An immutable, field-level audit trail for Odoo accounting — capturing who changed what, when, from which IP, with full before/after value diffs and tamper-evident locking your auditors can trust. Built to order, installed and supported by ECOSIRE. Built to order by ECOSIRE for Odoo 17, 18, 19 — indicative price from $349.00 USD; request a quote for a scoped proposal.

An immutable, field-level audit trail for Odoo accounting — capturing who changed what, when, from which IP, with full before/after value diffs and tamper-evident locking your auditors can trust. Built to order, installed and supported by ECOSIRE.
ابھی کوئی ادائیگی نہیں۔ یہ ہماری ٹیم کو قیمت کی درخواست بھیجتا ہے — ہم قیمت اور اگلے اقدامات کے ساتھ ای میل کے ذریعے رابطہ کریں گے۔
Every SoX, ISO 27001, or external-audit engagement eventually asks the same question your Odoo instance struggles to answer cleanly: "Who changed this journal entry, when, and what was the value before?" Odoo Enterprise ships base.audit.log (mail.thread chatter tracking) that records tracking = True field changes on a handful of models, but that coverage is inconsistent across accounting objects, is scattered per-record instead of centralized, and — crucially — is stored in ordinary writable tables that a user with the right access can edit or a write() can overwrite. Odoo Community has even less. For a controls environment you need a single, query-able, non-repudiable ledger of change, not a pile of chatter messages, and you need it to survive an auditor asking to export twelve months of modifications to a specific bank account or tax code.
Centralized `ecosire.audit.log` model capturing create/write/unlink across scoped accounting models instead of per-record chatter
ORM-level interception via `create()`/`write()`/`unlink()` overrides on `account.move`, `account.move.line`, `account.payment`, `account.account`, `account.tax` and partner bank details
Per-field before/after value diffs serialized as JSON, rendered human-readable (e.g. `amount_total`: 12,400 → 14,900) in views and reports
Actor capture: `res.users`, login, and role at time of change, resolved from `self.env.user`
Precise UTC timestamp plus source IP and session id pulled from the request context on every logged change
Tamper-evident hash chain — each row stores a SHA-256 over its payload plus the prior row's hash, so DB-level edits or deletions break the chain
ECOSIRE builds a dedicated audit-trail module that centralizes change capture across the accounting stack. We add an ecosire.audit.log model (models.Model) whose rows are written by ORM create/write/unlink overrides on the models that matter to your controls scope — typically account.move, account.move.line, account.payment, account.account, account.tax, and res.partner bank details. Each row stores the model, record id and display name, the acting res.users, a precise UTC timestamp, the source IP and session captured from the request context, the operation type, and a per-field old_value/new_value diff serialized as JSON. Field-level compute helpers (@api.depends-driven where a derived view is useful) render the diff into a readable QWeb report so an auditor sees "amount_total: 12,400.00 → 14,900.00" rather than raw JSON. Log rows are made tamper-evident: the model has no write/unlink access for any user (enforced via ir.model.access.csv granting create+read only, plus a record rule blocking edits), and each row carries a chained SHA-256 hash of the previous row so a deletion or in-place edit at the database level breaks the chain and is detectable on the verification report.
On top of capture we build the controls reporting auditors actually request: a segregation-of-duties report that flags where the same user both created and posted a journal entry, or both created a vendor and paid it; tamper-evident locking that hardens Odoo's posted-entry and fiscal-lock behavior with an explicit "sealed" state; and filtered exports (XLSX/PDF via QWeb) scoped by date, user, model, or record. The whole log is exposed read-only through the standard XML-RPC/JSON-RPC API so your GRC tooling or an external SIEM can pull it on a schedule. Optional automated actions / ir.cron jobs run the hash-chain verification nightly and email compliance if integrity is ever broken.
Because this is a controls module, it is build-to-order rather than a one-click marketplace install. We start with a short scoping call to fix exactly which models and fields fall inside your audit boundary, which SoD rules apply to your org chart, and your Odoo edition and version (17.0 / 18.0 / 19.0, Community or Enterprise). We then build against a copy of your configuration, validate on a staging database with your real chart of accounts, run UAT with your compliance team, and deploy behind a rollback plan. Typical delivery is 2–4 weeks from confirmed scope. You receive the full source, the git repository, and a support window after go-live.
Owns the controls narrative for financial reporting and needs a single, non-repudiable ledger of every accounting change plus ready-made segregation-of-duties evidence — not scattered chatter — to hand external auditors.
Needs to sample and export twelve months of changes to specific accounts, taxes, or bank details with actor, timestamp, IP, and before/after values, and to confirm the log itself has not been tampered with via the hash-chain verification.
Accountable for the integrity of journals and payments and wants tamper-evident locking on posted entries and alerts when the same person creates and approves an entry, without slowing down the team's daily posting workflow.
Responsible for the Odoo instance and its data governance; needs the audit log exposed read-only over JSON-RPC to feed a SIEM, an automated integrity check, and a clean access matrix that even admins cannot edit.
Buy the license on ecosire.com and download the Audit Trail & SoX Compliance Log module ZIP from your account dashboard.
Extract the ZIP into your Odoo custom addons folder on the server (or upload via Apps > Install from file on Odoo.sh / runbot).
Activate Developer Mode, open Apps, click Update Apps List, search for Audit Trail & SoX Compliance Log, and press Install.
Open the new menu, paste your ECOSIRE license key, connect any external credentials (Shopify, Amazon, Stripe, etc.), and save.
Run the built-in connection test, sync your first 10 records, and schedule the recurring cron. Contact support if anything fails.
| Criterion | ECOSIRE | Custom Build | Competitor | Odoo Native |
|---|---|---|---|---|
| Coverage across accounting models | Unified capture across journals, lines, payments, accounts, taxes, bank details | Whatever the in-house dev has time to instrument, often partial | Fixed model list set by the vendor, hard to extend | |
| Tamper evidence | SHA-256 hash chain + nightly integrity check flags any DB edit | Rarely built unless explicitly specified and budgeted | Usually none — logs sit in writable tables | |
| Immutability enforcement | Create+read-only access matrix and record rule blocking all edits | Depends on developer discipline | Typically standard read/write access | |
| Segregation-of-duties reporting | Built-in SoD report (same-user create-and-post, create-vendor-then-pay) | Bespoke build, extra effort each time | Seldom included | |
| Before/after value diffs | Field-level old→new JSON diffs rendered readable in QWeb | Possible but time-consuming to render cleanly | Varies; often just 'changed' with no old value | |
| External API / SIEM feed | Read-only XML-RPC/JSON-RPC access plus optional cron export | Only if scoped and built | Rarely designed for external consumption | |
| Version & edition fit | Built and tested for your exact 17/18/19, Community or Enterprise | Tied to whoever built it; upgrade risk | Generic build, may lag new Odoo releases | |
| Support & handover | Post-go-live support window + full git repo and docs | Knowledge often walks out with the developer | Vendor ticket queue, no source access |
Enterprise's `mail.thread` tracking records some field changes as chatter messages on individual records, with inconsistent coverage and in writable tables a user can edit. This module centralizes capture across the accounting models you designate into one read-only `ecosire.audit.log` with actor, timestamp, IP, before/after diffs, a tamper-evident SHA-256 hash chain, SoD reporting, and filtered exports — the controls-grade evidence auditors ask for. It works on both Community and Enterprise.
This is a build-to-order module, not an instant apps.odoo.com download. Typical delivery is 2–4 weeks from confirmed scope. The timeline depends on how many models and fields fall inside your audit boundary and how complex your segregation-of-duties rules are — we fix all of that on the scoping call before any build starts.
No — that is the point. Access is granted create+read only via `ir.model.access.csv`, and a record rule blocks write and unlink for every group, including admin. Each row also stores a SHA-256 hash chained to the previous row, so even a direct database edit or deletion breaks the chain and is flagged by the nightly integrity check. The log is designed to be non-repudiable.
No. Capture happens inside the ORM `create`/`write`/`unlink` methods on only the models in your defined boundary, writing a compact JSON diff — not a full record copy. Logging is scoped and configurable per model, so you audit the accounts, taxes, journals, and payments that matter without instrumenting the whole database. In practice the overhead is negligible for normal posting volumes.
We build for Odoo 17.0, 18.0, and 19.0, on both Community and Enterprise. Because ORM internals and some accounting fields differ across versions, we build and test against your specific version rather than shipping a single generic package — you receive source pinned to your target.
Every engagement includes a post-go-live support window for defect fixes and configuration tweaks. You also receive the full git repository, so your team or ours can maintain it. When you upgrade Odoo versions we can quote a migration to re-validate the ORM overrides and access rules against the new release; the audit data itself is preserved.
Yes. The log is exposed read-only over Odoo's XML-RPC and JSON-RPC API, so your SIEM, GRC tool, or a scheduled job can pull filtered change records. We can also configure an `ir.cron` export or webhook push as part of scope if you prefer the data delivered rather than polled.
An immutable, field-level audit trail for Odoo accounting — capturing who changed what, when, from which IP, with full before/after value diffs and tamper-evident locking your auditors can trust. Built to order, installed and supported by ECOSIRE.