listmonk icon indicating copy to clipboard operation
listmonk copied to clipboard
verified publisher icon knadh

Audit Logs

Open steffenh13 opened this issue 4 months ago • 2 comments

For security reasons most actions in this tool should be logged:

  • Logins
  • Managing lists (lists:manage_all)
  • Managing subscribers (subscribers:manage, subscribers:import, subscribers:sql_query, tx:send)
  • Managing campaigns (campaigns:manage, campaigns:manage_all)
  • Managing bounces (bounces:manage, webhooks:post_bounce)
  • Managing templates (templates:manage)
  • Managing and listing users (users:*)
  • Managing roles (roles:manage)
  • Changing settings (settings:*)

The log entries should identify the user account making the change, their IP, the timestamp, what type of action is taken/what change is made.

This would make it easier to adopt this software in companies with stricter requirements regarding security and auditing, and would allow to detect attacks or compromised accounts.

steffenh13 avatar Aug 29 '25 12:08 steffenh13

This issue has been marked 'stale' after 90 days of inactivity. If there is no further activity, it will be closed in 7 days.

github-actions[bot] avatar Nov 28 '25 02:11 github-actions[bot]

Bump. It's still relevant. I think we should add some audit logs to make actions auditable. Not sure whether it should be toggled by config?

Bogay avatar Nov 28 '25 12:11 Bogay