A made-to-order Odoo security console that records who logged in, what they changed, and who accessed sensitive records — with immutable audit trails, brute-force alerts, and one-click force logout. ECOSIRE builds, installs, and supports it for your Odoo 17, 18, or 19 database. Built to order by ECOSIRE for Odoo 17, 18, 19 — indicative price from $349.00 USD; request a quote for a scoped proposal.

A made-to-order Odoo security console that records who logged in, what they changed, and who accessed sensitive records — with immutable audit trails, brute-force alerts, and one-click force logout. ECOSIRE builds, installs, and supports it for your Odoo 17, 18, or 19 database.
No payment now. This sends a quote request to our team — we'll follow up by email with pricing and next steps.
When an auditor or your CISO asks "who accessed the payroll records last quarter and what did they change?", most Odoo teams find there is no straight answer. Odoo core keeps create_date, write_date, and create_uid/write_uid on each record, and res.users.log notes the last connection — but there is no queryable login history, no failed-login trail, no record of reads, and no field-by-field before/after picture of a change. The mail.thread chatter only tracks fields you flagged with tracking=True, lives inside each record rather than in a security log, and can be edited by anyone with write access. It says nothing about who merely viewed a sensitive contract or salary. For regulated or sensitive data, that gap is exactly where compliance findings come from.
Login-history model capturing user, source IP, device/user-agent, authentication method (password, SSO/OAuth, or 2FA), and success/failure for every attempt
Authentication and session-lifecycle hooks in `base`/`web` — events are recorded at the source, not scraped from server log files after the fact
Failed-login and brute-force detection with configurable per-user and per-IP thresholds, driven by an `ir.cron` sweep
Admin alert emails on threshold breach via Odoo's `mail.mail` and automated-action layer, routed to a security mailbox
Field-level change audit on admin-selected models: old value, new value, author, and timestamp captured on each monitored `write`
Per-model create / read / write / unlink toggles so you log only the operations your compliance regime requires
Access Audit & Login Monitor is a build-to-order Odoo application that closes the gap. We build a dedicated login-history model that captures every authentication attempt — user, source IP, device/user-agent, method (password, SSO/OAuth, or 2FA), and success/failure — by hooking the authentication and session lifecycle in base and web rather than scraping server logs after the fact. Failed attempts are counted against configurable thresholds, so brute-force patterns fire an admin alert email through an ir.cron sweep and Odoo's mail.mail / automated-action layer. On top of that we add field-level change auditing on the models you select: each monitored write records the old value, the new value, the author, and the timestamp, and per-model toggles for create/read/write/unlink let you log only the events compliance actually requires — read logging, the heaviest event, stays off until you switch it on for a truly sensitive model like payroll or contracts.
Technically, the module is a clean-room build: a small set of models.Model classes for the log entries, ORM overrides and a lightweight registry that intercept the audited operations, ir.model.access.csv plus record rules that make the audit records append-only (no write, no unlink — even admins cannot quietly rewrite history through the UI), and OWL/XML views plus QWeb templates for the dashboard, active-session viewer, and exportable reports. Suspicious-login flagging (new country/IP, impossible travel, off-hours access) is computed against a user's baseline and surfaced on the dashboard. The active-session viewer integrates with Odoo's session store so you can force-logout any single user or terminate all sessions with one click. A scheduled retention purge removes records older than your configured window, and every access event can be pushed to your SIEM or security mailbox via an optional webhook, daily email digest, or the standard XML-RPC/JSON-RPC API. Filterable CSV/PDF reports let auditors slice by user, model, or date range.
Because this is made to order, nothing ships until we agree the scope. After a short scoping call we confirm your target version and edition (17.0, 18.0, or 19.0, Community or Enterprise — SSO/MFA capture differs between editions), the exact models and events to audit, retention and alert policy, and any SIEM integration. We then build on a staging copy of your database, run UAT with you, and install to production with a rollback plan. Typical delivery is 2–4 weeks from confirmed scope. Pricing starts from $349 (indicative, single-company base scope); wider multi-company or multi-database coverage, additional audited models, deeper localization/regulatory mapping, and SIEM/webhook integration depth increase the quoted scope.
Runs the Odoo instance and is first responder during a suspected breach or a departing-employee event. Needs login forensics (IP, device, method, failures), live session control with force logout, and brute-force alerts that reach the security mailbox before damage spreads.
Guards payroll, contracts, and vendor bank details inside Odoo and answers to auditors. Needs to know not just who edited a salary field but who merely viewed sensitive records, with an immutable per-record access trail they can pull on demand during an investigation.
Consolidates telemetry across systems into a SIEM. Needs Odoo access events available via webhook, digest, and the JSON-RPC API, with suspicious-login flagging (new-country, impossible-travel, off-hours) so Odoo stops being a blind spot in the monitoring pipeline.
Periodically reviews access to regulated data and expects evidence, not assurances. Needs filterable, exportable reports scoped by user, model, and date range, backed by records that provably cannot be altered or deleted by the people being audited.
Buy the license on ecosire.com and download the Access Audit & Login Monitor module ZIP from your account dashboard.
Extract the ZIP into your Odoo custom addons folder on the server (or upload via Apps > Install from file on Odoo.sh / runbot).
Activate Developer Mode, open Apps, click Update Apps List, search for Access Audit & Login Monitor, and press Install.
Open the new menu, paste your ECOSIRE license key, connect any external credentials (Shopify, Amazon, Stripe, etc.), and save.
Run the built-in connection test, sync your first 10 records, and schedule the recurring cron. Contact support if anything fails.
| Criterion | ECOSIRE | Custom Build | Competitor | Odoo Native |
|---|---|---|---|---|
| Login history (IP, device, method, success/failure) | Full history model capturing every attempt with method and outcome | Possible, but you design and maintain the schema and hooks yourself | Often basic last-login or partial history with fixed fields | |
| Field-level change trail (old vs new value) | Old/new value, author, and timestamp on the models you select | Achievable with effort; correctness and edge cases are on you | Usually available but on a generic, non-tailored model set | |
| Read / 'who viewed this' auditing | Per-model read toggle and per-record view trail for sensitive data | Rarely built well; requires careful ORM interception | Frequently absent — most focus on writes only | |
| Immutable, tamper-resistant records | Append-only via access rules; no edit/unlink even in the UI | Depends entirely on how carefully you set security | Varies; some builds let admins delete entries | |
| Brute-force / failed-login alerting | Configurable thresholds with cron sweep and admin alert emails | Build the detection, cron, and mail flow from scratch | Sometimes present with fixed, non-configurable rules | |
| Active-session control / force logout | Live session viewer with one-click logout of a user or all sessions | Requires session-store integration you build and test | Uncommon; usually history only, not live control | |
| Retention & scheduled purge | Configurable window with a scheduled `ir.cron` purge to policy | You implement and validate the purge logic yourself | Retention controls are often missing or manual | |
| Fit, ownership, and support | Built to your scope; source, git handover, and support window included | Full ownership but full maintenance and risk on your team | Generic fit; source may be obfuscated, support ticket-based |
No. This is a build-to-order product: ECOSIRE builds it to your compliance requirements and target Odoo version, then installs and supports it. It is not an existing apps.odoo.com download, and we never present it as software that already sits on a shelf.
Typical delivery is 2–4 weeks from a confirmed scope. The timeline depends on how many models you need audited, which events (create/read/write/unlink) each requires, your edition and version, and any SIEM/webhook integration. We agree the exact schedule at the end of the scoping call.
Pricing starts from $349 as an indicative from-price for a single-company base scope. After a short scoping call we assess the number of audited models, multi-company/multi-database needs, localization or regulatory mapping, and integration depth, then send a fixed written quote before any work begins. There is no hidden per-user fee.
Every build includes a post-go-live support window for defect fixes and configuration adjustments. Because you receive the full source and git repository, your team can maintain it independently, or you can retain ECOSIRE for ongoing support and for porting the module when you upgrade to a newer Odoo version.
The audit log is append-only: `ir.model.access.csv` grants no write or unlink rights and record rules block edits in the UI, so non-admin users cannot alter or delete entries and even admins cannot quietly rewrite history through the standard interface. Retention purges run only through the scheduled, configured cron so removal is policy-driven, not manual.
Yes. We build against your exact target — 17.0, 18.0, or 19.0, Community or Enterprise. Login-method capture and session handling differ between editions (Enterprise adds SSO/OAuth and MFA flows), so we tailor the authentication hooks and session viewer to your edition during the build.
Read logging is the heaviest event, which is why it is a per-model toggle rather than a global switch — you enable it only on the sensitive models that require it. We index the audit tables, batch writes where possible, and pair logging with the retention purge so the tables stay bounded. We tune the exact configuration with you during UAT on staging.
A made-to-order Odoo security console that records who logged in, what they changed, and who accessed sensitive records — with immutable audit trails, brute-force alerts, and one-click force logout. ECOSIRE builds, installs, and supports it for your Odoo 17, 18, or 19 database.