General developer forum

Moodle has a really useful app-level log in the mdl_log tables. I am puzzled, though. What are the high-level goals for it?

As implemented, it seems to cover 'user activity' (read, post, etc) in the core modules. Logging in the other modules (those not maintained by the core team) is spotty.

Even stranger is the fact that administrative actions are not logged. Editing of user properties and passwords is tracked ok. User deletion is not logged -- I found this trying to figure out who the hell deleted a particular user. We could come up with quite a few actions under the /admin directory that should be logged, too.

This is of particular importance in large installations, where you are likely to have more than one person with admin rights to the moodle install. While they need to be trusted (and we trust them) having logs of the actions of an admin user is extremely useful.

So I open the field and ask: what should our logging look like? Specifically,

- what actions are important enough to warrant being logged?

- should we store skodak's sesskey with it?

If we provide this sort of logging, we need to make sure users cannot accidentally replay data-changing actions. The url with the sesskey prevents accidental replay... as long as you don't follow urls of your _own_ session.

Pre-hacking discussion anyone?