See every action AI tools take in your Odoo system – what was asked, what happened, and how long it took.
Overview
Audit logs are your security camera for AI activity. Every time an AI tool searches records, creates a customer, runs a report, or even tests the connection, Odoo records a log entry.
This helps you answer questions like: “Did Claude change any invoices yesterday?” or “Why did the sales bot fail at 3 PM?” Logs are read-only – nobody can edit or delete them manually (old logs are removed automatically based on your retention settings).
How It Works
When an AI request arrives, Odoo captures:
- Which API key was used
- Which Odoo user the action ran as
- What type of request it was (e.g. search records, list models)
- A summary of the request and response
- Whether it succeeded or failed
- How long it took (in milliseconds)
- Where the request came from (IP address)
Logs appear in Odoo MCP Connection → Audit Logs. You can also open logs for a specific key from the key form’s Audit Logs stat button.
Old logs are automatically deleted after the number of days set in System Settings (default: 7 days).
Step-by-Step Guide
Go to Odoo MCP Connection → Audit Logs.
Browse the list – newest entries appear first. Use column headers to sort.
Click any row to open the full detail view.
Check Status – green Success or red Error.
Read Tool Name to see what the AI tried to do (e.g. search_records, create_record).
Review Request Payload and Response Summary for details.
If there was an error, read Error Message for the reason.
To filter by one key, open that API key and click the Audit Logs counter button.
Fields Table
| Field Name | Description | Example |
|---|---|---|
API Key |
Which key made this request |
Claude – Sales Read Only |
API Key Name |
Name of the key (stored for history even if key is deleted) |
Claude – Sales Read Only |
User |
Odoo user the action ran as |
Jane Smith |
Method |
Type of MCP request |
tools/call |
Tool Name |
Specific action performed |
search_records |
Request Payload |
Summary of what was sent (truncated if very long) |
Search partners with email containing “@acme.com” |
Response Summary |
Summary of what Odoo returned |
Found 12 records |
Duration (ms) |
How long the request took in milliseconds |
245 |
Status |
Whether the request succeeded or failed |
Success |
Error Message |
Explanation when status is Error |
Access denied for model account.move |
Remote Address |
IP address the request came from |
203.0.113.42 |
Request ID |
Unique identifier for this request |
req-abc123 |
Created On |
Date and time of the request |
12 Jun 2026, 2:15 PM |
Field Explanations
API Key & API Key Name
Links the log to a specific key. The name is saved even if you later delete the key, so historical reports stay meaningful.
User
Shows which Odoo account’s permissions were used. Useful when multiple keys share similar names but different users.
Method
The technical MCP method called. Most data actions show as tools/call.
Tool Name
The human-meaningful action – search, create, update, delete, pivot, export, etc. This is usually the most useful column for quick review.
Request Payload
What the AI asked for. May be shortened for very large requests. Check System Settings for the maximum stored length.
Response Summary
What Odoo sent back – record counts, success messages, or error hints.
Duration (ms)
Performance indicator. Sudden spikes may mean complex searches or server load issues.
Status
Success means the action completed. Error means it was blocked or failed – always check the error message.
Error Message
Plain-language reason for failure – permission denied, invalid data, rate limit exceeded, etc.
Remote Address
Helps verify requests come from expected locations, especially when using IP allowlists.
Request ID
Unique reference for support conversations. Quote this ID when asking your IT team to investigate.
Tips
- Run API Test on a key after changing permissions – the test also creates an audit log entry you can verify.
- Review audit logs weekly for unexpected tool names (especially create_record or delete_record) on read-only keys.
- Increase Audit Log Retention in Settings if you need compliance records longer than the default 7 days.
Common Mistakes
- Ignoring error logs: Repeated “Access denied” errors often mean permissions are too tight – or the AI is trying to reach data it should not.
- Expecting logs to stay forever: Logs are purged automatically. Export or archive important records before they expire if you need long-term compliance storage.
- Looking at the wrong key’s logs: Use the Audit Logs button on the specific API key form to avoid scrolling through unrelated activity.
Image
