🚀 Feature: Global Access Log for Admins #341

New Issue

Closed

opened 2025-10-08 00:04:15 +03:00 by OVERLORD · 10 comments

OVERLORD commented 2025-10-08 00:04:15 +03:00

Owner

Copy Link

Originally created by @panteLx on GitHub.

Originally assigned to: @kmendell on GitHub.

Feature description

Hi,

what do you think about the idea of a global access log where admins of pocket id can see who logged in at what exact time and if the login was successful or failed.

Best wishes
panteL

Pitch

I think it would be cool to see the access data of all users as an admin, especially the failed once to check if some bots are trying to get into the accounts.

See authentik for examples. You can even see how many times the login failed, when it passes and many more things.

Originally created by @panteLx on GitHub. Originally assigned to: @kmendell on GitHub. ### Feature description Hi, what do you think about the idea of a global access log where admins of pocket id can see who logged in at what exact time and if the login was successful or failed. Best wishes panteL ### Pitch I think it would be cool to see the access data of all users as an admin, especially the failed once to check if some bots are trying to get into the accounts. See authentik for examples. You can even see how many times the login failed, when it passes and many more things.

OVERLORD added the feature label 2025-10-08 00:04:15 +03:00

OVERLORD closed this issue 2025-10-08 00:04:16 +03:00

OVERLORD commented 2025-10-08 00:04:18 +03:00

Author

Owner

Copy Link

@stonith404 commented on GitHub:

@kmendell Yeah I think this would be a bit an overkill because the logs can be viewed and organized with other tools.

@stonith404 commented on GitHub: @kmendell Yeah I think this would be a bit an overkill because the logs can be viewed and organized with other tools.

OVERLORD commented 2025-10-08 00:04:18 +03:00

Author

Owner

Copy Link

@stonith404 commented on GitHub:

Failed login attempts don't really make sense because it's impossible to brute force a passkey without a quantum computer.

Would it be useful to see the other events anyway as an admin?

@stonith404 commented on GitHub: Failed login attempts don't really make sense because it's impossible to brute force a passkey without a quantum computer. Would it be useful to see the other events anyway as an admin?

OVERLORD commented 2025-10-08 00:04:19 +03:00

Author

Owner

Copy Link

@kmendell commented on GitHub:

I had this idea awhile back, to have a Log Page in the UI to track When jobs run like ldap sync etc, though i talked my self out of it could it could add complexity or confusion to pocket-id

@kmendell commented on GitHub: I had this idea awhile back, to have a Log Page in the UI to track When jobs run like ldap sync etc, though i talked my self out of it could it could add complexity or confusion to pocket-id

OVERLORD commented 2025-10-08 00:04:19 +03:00

Author

Owner

Copy Link

@panteLx commented on GitHub:

Im just talking about a simple access log like the already existing one but a global one for admins where they can see a log of all users access attempts. Not something crazy like a log for LDAP sync :D

@panteLx commented on GitHub: Im just talking about a simple access log like the already existing one but a global one for admins where they can see a log of all users access attempts. Not something crazy like a log for LDAP sync :D

OVERLORD commented 2025-10-08 00:04:19 +03:00

Author

Owner

Copy Link

@kmendell commented on GitHub:

I could see how this is useful, especially for a bigger org use case though i can see some drawbacks as well...

@kmendell commented on GitHub: I could see how this is useful, especially for a bigger org use case though i can see some drawbacks as well...

OVERLORD commented 2025-10-08 00:04:20 +03:00

Author

Owner

Copy Link

@kmendell commented on GitHub:

I think for now the scope of this feature will be just a global audit log with the existing events that already are log per user.

• What makes Pocket ID unique besides passkeys is the simplicity of the UI, we wont want to (i use this term loosely) 'clutter' it up with logs and unnecessary ui elements, most of what is being asked outside of the global audit log, can be retrieved via the APi now, and i think that make be a better way of getting a lot of these "advanced" events.

@stonith404 Feel free to add anything to this or correct me if im wrong.

@kmendell commented on GitHub: I think for now the scope of this feature will be just a global audit log with the existing events that already are log per user. - What makes Pocket ID unique besides passkeys is the simplicity of the UI, we wont want to (i use this term loosely) 'clutter' it up with logs and unnecessary ui elements, most of what is being asked outside of the global audit log, can be retrieved via the APi now, and i think that make be a better way of getting a lot of these "advanced" events. @stonith404 Feel free to add anything to this or correct me if im wrong.

OVERLORD commented 2025-10-08 00:04:21 +03:00

Author

Owner

Copy Link

@nebula-it commented on GitHub:

Failed login attempts don't really make sense because it's impossible to brute force a passkey without a quantum computer.

IMO even if one cannot brute force passkey, its good for admin to have visibility into a potential brute force attack.

@nebula-it commented on GitHub: >Failed login attempts don't really make sense because it's impossible to brute force a passkey without a quantum computer. IMO even if one cannot brute force passkey, its good for admin to have visibility into a potential brute force attack.

OVERLORD commented 2025-10-08 00:04:21 +03:00

Author

Owner

Copy Link

@kmendell commented on GitHub:

It'd be nice to have some options for the event logging as well, say output to a log file, or even just have a standardised way of DB access for the events. I can imagine that bigger orgs would like to include user modification events into their SIEM.

@nikdoof For those type of events you can use the docker compose log exporter and you can export the logs to a seim like splunk, graylog etc. See below for a example of this.

    logging:
      driver: "gelf"
      options:
        gelf-address: "udp://graylog.example.com:12201"
        tag: "first-logs"

@kmendell commented on GitHub: > It'd be nice to have some options for the event logging as well, say output to a log file, or even just have a standardised way of DB access for the events. I can imagine that bigger orgs would like to include user modification events into their SIEM. @nikdoof For those type of events you can use the docker compose log exporter and you can export the logs to a seim like splunk, graylog etc. See below for a example of this. ```yaml logging: driver: "gelf" options: gelf-address: "udp://graylog.example.com:12201" tag: "first-logs" ```

OVERLORD commented 2025-10-08 00:04:22 +03:00

Author

Owner

Copy Link

@nikdoof commented on GitHub:

It'd be nice to have some options for the event logging as well, say output to a log file, or even just have a standardised way of DB access for the events. I can imagine that bigger orgs would like to include user modification events into their SIEM.

@nikdoof commented on GitHub: It'd be nice to have some options for the event logging as well, say output to a log file, or even just have a standardised way of DB access for the events. I can imagine that bigger orgs would like to include user modification events into their SIEM.

OVERLORD commented 2025-10-08 00:04:22 +03:00

Author

Owner

Copy Link

@kmendell commented on GitHub:

This was merged in: b65e693e12 , and should be available in the next release.

@kmendell commented on GitHub: This was merged in: https://github.com/pocket-id/pocket-id/commit/b65e693e12be2e7e4cb75a74d6fd43bacb3f6a94 , and should be available in the next release.

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

oidc-scopes

breaking/v2

i18n_crowdin

v2/use-item-component

default-env-db-keys

slog-gorm

v1.16.0

v1.15.0

v1.14.2

v1.14.1

v1.14.0

v1.13.1

v1.13.0

v1.12.0

v1.11.2

v1.11.1

v1.11.0

v1.10.0

v1.9.1

v1.9.0

v1.8.1

v1.8.0

v1.7.0

v1.6.4

v1.6.3

v1.6.2

v1.6.1

v1.6.0

v1.5.0

v1.4.1

v1.4.0

v1.3.1

v1.3.0

v1.2.0

v1.1.0

v1.0.0

v0.53.0

v0.52.0

v0.51.1

v0.51.0

v0.50.0

v0.49.0

v0.48.0

v0.47.0

v0.46.0

v0.45.0

v0.44.0

v0.43.1

v0.43.0

v0.42.1

v0.42.0

v0.41.0

v0.40.1

v0.40.0

v0.39.0

v0.38.0

v0.37.0

v0.36.0

v0.35.6

v0.35.5

v0.35.4

v0.35.3

v0.35.2

v0.35.1

v0.35.0

v0.34.0

v0.33.0

v0.32.0

v0.31.0

v0.30.0

v0.29.0

v0.28.1

v0.28.0

v0.27.2

v0.27.1

v0.27.0

v0.26.0

v0.25.1

v0.25.0

v0.24.1

v0.24.0

v0.23.0

v0.22.0

v0.21.0

v0.20.1

v0.20.0

v0.19.0

v0.18.0

v0.17.0

v0.16.0

v0.15.0

v0.14.0

v0.13.1

v0.13.0

v0.12.0

v0.11.0

v0.10.0

v0.9.0

v0.8.1

v0.8.0

v0.7.1

v0.7.0

v0.6.0

v0.5.3

v0.5.2

v0.5.1

v0.5.0

v0.4.1

v0.4.0

v0.3.1

v0.3.0

v0.2.1

v0.2.0

v0.1.3

v0.1.2

v0.1.1

v0.1.0

Labels

Clear labels

breaking

bug

documentation

feature

needs more upvotes

open to pull requests

pull-request

Mirrored from GitHub Pull Request

No Label feature

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

OVERLORD

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/pocket-id-pocket-id-1#341