PHPackages                             zappzarapp/audit-logger - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Logging &amp; Monitoring](/categories/logging)
4. /
5. zappzarapp/audit-logger

ActiveLibrary[Logging &amp; Monitoring](/categories/logging)

zappzarapp/audit-logger
=======================

GDPR-compliant audit logging with injectable encryption, configurable storage, and tamper-proof checksums

v1.1.0(2mo ago)010[1 issues](https://github.com/marcstraube/zappzarapp-php-audit-logger/issues)MITPHPPHP ^8.4CI passing

Since Feb 15Pushed 3w agoCompare

[ Source](https://github.com/marcstraube/zappzarapp-php-audit-logger)[ Packagist](https://packagist.org/packages/zappzarapp/audit-logger)[ Docs](https://github.com/marcstraube/zappzarapp-php-audit-logger)[ RSS](/packages/zappzarapp-audit-logger/feed)WikiDiscussions master Synced today

READMEChangelog (2)Dependencies (28)Versions (24)Used By (0)

zappzarapp/audit-logger
=======================

[](#zappzarappaudit-logger)

[![Latest Version](https://camo.githubusercontent.com/69d3216621ba9fdf928cce9ec5d3ca1171ddaae01d01658e27816c815d30a204/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f762f7a6170707a61726170702f61756469742d6c6f676765722e737667)](https://packagist.org/packages/zappzarapp/audit-logger)[![PHP Version](https://camo.githubusercontent.com/c82c94c21345b9acbeca4a45f576699eccd823b7b14cdc430d8634d2a6a03e95/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f7068702d762f7a6170707a61726170702f61756469742d6c6f676765722e737667)](https://packagist.org/packages/zappzarapp/audit-logger)[![License](https://camo.githubusercontent.com/c37270fdd168cf60ee41fc39a67eeab2283dc30d2dfc48d0fdbe2b3cfde8debf/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f6c2f7a6170707a61726170702f61756469742d6c6f676765722e737667)](https://packagist.org/packages/zappzarapp/audit-logger)[![CI](https://github.com/marcstraube/zappzarapp-php-audit-logger/actions/workflows/ci.yml/badge.svg)](https://github.com/marcstraube/zappzarapp-php-audit-logger/actions/workflows/ci.yml)[![Socket Badge](https://camo.githubusercontent.com/60905d97dfff3bbbf302f9d70e1a38c5149213ecb930f6453b53ad726ce2be82/68747470733a2f2f62616467652e736f636b65742e6465762f636f6d706f7365722f7061636b6167652f7a6170707a61726170702f61756469742d6c6f67676572)](https://socket.dev/composer/package/zappzarapp/audit-logger)

GDPR-compliant audit logging for PHP with injectable encryption, configurable storage, and tamper-proof checksums.

Features
--------

[](#features)

- **GDPR compliant** - Supports Art. 15, 17, 30, 32, 33
- **Injectable encryption** - AppEncryption (AES-256-GCM) or DatabaseEncryption
- **Tamper-proof** - HMAC-SHA-256 checksums with `verify()` method
- **Configurable** - Custom table name, optional file logging
- **Null Object** - `NullAuditLogger` for environments without audit requirements
- **Zero dependencies** - Only requires `ext-pdo` (stdlib)
- **Both PostgreSQL and MariaDB** - Migration SQL included

Installation
------------

[](#installation)

```
composer require zappzarapp/audit-logger
```

Quick Start
-----------

[](#quick-start)

```
use Zappzarapp\AuditLogger\AuditLogger;
use Zappzarapp\AuditLogger\AuditLogEntry;

$auditLogger = new AuditLogger(
    pdo: $pdo,
    encryptionKey: $_ENV['ENCRYPTION_KEY'],
);

// Log a data access event
$auditLogger->log(new AuditLogEntry(
    action: 'user.view',
    entityType: 'user',
    entityId: 123,
    userId: $currentUserId,
    ipAddress: $request->getClientIp(),
    userAgent: $request->getUserAgent(),
));

// Log authentication
$auditLogger->logAuth(
    action: 'login.success',
    userId: $userId,
    ipAddress: $request->getClientIp(),
    userAgent: $request->getUserAgent(),
);

// Log admin action
$auditLogger->logAdmin(
    action: 'role.granted',
    adminUserId: $adminId,
    entityType: 'user',
    entityId: $targetUserId,
    data: ['role' => 'moderator'],
);

// Query logs
$logs = $auditLogger->getLogsForEntity('user', 123);
$userLogs = $auditLogger->getLogsForUser($userId);

// Verify integrity
foreach ($logs as $log) {
    if (!$auditLogger->verify($log)) {
        // Tampered entry detected!
    }
}
```

Configuration
-------------

[](#configuration)

```
use Zappzarapp\AuditLogger\AuditLogger;
use Zappzarapp\AuditLogger\Encryption\AppEncryption;
use Zappzarapp\AuditLogger\Encryption\DatabaseEncryption;

// Full configuration
$auditLogger = new AuditLogger(
    pdo: $pdo,
    encryptionKey: $_ENV['ENCRYPTION_KEY'],
    encryption: new AppEncryption(),    // default (AES-256-GCM in PHP)
    tableName: 'audit_logs',            // default table name
    logFilePath: '/var/log/audit.log',  // optional file logging (null = disabled)
);

// Using database-level encryption (for existing encrypt_text() setups)
$auditLogger = new AuditLogger(
    pdo: $pdo,
    encryptionKey: $_ENV['ENCRYPTION_KEY'],
    encryption: new DatabaseEncryption(),
);

// Disable audit logging (Null Object pattern)
$auditLogger = new NullAuditLogger();
```

> **Note:** File logging (`logFilePath`) does not include log rotation. Configure external rotation (e.g. `logrotate`) to prevent unbounded file growth.
>
> Example `/etc/logrotate.d/audit-logger`:
>
> ```
> /var/log/audit.log {
>     daily
>     rotate 90
>     compress
>     delaycompress
>     missingok
>     notifempty
>     copytruncate
> }
>
> ```

> **Note:** The library does not set query timeouts on the injected PDO connection. Configure timeouts at the connection level to prevent indefinite blocking:
>
> ```
> // PostgreSQL
> $pdo->exec('SET statement_timeout = 5000'); // 5 seconds
>
> // MariaDB / MySQL
> $pdo = new PDO($dsn, $user, $pass, [
>     PDO::ATTR_TIMEOUT => 5,
> ]);
> ```

Database Setup
--------------

[](#database-setup)

Apply the migration for your database:

- **PostgreSQL:** `migrations/postgresql/audit_logs.sql`
- **MariaDB:** `migrations/mariadb/audit_logs.sql`

Documentation
-------------

[](#documentation)

- [GDPR Compliance](docs/gdpr-compliance.md) - GDPR articles covered, purge/retention guidance
- [Database Encryption](docs/database-encryption.md) - Migration from DB-level encryption

Development
-----------

[](#development)

```
make install    # Install dependencies
make test       # Run tests
make analyse    # PHPStan static analysis
make cs-check   # Code style check
make check      # All quality checks
make check-full # Including mutation testing
```

License
-------

[](#license)

MIT

###  Health Score

44

—

FairBetter than 90% of packages

Maintenance91

Actively maintained with recent releases

Popularity5

Limited adoption so far

Community9

Small or concentrated contributor base

Maturity62

Established project with proven stability

 Bus Factor1

Top contributor holds 50% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~59 days

Total

2

Last Release

78d ago

### Community

Maintainers

![](https://www.gravatar.com/avatar/2251d276d4ad2322f19fb6b755a30a7280450b26534a8b1137cf8c2680daf8da?d=identicon)[marcstraube](/maintainers/marcstraube)

---

Top Contributors

[![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?v=4)](https://github.com/dependabot[bot] "dependabot[bot] (17 commits)")[![marcstraube](https://avatars.githubusercontent.com/u/52066916?v=4)](https://github.com/marcstraube "marcstraube (16 commits)")[![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?v=4)](https://github.com/github-actions[bot] "github-actions[bot] (1 commits)")

---

Tags

audit-logencryptiongdprphpsecurityloggingsecurityencryptionAuditphp8gdprcomplianceaudit-log

###  Code Quality

TestsPHPUnit

Static AnalysisPHPStan, Psalm, Rector

Code StylePHP CS Fixer

Type Coverage Yes

### Embed Badge

![Health badge](/badges/zappzarapp-audit-logger/health.svg)

```
[![Health](https://phpackages.com/badges/zappzarapp-audit-logger/health.svg)](https://phpackages.com/packages/zappzarapp-audit-logger)
```

###  Alternatives

[muhammadsadeeq/laravel-activitylog-ui

A beautiful, modern UI for Spatie's Activity Log with advanced filtering, analytics, and real-time features.

17717.0k](/packages/muhammadsadeeq-laravel-activitylog-ui)[bedezign/yii2-audit

Yii2 Audit records and displays web/cli requests, database changes, php/js errors and associated data.

202705.8k4](/packages/bedezign-yii2-audit)[tatter/audits

Lightweight object logging for CodeIgniter 4

1427.2k3](/packages/tatter-audits)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)
