User Auth.log

User Auth.log

Allows for logging user actions on sensitive/critical administrative pages. Logging is limited to specific users and/or user roles (configurable). Logging only occurs on specific administrative pages (configurable). Features include:

• Ability to log by user or users
• Ability to log by role or roles
• Ability to limit logging to specific paths
• List view of all logged entries with pagination
• Notifications emails sent upon specified user login
• Notification emails sent when specified user disables the User Auth.log module
• Presently the module will log user ID, path, and date/time

Background

This module was intended to help maintain stability/accountability on Drupal projects with multiple technical administrators. For example, a company may have a Drupal site builder “in-house”, but engage an outside firm for larger updates and/or monthly maintenance. This module allows for logging the sensitive activity of these advanced users (e.g. visiting specific settings pages) so that in the event of technical problems, troubleshooting can take place more expediently.

A Word of Caution

This module is not intended to log more than a few low-use user accounts on any given site. It should not be used to track regular site users. Even tracking day-to-day content administrators may prove problematic for performance reasons since all tracked actions are logged in the database. In most cases concerns about user access to critical areas of the site should be mitigated by creating specific user roles with a limited permissions model, and not by using this module.

Ideas for the future

• Sudo style authentication for submission of critical forms.
• Log when a form is submitted, and possibly capture the diff.

Sponsors

• Knectar - Advanced Drupal & Magento Applications