store
    • Fitness Center
    • Wellness Practitioners
    • Pharmacy
    • Hair Salon
    Trades
    • Handyman
    • IT Hardware & Support
    • Solar Energy Systems
    • Shoe Maker
    • Cleaning Services
    • HVAC Services
    Others
    • Nonprofit Organization
    • Environmental Agency
    • Billboard Rental
    • Photography
    • Bike Leasing
    • Software Reseller
    Browse all Industries
  • Community
    Learn
    • Tutorials
    • Documentation
    • Certifications
    • Training
    • Blog
    • Podcast
    Empower Education
    • Education Program
    • Scale Up! Business Game
    • Visit Odoo
    Get the Software
    • Download
    • Compare Editions
    • Releases
    Collaborate
    • Github
    • Forum
    • Events
    • Translations
    • Become a Partner
    • Services for Partners
    • Register your Accounting Firm
    Get Services
    • Find a Partner
    • Find an Accountant
      • Get a Tailored Demo
    • Implementation Services
    • Customer References
    • Support
    • Upgrades
    Github Youtube Twitter Linkedin Instagram Facebook Spotify
    +32 2 290 34 90
    • Get a Tailored Demo
  • Pricing
  • Help
  1. APPS
  2. Extra Tools
  3. BambooForge Audit Pro v 18.0
  4. Sales Conditions FAQ

BambooForge Audit Pro

by BambooForge Labs , ABF OSIELL , Odoo Community Association (OCA)
Odoo

$ 192.91

v 18.0 Third Party
Apps purchases are linked to your Odoo account, please sign in or sign up first.
Versions 17.0 18.0 19.0
You bought this module and need support? Click here!
Availability
Odoo Online
Odoo.sh
On Premise
Odoo Apps Dependencies Discuss (mail)
Lines of code 5538
Technical Name bambooforge_audit_pro
LicenseOPL-1
Versions 17.0 18.0 19.0
  • Description
  • Manifest
  • Documentation
  • License
BambooForge Labs
BambooForge Labs Production-grade Odoo apps · open source · audited
Odoo 18.0 · CE & EE bambooforge.labs@gmail.com

BambooForge Audit Pro

Know who changed what, when — and get alerted the moment it matters. A complete audit, compliance & governance toolkit for Odoo 17: field-level logs, real-time alerts, contextual anomaly detection, a one-click compliance-attestation PDF, an approval gate, login tracking, PII masking and tamper-evident archiving with a daily tripwire — in one module.

Odoo 18.0 · CE & EE Slack · Discord · Teams Hash-chained tamper evidence GDPR / SOX / PCI presets AGPL-3 · source included 75 automated tests
Buy & deploy today →
24-hour supportWe answer every request within 24 hours — setup help included.
2-month money-backReport a bug within 2 months of purchase — if it isn't resolved within 15 days, you get a full refund.
Drop-in OCA migrationSame model names as OCA auditlog — your existing audit data is picked up verbatim, no rewrite.
100% open sourceFull AGPL-3 source — audit every line, never get locked in.
15governance capabilities, one module
75automated tests across the suite
4notification channels out of the box
100%open source — audit every line
See it running

A live walkthrough inside Odoo 18

One unedited screen recording from a real Odoo 17 install with audit data flowing — dashboard, rules, logs, timeline, alerts, the approval gate, login tracking, webhooks and S3 archiving, in a single pass.

BambooForge Audit Pro — live walkthrough

Everything OCA auditlog should have shipped

OCA auditlog logs CRUD with field diffs — then production exposes the gaps: duplicate alerts, no notification channels, no approval gate, no login tracking, no GDPR helpers, no off-system retention, no tamper evidence, no way to tell a bad actor from a busy Tuesday, and no proof to hand an auditor. Audit Pro closes every one — including contextual anomaly detectors (after-hours, privilege escalation, new IP, mass-delete), a one-click GDPR/SOX compliance-attestation PDF built from the real hash-chain result, and a daily chain-verify tamper tripwire — while keeping the same model technical names, so an existing OCA install migrates without a data rewrite.

What you actually get

Fifteen capabilities, every one backed by tests — not marketing surface.

Field-level audit logging

Per-model create / read / write / unlink logging with before/after field diffs and a side-by-side HTML view. Full or fast log mode per rule.

Alert rules with dedup

Match by model, user, method, field or keyword. One evaluation pass per log; the (rule, log, line) tuple is unique — never a duplicate alert.

Slack · Discord · Teams · Email

Native payloads for the three big webhook formats plus a generic JSON channel and a bundled email template. No extra pip install.

Async queue + HMAC signing

Webhooks dispatch through a retry queue with exponential backoff, so a slow channel never stalls a user write. Optional X-BFAudit-Signature HMAC header.

Approval workflow

Mark fields sensitive — the write is intercepted into a queued request with a colour-coded before/current/requested diff. Approvers decide; a cron auto-expires stale ones.

Login & session tracking

Every success, failure and block captured with IP, user agent and a SHA-256 hashed session ID. No rule setup — failed logins survive the rolled-back transaction.

Rate-based anomaly detection

Thresholds like “> 100 writes on res.partner in 10 minutes”. A 5-minute cron evaluates them and raises an alert through your existing channels.

Contextual anomaly detectors

Behavioural detectors alongside the rate engine: after-hours activity, privilege escalation (user create / groups_id changes on res.users), a first-ever login from a new IP, and mass-delete bursts. Opt-in — with no anomaly rule configured, the cron does nothing.

Hash-chained tamper evidence

Every log row carries an HMAC-SHA256 digest chained to the previous row. Edit a line, an envelope or reorder rows and verify_chain() breaks.

Daily chain-verify tamper tripwire

A scheduled job runs the existing verify_chain() over the whole log table and raises a CRITICAL “TAMPER DETECTED” alert through the existing alert plumbing — only when a hash mismatch is genuinely found, never speculatively.

One-click compliance attestation PDF

A GDPR Article 30 / SOX-style attestation report built from the real hash-chain verify_chain() result for the chosen period, plus access, retention and PII-masking evidence already held by the module — it states the actual verified/tampered counts, not a canned statement.

PII masking + GDPR anonymize

Type-aware masks for email (a***@b***.c) and phone — raw values never stored. One-click Anonymize wipes values on existing logs.

Retention + external archiving

Per-rule retention keeps the DB lean. Ship logs to local file (JSON Lines), syslog (RFC 5424) or any S3 bucket — AWS, MinIO, Wasabi, R2, B2 — before deletion.

REST API for SIEM

Pull audit events into Splunk, ELK, Datadog or Loki over a token endpoint, with a global key and per-user scoped keys (read / acknowledge / admin).

Dashboard, timeline & export

An 8-KPI dashboard, an SQL-backed timeline with pivot analytics, and an XLSX export that honours record rules — no .sudo() bypass.

Real screenshots

Every screen, from a live install

Captured from a running Odoo 17 with real audit data — not mockups.

Audit Trail dashboard in Odoo
Audit Trail dashboardEight KPIs over a selectable window — logs, field changes, active users, triggered & open alerts, pending approvals, login successes and failures.
Audit rule configuration
Audit rulePer-model logging with PII-masking, approval and retention/archive tabs.
Approval request with diff
Approval gateColour-coded before / current / requested diff, with chatter and activities.
Audit timeline
TimelineEvery audit log and field change merged into one chronological, pivotable stream.
Audit logs list
Audit logsWho changed what, when — with method, model, record and the GDPR anonymize action.
Login tracking
Login trackingSuccess / failed / blocked authentications with IP, reason and hashed session.
Webhook configuration
WebhookSlack / Discord / Teams / generic JSON, with HMAC signing and a Send Test button.
Anomaly rule
Anomaly rule“N writes in M minutes” thresholds that raise alerts on suspicious bursts.
S3 archive target
External archiveShip retained logs to AWS S3, MinIO, Wasabi, Cloudflare R2 or Backblaze B2 via a custom endpoint.

Security & compliance, by default

Tamper-evident logs

HMAC-SHA256 hash chain across every row. A single action verifies the chain and pinpoints any break.

Signed webhooks

Optional HMAC-SHA256 signature header lets the receiver reject forged or replayed payloads.

PII never stored raw

Masked at log-line creation with type-aware heuristics for emails and phone numbers.

GDPR anonymize

One-click wipe of stored values on existing logs while preserving the forensic envelope.

Record-rule-safe export

XLSX export uses your own access rights — no .sudo() bypass, hard ceiling 50 000 rows.

Multi-company safe

Fixes the OCA upstream cache-leak; session tokens and request context are hashed and redacted.

How it compares

Twenty checkpoints against the field. The “Typical commercial” column is averaged from publicly observable feature sets of the common paid audit apps.

CapabilityOCA auditlogTypical commercialAudit Pro
Field-level CRUD logging✔✔✔
Side-by-side HTML diff per change—partial✔
Alert rules (model / user / field / keyword)—✔✔
Email notification—partial✔
Slack / Discord / Teams webhooks——✔
Async webhook queue with retry——✔
HMAC-signed webhooks——✔
Approval workflow for sensitive fields—partial✔
Login / logout / failed-login tracking—partial✔
Rate-based anomaly detection——✔
Contextual anomaly detectors (after-hours / privilege escalation / new IP / mass-delete)——✔
Hash-chained tamper evidence——✔
Daily chain-verify tamper tripwire (CRITICAL alert on genuine tamper)——✔
One-click GDPR/SOX compliance-attestation PDF (from real hash-chain result)——✔
PII masking (email / phone)——✔
GDPR anonymize action——✔
Per-rule retention + S3 / syslog / file archiving——✔
REST API for SIEM ingestion——✔
XLSX export with record-rule enforcement—partial✔
Multi-company cache-leak fix——✔

Auditing in minutes

A 3-step onboarding wizard and GDPR / SOX / PCI presets get you from install to a live audit trail fast.

Install

Drop the module in your addons path, pip install xlsxwriter, restart and install from Apps.

Audit models

Pick the models to audit or apply a compliance preset — rules subscribe in one click.

Configure

Add PII-mask fields, sensitive-field approvals, alert channels and an archive target.

Go live

Watch the dashboard, get Slack/email alerts, and let retention ship logs off-system.

Coming from OCA auditlog?

Your data stays

  • Model technical names are identical — auditlog.rule, auditlog.log, auditlog.log.line, auditlog.http.session, auditlog.http.request.
  • Uninstall OCA auditlog, install Audit Pro — the existing tables are picked up verbatim.
  • Only the menu and view XML IDs change.

Good to know

  • The two modules cannot run side by side — they share the same model names. Pick one.
  • Requires Odoo 18.0 (Community or Enterprise) and Python 3.10+.
  • One dependency: xlsxwriter. boto3 is optional, only for the S3 backend.

Frequently asked

What's the overhead per audited write?

Full-log mode does two sudo reads (before + after) and one batched insert per log plus N line inserts — roughly six SQL round-trips on a 5-changed-field write. Fast-log mode skips the “before” read; exclude bulk-import users on the rule to keep large imports fast.

How big will the audit tables grow?

Roughly 1–3 KB per logged change. A busy tenant (~10k changes/day) is ~300 MB/year — capped by per-rule Retention Days plus an Archive Target that ships old logs off-system before deletion.

Will I get duplicate alerts for the same change?

No. Evaluation runs once per log (never per line), the (alert_rule, log, line) tuple is unique, and existing alerts are checked in one batched query before any new alert is created.

Are session tokens and request context safe?

Session IDs are stored as a SHA-256 hash, never plaintext, and the captured HTTP context redacts password, token, secret, authorization and cookie keys.

What does hash-chain tamper evidence prove?

Each row carries row_hash = HMAC-SHA256(secret, prev_hash ‖ canonical_json(row, lines)). Editing a line, an envelope or reordering rows breaks the chain on verification. The secret lives in ir.config_parameter and auto-generates on first use.

What's the licence?

AGPL-3 or later — the same copyleft licence as the OCA auditlog upstream this module derives from. You get the complete source and can use, modify and redistribute it, including commercially, under the AGPL terms.

Turn Odoo into a system of record you can trust

BambooForge Labs · a hardened fork of OCA auditlog · AGPL-3 · source included

bambooforge.labs@gmail.com

More from BambooForge Labs — one vendor, the same standard: tested, open source, supported.

Audit Pro PrestaShop Connector — two-way Odoo ↔ PrestaShop sync
Availability
Odoo Online
Odoo.sh
On Premise
Odoo Apps Dependencies Discuss (mail)
Lines of code 5538
Technical Name bambooforge_audit_pro
LicenseOPL-1

BambooForge Audit Pro

A complete audit trail for Odoo 18: log every create, write, delete and read on the models you choose, watch logins, raise alerts on suspicious activity, gate sensitive edits behind an approval workflow, push alerts to Slack/Discord/Teams, and archive logs off-system before they are purged — all from one Audit app.

This page is the complete manual. If you follow it top to bottom you can install, choose what to audit, read the logs, wire up alerts and approvals, ship logs out, and fix the common issues without contacting support.

  • Overview
  • Requirements
  • Installation
  • Configuration
  • Usage
  • Customization
  • Troubleshooting
  • Frequently asked questions
  • Data, privacy & limits
  • Support & updates
  • Upgrading & version compatibility
  • Uninstallation
  • Changelog

Overview

Audit Pro hooks the Odoo ORM so that operations on the models you subscribe are recorded, then layers compliance tooling on top. It covers:

  • Audit trail of record changes — create, write, delete and (optionally) read events on any model you pick, with a per-field before/after diff.
  • Login tracking — every successful, failed and blocked login is recorded with IP, user agent and a hashed session token, automatically, with no rule setup.
  • Anomaly rules — raise an alert when too many events of one kind happen in a short window (for example a single user doing hundreds of writes or deletes in minutes).
  • Approval workflows — writes that touch fields you mark Sensitive are intercepted and parked as approval requests until an approver in the configured group accepts them.
  • Alerts, email & webhooks — alert rules match a slice of the trail and notify by email and/or HTTP webhook (Slack, Discord, Microsoft Teams, or generic JSON).
  • Archive targets & retention — ship logs to a local file, syslog or S3-compatible storage before a retention cron deletes them.
  • Dashboard & timeline — a KPI dashboard over a date window, plus a single chronological stream that merges record events and field changes.
  • Tamper-evidence & privacy — each log is chained to the previous one with a hash you can verify, PII fields are masked at capture, and logs can be anonymized for GDPR.

Everything lives under one top-level Audit menu, grouped into Audit Logs, Security, Alerts and Configuration.

Requirements

Item Detail
Odoo 18.0, Community or Enterprise.
Python xlsxwriter (used by Export Logs to write XLSX). It is the only extra dependency. The S3 archive backend also needs boto3, but only if you actually configure an S3 target — it is never required at install.
Depends base, web, mail (all standard). No third-party Odoo modules.
Access rights The Auditlog User group can read logs, dashboard and timeline. The Auditlog Manager group can configure rules, approvals, webhooks and archives, and may anonymize logs. Odoo Administration / Settings users (base.group_system) get Manager automatically.
Network Outbound HTTPS is only needed if you use webhooks or the S3 archive backend. Webhook URLs must be public — internal/loopback/private hosts are refused (SSRF guard).

Installation

  1. Copy bambooforge_audit_pro into your Odoo addons path.
  2. Restart the Odoo service.
  3. Open Apps, click Update Apps List, search for Audit Pro, and press Activate / Install. The dependencies install automatically.
  4. After install, an Audit application appears in the main app drawer. A post-install hook re-applies any active audit rules so logging starts immediately.

A guided Getting Started wizard is available under Audit ▸ Configuration ▸ Getting Started: three steps that subscribe a few rules, optionally wire one notification channel, and set a retention window. You can skip it and configure everything by hand using the sections below.

Configuration

All configuration lives under the Audit app. The menu groups are:

Menu group Contains
Audit Logs Logs, Log Lines, Timeline, Export Logs.
Security Login Events, Anomaly Rules.
Alerts Alerts, Alert Rules.
Configuration Getting Started, Rules, Audit Models, Compliance Presets, Webhooks, Webhook Queue, Archive Targets. Approvals sit directly under Audit.

Step 1 — Choose what to audit (audit rules)

Open Audit ▸ Configuration ▸ Rules and create a record (one rule per model — the model is unique across rules).

Audit rule form — model, operations, exclusions and the Phase B tabs
Field What it does
Model The model to track. Locked once the rule is Subscribed.
Type Full log makes a before/after diff of every field (richer, slower); Fast log records only the values passed to create/write (less detail, faster).
Log Reads / Writes / Deletes / Creates Which operations generate logs. Writes, Deletes and Creates are on by default; Reads is off (it is the noisiest).
Capture Record On Full log + Log Deletes, keep a snapshot of a record's values when it is deleted.
Users to Exclude Operations by these users are never logged (for example an integration user).
Fields to Exclude Fields that never appear in the diff.

The rule form also carries three tabs:

  • PII Masking — Fields to Mask (PII). Values of these fields are masked when stored in audit lines (emails become a***@b***.c, phone numbers keep the country code and last two digits, everything else becomes ***).
  • Approval Workflow — Sensitive Fields (require approval), Approver Group and Approval Timeout (hours) (default 72). See Step 4.
  • Retention & Archive — Retention Days (0 = use the global autovacuum, 180 days by default) and Archive Target. See Step 6.

Click Subscribe in the header to activate the rule. The state moves to Subscribed and an Audit History shortcut is added to the Action menu of the audited model's form. Click Unsubscribe to stop logging; you must unsubscribe before changing the model, operations or masking/sensitive fields.

Faster starts:

  • Audit Models (Configuration ▸ Audit Models) subscribes several models at once with the same settings.
  • Compliance Presets (Configuration ▸ Compliance Presets) bootstraps GDPR, SOX or PCI-DSS in one click — it creates and subscribes the right rules with masking, sensitive fields and retention already filled in, and skips models that are not installed on your database.

Step 2 — Anomaly rules

Open Audit ▸ Security ▸ Anomaly Rules. An anomaly rule raises an alert when the number of matching audit events crosses a threshold inside a time window.

Anomaly rule form — scope, threshold and window
Field What it does
Model Scope to one model. Empty = all models.
Method Scope to Create / Write / Read / Delete. Empty = all.
User Scope to one user. Empty = any user.
Threshold (events) Raise an alert when this many matching events occur within the window (default 100).
Window (minutes) The rolling window length (default 10).
Severity Low / Medium / High / Critical (labelling only).
Alert channel The alert rule whose email + webhook channels fire on a breach. Leave empty and one is auto-created on the first breach.

A cron (Audit anomaly — evaluate thresholds, every 5 minutes) walks the active rules. The Last evaluation fields show the last run time and event count. Breaches are deduplicated so you do not get repeat alerts inside the same window.

Step 3 — Alert rules, email and webhooks

An Alert Rule (Audit ▸ Alerts ▸ Alert Rules) matches a slice of the trail and raises an Alert. Combine Model, User, Method, Field and Keyword (the alert fires only when the changed values contain that keyword) to narrow it.

On the alert rule, the Notification Channels section controls how a match is shipped:

  • Send Email — uses an email template (defaults to the bundled audit-alert template) and an optional comma-separated Email Recipients override. Mail is queued, not sent inline, so a slow SMTP server never blocks the user write that triggered the alert.
  • Webhooks — one or more webhook records to call. Dispatch is queued (see Step 5).

To create a webhook, open Audit ▸ Configuration ▸ Webhooks.

Webhook form — backend, URL, headers and HMAC secret
Field What to enter
Backend Slack, Discord, Microsoft Teams or Generic JSON. This shapes the payload to the receiver's expected format.
URL The incoming webhook URL. Must be a public host — internal/loopback/private addresses are rejected.
Timeout Per-call timeout in seconds (default 5).
Extra Headers (JSON) Optional JSON object merged into the request headers, e.g. {"Authorization": "Bearer xxx"}.
HMAC Signature Secret If set, each request carries an X-BFAudit-Signature: sha256=… header so the receiver can verify the body was not altered.

Use the Send Test button to POST a synthetic payload and confirm connectivity before attaching the webhook to an alert rule. The form shows the last status, last call time and call count.

Step 4 — Approval workflow

Approvals turn a risky edit into a reviewed action. On an audit rule's Approval Workflow tab, add fields to Sensitive Fields (require approval), pick an Approver Group and set an Approval Timeout (hours).

From then on, when any user tries to write one of those fields, the write is blocked and a bf.audit.approval.request is created instead. Approvers find pending requests under Audit ▸ Approvals.

Approval request form — side-by-side current vs requested diff

The request shows a side-by-side Current vs Requested diff. An approver in the group clicks Approve to apply the change for real, Reject to discard it, or Open Record to inspect the target. Requests left pending past the rule's timeout are auto-expired by an hourly cron (Audit approval — expire pending). If applying an approved change fails (the record was deleted, the value is invalid…), the request moves to Apply Error with the reason recorded.

Step 5 — Webhook queue

Webhook dispatch is asynchronous: when an alert fires, each webhook call is enqueued in Audit ▸ Configuration ▸ Webhook Queue and a cron (Audit webhook — drain queue, every minute) sends it with retry/back-off. This guarantees a slow or failing endpoint can never block the user write that triggered the alert. Each queue row shows its state (pending / sending / sent / failed), retry count and last error; Retry Now forces an immediate attempt.

Step 6 — Archive targets & retention

Logs are deleted on a schedule; archive targets let you keep a durable copy first. Create a target under Audit ▸ Configuration ▸ Archive Targets, then set it as the Archive Target on the relevant audit rule.

Archive target form — file, syslog or S3 backend
Backend What to configure
Local File File Path — a directory on the Odoo host. One JSON-Lines file is written per batch. For safety the path must sit inside the base directory set by the bambooforge_audit_pro.archive_base_dir system parameter (defaults to <data_dir>/bf_audit_archive); paths outside it are rejected.
Syslog Syslog Host, Port (514) and Facility (local0–local7).
S3 / S3-compatible Bucket, Prefix, Region, optional Endpoint URL (for MinIO / Wasabi / R2), and access/secret keys. Requires the boto3 package.

Use Send Test to ship one synthetic record and confirm the target works; the form records the last status, time and shipped count.

Retention is driven by two crons:

Cron Default What it does
Auto-vacuum audit logs daily, off Deletes logs, HTTP requests, HTTP sessions, login events and old webhook-queue rows older than 180 days. Disabled out of the box — enable it to use the global window.
Audit per-rule retention vacuum daily, on Deletes logs older than each subscribed rule's Retention Days (0 = skip).
Audit approval — expire pending hourly, on Auto-expires approval requests past their timeout.
Audit webhook — drain queue every minute, on Sends queued webhook calls with retry/back-off.
Audit anomaly — evaluate thresholds every 5 min, on Evaluates anomaly rules.

Both vacuums ship logs to their rule's archive target before deleting them, so a configured archive is always durable first.

Usage

Dashboard

Open Audit ▸ Dashboard. Pick a From / To window; the KPIs recompute live: Total Logs, Field Changes, Active Users, Triggered Alerts, Open Alerts, Pending Approvals, Logins OK and Logins Failed, plus the Top Model and Top User for the window.

Audit dashboard — KPI tiles and highlights over a date window

The action bar drills into the same window: Open Logs, Timeline, Alerts and Approvals. Refresh reloads the figures.

Logs

Audit ▸ Audit Logs ▸ Logs lists every captured operation (default filter: last 7 days). Each row is one operation on one record; open it to see the Changed Fields tab with the before/after value of each field and a per-field diff preview.

Audit logs list with method, model, user and resource columns

Group by User, Model, Method, Type, User session or HTTP Request to slice the trail. The log form also links to its Alerts and a record-scoped Timeline. From the list, two server actions are available in the Action menu: Anonymize (GDPR) (managers only — wipes field values to *** but keeps the envelope) and Verify Hash Chain (confirms the tamper-evidence chain is intact). Log Lines (Audit Logs ▸ Log Lines) is the same data flattened to one row per field change. Export Logs writes a filtered range to XLSX.

Login events

Audit ▸ Security ▸ Login Events records every authentication attempt with IP, user agent, a hashed session token and (on failure) the reason — no rule needed. Rows are colour-coded: green for success, red for failed, amber for blocked.

Login events list, colour-coded by success / failed / blocked

Default filter is the last 7 days; filter by Success / Failed / Blocked or group by User, State or IP.

Timeline

Audit ▸ Audit Logs ▸ Timeline merges record events and individual field changes into one chronological stream. Each entry shows the time, user, method, model, the changed field (if any) and a summary with a change type of Added, Removed or Changed.

Activity timeline — record events and field changes in one stream

Use the Field Changes / Record Events filters to focus, or switch to the pivot view to chart events by day and model.

Customization

  • Field coverage — override auditlog.rule.get_auditlog_fields to change which fields a rule captures (by default all stored, non-computed/related fields).
  • Generic webhooks — set a webhook's backend to Generic JSON to receive the full alert payload, and use Extra Headers and HMAC Signature Secret to integrate with any HTTP receiver.
  • SIEM / log shipper pull — a read endpoint at GET /api/bf_audit/logs streams logs as JSON Lines for Splunk, ELK/Logstash, Datadog, Loki or Grafana Agent. It accepts since, limit (default 1000, max 10000) and model query parameters. Authenticate with the X-Audit-API-Key header, matching either the bambooforge_audit_pro.api_key system parameter (full export) or a per-user key set under a user's Audit API tab (results are then scoped to that user's access rights).
  • Compliance presets — the GDPR / SOX / PCI-DSS presets are a starting point; after applying one, edit the generated rules to fit your data model.

Troubleshooting

Symptom Cause and fix
Nothing is logged The rule is still in Draft. Open it and click Subscribe. Logging only starts once the state is Subscribed.
A specific operation is not logged The matching Log Reads / Writes / Deletes / Creates toggle is off, the acting user is in Users to Exclude, or the field is in Fields to Exclude. Reads are off by default.
Too much is logged / the system feels slow Full log and especially Log Reads are heavy. Switch the rule to Fast log, turn Reads off, exclude noisy fields/users, and scope anomaly rules tightly. The dashboard's Top Model / Top User show where the volume comes from.
Logs grow without bound Retention is opt-in. Set Retention Days per rule (the per-rule cron is on), or enable the Auto-vacuum audit logs cron for the global 180-day window.
A webhook never fires Check the alert rule actually lists the webhook, that the Webhook Queue row is not stuck in failed (read its last error), and that the Audit webhook — drain queue cron is active. Use Send Test on the webhook to isolate connectivity.
Saving a webhook is refused The URL points at an internal/loopback/private host. Webhooks must use a public http(s):// endpoint (SSRF guard). Slack/Discord/Teams cloud URLs are fine.
An approval is stuck / a user "cannot save" The field is marked Sensitive; the write became an approval request under Audit ▸ Approvals. An approver in the rule's Approver Group must Approve or Reject. Requests past the timeout auto-expire hourly. If approval shows Apply Error, the target record changed — re-do the edit.
Approve/Reject buttons do nothing for me You are not in the rule's Approver Group. Add yourself, or have an Auditlog Manager decide.
"Permission denied" on Anonymize Anonymizing requires the Auditlog Manager group.
The API endpoint returns 401 / 403 401 = missing or wrong X-Audit-API-Key (check the system parameter or the per-user key). 403 = a per-user key whose user lacks audit-log read rights, or whose Audit API scope is empty.
S3 archive test fails with a boto3 error The S3 backend needs the boto3 package installed in the Odoo environment. Install it, or use the Local File or Syslog backend instead.
A user sees fewer logs than expected Logs are multi-company isolated: a user only sees logs of companies they belong to (company-less logs stay visible to all).

Frequently asked questions

Does this slow Odoo down? Logging adds work to each audited operation, so only subscribe the models and operations you need. Fast log is lighter than Full log, and Log Reads is the heaviest option (off by default). Webhooks and alert emails are queued, never inline.

Can I audit reads, not just changes? Yes — turn on Log Reads on the rule. Expect high volume; reserve it for sensitive models.

How do I prove the logs were not tampered with? Every log is hash-chained to the previous one. Select logs and run Verify Hash Chain from the Action menu to confirm the chain is intact.

How do I comply with a GDPR erasure request? Select the relevant logs and run Anonymize (GDPR) (managers only). Field values become *** while the date/user/method/model envelope is kept for forensic integrity. You can also mask PII at capture time via the rule's PII Masking tab.

Can alerts go to Slack / Teams / Discord? Yes. Create a webhook with the matching backend, test it, and attach it to an alert rule's Webhooks field. Generic JSON covers any other HTTP receiver.

Where do archived logs go? To the archive target on each rule: a local JSON-Lines file, syslog, or an S3-compatible bucket. Archiving happens before the retention cron deletes the rows.

What support and refund policy do I get? Every request is answered within 24 hours, setup help included. If you report a bug within 2 months of purchase and it is not resolved within 15 days, you are entitled to a full money-back refund.

Data, privacy & limits

  • What is stored — for each audited operation: the model, record id, method, acting user, timestamp, HTTP request/session reference, and (for Full log) a before/after value per field. Login events store the attempted login, user, state, IP, user agent and a hashed session token. PII fields you mark are masked at capture.
  • Where data goes — audit data stays in your Odoo database unless you configure an archive target (file/syslog/S3) or expose the pull API. Webhooks send only the alert summary payload to the URL you configure.
  • Multi-company — logs are isolated by company; users see only the companies they belong to.
  • In scope — change/login auditing, anomaly rules, approval workflow, alerts with email + Slack/Discord/Teams/generic webhooks, archive targets, retention, hash-chain verification, GDPR anonymization, XLSX export, JSON-Lines pull API.
  • Out of scope — the approval workflow intercepts write on sensitive fields, not create or delete. The S3 backend needs boto3. Webhook URLs must be public.

Support & updates

  • Support: bambooforge.labs@gmail.com — answered within 24 hours, setup help included.
  • Refund: report a bug within 2 months of purchase; if unresolved within 15 days, full refund.
  • Full source is included. Updates track the supported Odoo 18 line.

Upgrading & version compatibility

This build targets Odoo 18.0. Each Odoo major series (17.0, 18.0, 19.0) has its own dedicated build of this module — always install the build that matches your Odoo version. Mixing a build with a different Odoo series is not supported.

Patch upgrades (same series, e.g. 18.0.1.0.0 → later)

  1. Back up your database and filestore first.

  2. Replace the module folder with the newer build.

  3. Restart Odoo with the module updated:

    ./odoo-bin -c your.conf -u bambooforge_audit_pro -d your_db
    
  4. Odoo applies any schema/data changes automatically. Your existing records and configuration are preserved.

Cross-version migration (e.g. Odoo 17 → 18)

Upgrading Odoo itself is a database migration handled by Odoo's standard upgrade tooling. When you migrate the database to the next Odoo series, install the matching build of this module for that series. Data created by this module carries over with the database migration.

After any upgrade the module's scheduled actions resume on their normal cadence — no manual re-activation is required.

Uninstallation

You can remove this module at any time from Apps → (this module) → Uninstall, or from the command line. Uninstalling is clean and reversible by reinstalling — but note what is and is not deleted.

What is removed

  • The module's own tables and every record in them (17 models, prefixed auditlog.*) — this is the data this module created.
  • The menus, actions, views and reports this module installed.
  • Its scheduled actions (cron jobs) — they stop immediately on uninstall.
  • The security groups this module defined (user assignments to them are dropped).

What is preserved

  • Your standard Odoo data (partners, products, sales, invoices, inventory moves) is not deleted — this module only reads and annotates it; the underlying records stay.
  • Attachments and chatter messages on standard records are kept.

As always, take a database backup before uninstalling in production.

Changelog

18.0.5.5.0

Current release for Odoo 18.0. This build includes:

  • Contextual anomaly detection, one-click GDPR/SOX compliance attestation PDF and a daily tamper tripwire on top of hash-chained audit logs, alerts, webhooks, PII masking, approval workflow, retention policy and external archiving.

Feature additions and fixes ship as new builds on the Odoo Apps store; this page and the module's version reflect the current published release. Always keep the build matched to your Odoo series (see Upgrading & version compatibility).

Odoo Proprietary License v1.0

This software and associated files (the "Software") may only be used (executed,
modified, executed after modifications) if you have purchased a valid license
from the authors, typically via Odoo Apps, or if you have received a written
agreement from the authors of the Software (see the COPYRIGHT file).

You may develop Odoo modules that use the Software as a library (typically
by depending on it, importing it and using its resources), but without copying
any source code or material from the Software. You may distribute those
modules under the license of your choice, provided that this license is
compatible with the terms of the Odoo Proprietary License (For example:
LGPL, MIT, or proprietary licenses similar to this one).

It is forbidden to publish, distribute, sublicense, or sell copies of the Software
or modified copies of the Software.

The above copyright notice and this permission notice must be included in all
copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM,
DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
DEALINGS IN THE SOFTWARE.

Please log in to comment on this module

  • The author can leave a single reply to each comment.
  • This section is meant to ask simple questions or leave a rating. Every report of a problem experienced while using the module should be addressed to the author directly (refer to the following point).
  • If you want to start a discussion with the author or have a question related to your purchase, please use the support page.
Community
  • Tutorials
  • Documentation
  • Forum
Open Source
  • Download
  • Github
  • Runbot
  • Translations
Services
  • Odoo.sh Hosting
  • Support
  • Upgrade
  • Custom Developments
  • Education
  • Find an Accountant
  • Find a Partner
  • Become a Partner
About us
  • Our company
  • Brand Assets
  • Contact us
  • Jobs
  • Events
  • Podcast
  • Blog
  • Customers
  • Legal • Privacy
  • Security

Odoo is a suite of open source business apps that cover all your company needs: CRM, eCommerce, accounting, inventory, point of sale, project management, etc.

Odoo's unique value proposition is to be at the same time very easy to use and fully integrated.

Website made with