Se rendre au contenu

Security & Compliance

Lynx Compliance - Audit Log (Hash-Chained, Tamper-Evident)

Hash-chained tamper-evident audit log. Append-only at the DB level. ORM hooks on core models, HMAC-signed REST ingest for Patrii Cloud backend events, SIEM forwarding.

Talk to sales See pricing

lynx_compliance_audit_log · v19.0.1.2.0 · Premium

What this solves

Lynx Compliance - Audit Log

The centralized, tamper-evident security audit log for the Lynx and Patrii Cloud stack: an append-only hash chain that satisfies ISO 27001 and SOC 2 Type II evidence requirements without bolting on a separate SIEM database.

Audit logs only count as evidence when they cannot be silently rewritten. This module records every sensitive action - logins, role changes, ACL edits, config changes, backend events from the Patrii FastAPI tier - into a single chained ledger. PostgreSQL grants are tightened so the Odoo role cannot UPDATE or DELETE existing rows, an admin verifier replays the chain on demand, and a cron forwards new events to your SIEM of record.

Key Features

  • Hash-chained ledger - every event stores sha256(previous_hash + canonical_json(row)) so any tamper invalidates every downstream hash.

  • DB-level append-only - post-install migration revokes UPDATE/DELETE on the audit table from the Odoo role, leaving only two delivery columns writable.

  • Concurrency-safe - PG advisory lock on insert serializes writers so the chain never forks under load.

  • ORM hooks - mixin auto-captures changes on res.users, res.groups, ir.rule, ir.model.access, ir.config_parameter.

  • Authentication audit - hook on credential check captures login success/failure with source IP and user agent.

  • HMAC-signed REST ingest - the Patrii Cloud backend streams its own request-pipeline events into the same chain.

  • SIEM forwarding - configurable syslog TCP/TLS forwarder (Wazuh by default) flushes new events on a cron.

  • verify_chain action - admin replay reports the first broken row and its ID for incident scoping.

Integrates With

  • lynx_compliance - audit events become live evidence linked to control assessments.

  • lynx_sign - signature events from CISO attestations land in the same chain.

  • External SIEM (Wazuh, Splunk, Elastic) - syslog TCP/TLS forwarding out of the box.

Depends on

lynx_compliance base web lynx_base mail spreadsheet_dashboard lynx_license_enforcer

Try Lynx Compliance - Audit Log (Hash-Chained, Tamper-Evident) on your team.

Free trial, no credit card. Talk to sales when you're ready.

Start free trial Browse all modules