Overview
- •Structured audits use
owen-it/laravel-auditing(driverdatabase, tableaudits) plustapp/filament-auditingfor UI. Audited events:created,updated,deleted,restored; timestamps are not logged; strict mode off; queue off; console auditing disabled. - •Every audited model also tracks
created_by_id/updated_by_idviaApp\Models\Traits\AuditsUser, resolving the authenticated user on create/update and exposingcreatedBy/updatedByrelations. - •Ad-hoc activity logging uses
App\Models\Traits\HasLogs(per-model helper) andApp\Models\Logfor action-level entries with IP, user agent, platform, browser, user type, and user ID (if authenticated).App\Models\Traits\HasLogging(SpatieLogsActivity) is included on most models to log all attributes by default. - •Avoid logging sensitive blobs/secrets by setting model-level
$auditExclude/$auditIncludeon OwenIt models and overridinggetActivitylogOptions()when Spatie log scope needs to change.
Implementing model audits (OwenIt)
- •Add to model:
use OwenIt\Auditing\Contracts\Auditable;anduse \OwenIt\Auditing\Auditable;thenimplements Auditableon the class. Keepuse AuditsUserso actors are captured. - •Ensure schema includes
created_by_id/updated_by_id(see existing models using auto-migration stubs) and the sharedauditstable migration exists (database/migrations/2025_07_01_163730_create_audits_table.php). - •If certain fields must be skipped (PII, large payloads), define
$auditExcludeor$auditIncludeon the model. Arrays are not logged unlessallowed_array_valuesis flipped on. - •The package resolves IP, user agent, and URL via the default resolvers; leave them as-is unless you need a custom resolver.
- •Keep Filament audit views consistent: rely on
tapp/filament-auditingdefaults (config/filament-auditing.phpuses lazy loading, sorted bycreated_at desc).
Example model (audits + manual action logs)
php
use App\Models\Traits\AuditsUser;
use App\Models\Traits\HasLogs;
use OwenIt\Auditing\Auditable;
use OwenIt\Auditing\Contracts\Auditable as AuditableContract;
class Invoice extends Model implements AuditableContract
{
use AuditsUser, HasLogs;
use Auditable; // OwenIt
protected $guarded = [];
protected $auditExclude = ['temporary_notes'];
public function markPaid(): void
{
$this->update(['status' => 'paid']);
$this->log('Invoice marked as paid');
}
}
Implementing action logs (custom Log model)
- •Add
use App\Models\Traits\HasLogs;to models that need manual action entries. Call$model->log('action text')to persist a log row with user context (IP, agent, platform, browser, human/bot) and the acting user when authenticated. - •
App\Models\Logstores entries via a morph (loggable_type/id) and prunes old rows usingprunable()(months defined byconfig('documents.prune_after')). - •Use
HasLogging(SpatieLogsActivity) when you want automatic attribute-level activity logs; overridegetActivitylogOptions()if you need narrower/expanded scope thanlogAll().
Displaying in Filament
- •To show actors on tables, reuse
App\Filament\Components\Tables\AuditColumn::createdBy()/updatedBy()for consistent labels/placeholders and email descriptions. - •For audit trails inside Filament resources, rely on the built-in audits relation manager provided by
tapp/filament-auditing(honors the config sorting/lazy settings).
Verification checklist
- •Create/update/delete/restore a record and confirm an
auditsrow exists with actor and context; ensure sensitive fields are excluded when required. - •Trigger
$model->log('...')and confirm alogsrow captures IP/user agent/platform/browser and the user (or null when unauthenticated). - •In Filament, verify audit columns show “Created By”/“Updated By” with placeholders (
System/Not updated yet) and emails in the description.