Dimitris Ganotis
dganotis.dev

strapi-plugin-audit-logs

A Strapi v5 plugin that provides comprehensive audit logging for content operations, media, user management, role changes, and admin authentication events.

GitHub repositorynpm package

Overview

I built this plugin to make audit trails practical and easy to use in real Strapi projects. Teams need to know who changed what, when it happened, and where the action came from. The plugin captures this in a clean admin interface with filtering, pagination, and detailed payload inspection.

Important Note

This plugin is not a replacement for Strapi's official Audit Logs feature included in Strapi's paid plans. Strapi's paid offering provides a broader and more complete enterprise solution.

I built this plugin for teams that need this specific capability in smaller projects where an enterprise plan may not make sense yet. Since Strapi exposes lifecycle events, I wanted to explore what was possible and make a practical open source option available.

If Strapi is core to your business and you need the full audit and governance feature set, consider getting an official Strapi license to support the product and its long-term development.

What It Tracks

  • Content events: create, update, delete, publish, unpublish
  • Media events: upload/update/delete files and media folders
  • User and role management events
  • Admin authentication events: login success/failure and logout
  • Request metadata: endpoint, method, status code, IP, and user agent

Key Features

  • Automatic event tracking across major Strapi admin operations
  • Security-focused redaction for sensitive values
  • Role-based access controls for log viewing and cleanup actions
  • Configurable retention and automatic cleanup strategies
  • Admin UI with search, filters, pagination, and detailed JSON payloads

Installation

npm install strapi-plugin-audit-logs@^2.1.0
yarn add strapi-plugin-audit-logs@^2.1.0

Basic Configuration

Add this to your Strapi plugin configuration:

module.exports = {
  "audit-logs": {
    enabled: true,
    config: {
      enabled: true,
      deletion: {
        enabled: true,
        frequency: "logAge",
        options: {
          value: 90,
          interval: "day",
        },
      },
      redactedValues: [
        "password",
        "token",
        "jwt",
        "authorization",
        "secret",
        "key",
        "private",
      ],
      events: {
        track: [
          "entry.create",
          "entry.update",
          "entry.delete",
          "entry.publish",
          "entry.unpublish",
          "media.create",
          "media.update",
          "media.delete",
          "user.create",
          "user.update",
          "user.delete",
          "role.create",
          "role.update",
          "role.delete",
          "admin.auth.success",
          "admin.auth.failure",
          "admin.logout",
        ],
      },
    },
  },
}

Compatibility

  • Strapi v5: use plugin version 2.x
  • Node.js: 18.x, 20.x, 22.x
  • Databases: PostgreSQL, MySQL/MariaDB, SQLite

Version Note

If you are on Strapi v4, use plugin version 1.x instead: npm install strapi-plugin-audit-logs@^1.0.0

Full Documentation

This page is an introduction for search and quick onboarding. For full setup details, advanced options, and troubleshooting, check the README in the repository.