diff --git a/cmd/admin/handlers/get.go b/cmd/admin/handlers/get.go
index 965996d7..34d8c882 100644
--- a/cmd/admin/handlers/get.go
+++ b/cmd/admin/handlers/get.go
@@ -4,6 +4,7 @@ import (
 	"io"
 	"net/http"
 	"os"
+	"strings"
 
 	"github.com/jmpsec/osctrl/cmd/admin/sessions"
 	"github.com/jmpsec/osctrl/pkg/carves"
@@ -150,4 +151,6 @@ func (h *HandlersAdmin) CarvesDownloadHandler(w http.ResponseWriter, r *http.Req
 		fileReader, _ = os.Open(archived.File)
 		_, _ = io.Copy(w, fileReader)
 	}
+	// Audit log visit
+	h.AuditLog.Visit(ctx[sessions.CtxUser], r.URL.Path, strings.Split(r.RemoteAddr, ":")[0], env.ID)
 }
diff --git a/cmd/admin/handlers/handlers.go b/cmd/admin/handlers/handlers.go
index 771743b4..827bd0d5 100644
--- a/cmd/admin/handlers/handlers.go
+++ b/cmd/admin/handlers/handlers.go
@@ -2,6 +2,7 @@ package handlers
 
 import (
 	"github.com/jmpsec/osctrl/cmd/admin/sessions"
+	"github.com/jmpsec/osctrl/pkg/auditlog"
 	"github.com/jmpsec/osctrl/pkg/backend"
 	"github.com/jmpsec/osctrl/pkg/cache"
 	"github.com/jmpsec/osctrl/pkg/carves"
@@ -43,6 +44,7 @@ type HandlersAdmin struct {
 	OptimizedUI     bool
 	OsqueryTables   []types.OsqueryTable
 	AdminConfig     *config.JSONConfigurationService
+	AuditLog        *auditlog.AuditLogManager
 	DBLogger        *logging.LoggerDB
 	DebugHTTP       *zerolog.Logger
 	DebugHTTPConfig *config.DebugHTTPConfiguration
@@ -161,6 +163,12 @@ func WithAdminConfig(config *config.JSONConfigurationService) HandlersOption {
 	}
 }
 
+func WithAuditLog(auditLog *auditlog.AuditLogManager) HandlersOption {
+	return func(h *HandlersAdmin) {
+		h.AuditLog = auditLog
+	}
+}
+
 func WithDBLogger(dbfile string, config *backend.JSONConfigurationDB) HandlersOption {
 	return func(h *HandlersAdmin) {
 		if dbfile == "" {
diff --git a/cmd/admin/handlers/json-audit.go b/cmd/admin/handlers/json-audit.go
new file mode 100644
index 00000000..ec51a64b
--- /dev/null
+++ b/cmd/admin/handlers/json-audit.go
@@ -0,0 +1,79 @@
+package handlers
+
+import (
+	"fmt"
+	"net/http"
+
+	"github.com/jmpsec/osctrl/cmd/admin/sessions"
+	"github.com/jmpsec/osctrl/pkg/auditlog"
+	"github.com/jmpsec/osctrl/pkg/environments"
+	"github.com/jmpsec/osctrl/pkg/users"
+	"github.com/jmpsec/osctrl/pkg/utils"
+	"github.com/rs/zerolog/log"
+)
+
+// AuditLogJSON to be used to populate JSON data for audit logs
+type AuditLogJSON struct {
+	Service  string        `json:"service"`
+	Username string        `json:"username"`
+	Line     string        `json:"line"`
+	SourceIP string        `json:"sourceip"`
+	LogType  string        `json:"logtype"`
+	Severity string        `json:"severity"`
+	Env      string        `json:"environment"`
+	When     CreationTimes `json:"when"`
+}
+
+// ReturnedAudit to return a JSON with audit logs
+type ReturnedAudit struct {
+	Data []AuditLogJSON `json:"data"`
+}
+
+// JSONAuditLogHandler for audit logs in JSON
+func (h *HandlersAdmin) JSONAuditLogHandler(w http.ResponseWriter, r *http.Request) {
+	if h.DebugHTTPConfig.Enabled {
+		utils.DebugHTTPDump(h.DebugHTTP, r, h.DebugHTTPConfig.ShowBody)
+	}
+	// Get context data
+	ctx := r.Context().Value(sessions.ContextKey(sessions.CtxSession)).(sessions.ContextValue)
+	// Check permissions
+	if !h.Users.CheckPermissions(ctx[sessions.CtxUser], users.AdminLevel, users.NoEnvironment) {
+		adminErrorResponse(w, fmt.Sprintf("%s has insufficient permissions", ctx[sessions.CtxUser]), http.StatusForbidden, nil)
+		return
+	}
+	// Get all environments
+	envs, err := h.Envs.All()
+	if err != nil {
+		log.Err(err).Msg("error getting environments")
+		return
+	}
+	// Get audit logs
+	auditLogs, err := h.AuditLog.GetAll()
+	if err != nil {
+		log.Err(err).Msg("error getting audit logs")
+		return
+	}
+	// Prepare data to be returned
+	var auditLogsJSON []AuditLogJSON
+	for _, logEntry := range auditLogs {
+		auditLogsJSON = append(auditLogsJSON, AuditLogJSON{
+			Service:  logEntry.Service,
+			Username: logEntry.Username,
+			Line:     logEntry.Line,
+			SourceIP: logEntry.SourceIP,
+			LogType:  auditlog.LogTypeToString(logEntry.LogType),
+			Severity: auditlog.SeverityToString(logEntry.Severity),
+			Env:      environments.EnvironmentFinderID(logEntry.EnvironmentID, envs, false),
+			When: CreationTimes{
+				Display: utils.PastFutureTimes(logEntry.CreatedAt),
+				// Use Unix timestamp in seconds
+				Timestamp: utils.TimeTimestamp(logEntry.CreatedAt),
+			},
+		})
+	}
+	returned := ReturnedAudit{
+		Data: auditLogsJSON,
+	}
+	// Serve JSON
+	utils.HTTPResponse(w, utils.JSONApplicationUTF8, http.StatusOK, returned)
+}
diff --git a/cmd/admin/handlers/post.go b/cmd/admin/handlers/post.go
index f4a67a02..95a5595a 100644
--- a/cmd/admin/handlers/post.go
+++ b/cmd/admin/handlers/post.go
@@ -10,6 +10,7 @@ import (
 	"net/http"
 
 	"github.com/jmpsec/osctrl/cmd/admin/sessions"
+	"github.com/jmpsec/osctrl/pkg/auditlog"
 	"github.com/jmpsec/osctrl/pkg/handlers"
 	"github.com/jmpsec/osctrl/pkg/nodes"
 	"github.com/jmpsec/osctrl/pkg/queries"
@@ -45,7 +46,7 @@ func (h *HandlersAdmin) LoginPOSTHandler(w http.ResponseWriter, r *http.Request)
 		return
 	}
 	// Serialize and send response
-	log.Debug().Msg("Login response sent")
+	h.AuditLog.NewLogin(user.Username, strings.Split(r.RemoteAddr, ":")[0])
 	adminOKResponse(w, "/dashboard")
 }
 
@@ -74,7 +75,7 @@ func (h *HandlersAdmin) LogoutPOSTHandler(w http.ResponseWriter, r *http.Request
 		return
 	}
 	// Serialize and send response
-	log.Debug().Msg("Logout response sent")
+	h.AuditLog.NewLogout(ctx[sessions.CtxUser], strings.Split(r.RemoteAddr, ":")[0])
 	adminOKResponse(w, "OK")
 }
 
@@ -172,7 +173,7 @@ func (h *HandlersAdmin) QueryRunPOSTHandler(w http.ResponseWriter, r *http.Reque
 		}
 	}
 	// Serialize and send response
-	log.Debug().Msg("Query run response sent")
+	h.AuditLog.NewQuery(ctx[sessions.CtxUser], q.Query, strings.Split(r.RemoteAddr, ":")[0], env.ID)
 	adminOKResponse(w, "OK")
 }
 
@@ -262,7 +263,7 @@ func (h *HandlersAdmin) CarvesRunPOSTHandler(w http.ResponseWriter, r *http.Requ
 		return
 	}
 	// Serialize and send response
-	log.Debug().Msg("Carve run response sent")
+	h.AuditLog.NewCarve(ctx[sessions.CtxUser], c.Path, strings.Split(r.RemoteAddr, ":")[0], env.ID)
 	adminOKResponse(w, "OK")
 }
 
@@ -345,8 +346,7 @@ func (h *HandlersAdmin) QueryActionsPOSTHandler(w http.ResponseWriter, r *http.R
 		}
 		adminOKResponse(w, "queries delete successfully")
 	}
-	// Serialize and send response
-	log.Debug().Msg("Query run response sent")
+	h.AuditLog.QueryAction(ctx[sessions.CtxUser], q.Action, strings.Split(r.RemoteAddr, ":")[0], env.ID)
 }
 
 // CarvesActionsPOSTHandler - Handler for POST requests to carves
@@ -402,8 +402,7 @@ func (h *HandlersAdmin) CarvesActionsPOSTHandler(w http.ResponseWriter, r *http.
 		log.Debug().Msg("testing action")
 		adminOKResponse(w, "test successful")
 	}
-	// Serialize and send response
-	log.Debug().Msg("Carves action response sent")
+	h.AuditLog.CarveAction(ctx[sessions.CtxUser], q.Action, strings.Split(r.RemoteAddr, ":")[0], env.ID)
 }
 
 // ConfPOSTHandler for POST requests for saving configuration
@@ -466,8 +465,8 @@ func (h *HandlersAdmin) ConfPOSTHandler(w http.ResponseWriter, r *http.Request)
 			adminErrorResponse(w, "error saving configuration parts", http.StatusInternalServerError, err)
 			return
 		}
+		h.AuditLog.ConfAction(ctx[sessions.CtxUser], "update configuration", strings.Split(r.RemoteAddr, ":")[0], env.ID)
 		// Send response
-		log.Debug().Msg("Configuration response sent")
 		adminOKResponse(w, "configuration saved successfully")
 		return
 	}
@@ -489,8 +488,8 @@ func (h *HandlersAdmin) ConfPOSTHandler(w http.ResponseWriter, r *http.Request)
 			adminErrorResponse(w, "error updating configuration", http.StatusInternalServerError, err)
 			return
 		}
+		h.AuditLog.ConfAction(ctx[sessions.CtxUser], "update options", strings.Split(r.RemoteAddr, ":")[0], env.ID)
 		// Send response
-		log.Debug().Msg("Options response sent")
 		adminOKResponse(w, "options saved successfully")
 		return
 	}
@@ -512,8 +511,8 @@ func (h *HandlersAdmin) ConfPOSTHandler(w http.ResponseWriter, r *http.Request)
 			adminErrorResponse(w, "error updating configuration", http.StatusInternalServerError, err)
 			return
 		}
+		h.AuditLog.ConfAction(ctx[sessions.CtxUser], "update schedule", strings.Split(r.RemoteAddr, ":")[0], env.ID)
 		// Send response
-		log.Debug().Msg("Schedule response sent")
 		adminOKResponse(w, "schedule saved successfully")
 		return
 	}
@@ -535,8 +534,8 @@ func (h *HandlersAdmin) ConfPOSTHandler(w http.ResponseWriter, r *http.Request)
 			adminErrorResponse(w, "error updating configuration", http.StatusInternalServerError, err)
 			return
 		}
+		h.AuditLog.ConfAction(ctx[sessions.CtxUser], "update packs", strings.Split(r.RemoteAddr, ":")[0], env.ID)
 		// Send response
-		log.Debug().Msg("Packs response sent")
 		adminOKResponse(w, "packs saved successfully")
 		return
 	}
@@ -558,8 +557,8 @@ func (h *HandlersAdmin) ConfPOSTHandler(w http.ResponseWriter, r *http.Request)
 			adminErrorResponse(w, "error updating configuration", http.StatusInternalServerError, err)
 			return
 		}
+		h.AuditLog.ConfAction(ctx[sessions.CtxUser], "update decorators", strings.Split(r.RemoteAddr, ":")[0], env.ID)
 		// Send response
-		log.Debug().Msg("Decorators response sent")
 		adminOKResponse(w, "decorators saved successfully")
 		return
 	}
@@ -581,8 +580,8 @@ func (h *HandlersAdmin) ConfPOSTHandler(w http.ResponseWriter, r *http.Request)
 			adminErrorResponse(w, "error updating configuration", http.StatusInternalServerError, err)
 			return
 		}
+		h.AuditLog.ConfAction(ctx[sessions.CtxUser], "update ATC", strings.Split(r.RemoteAddr, ":")[0], env.ID)
 		// Send response
-		log.Debug().Msg("ATC response sent")
 		adminOKResponse(w, "ATC saved successfully")
 		return
 	}
@@ -644,8 +643,8 @@ func (h *HandlersAdmin) IntervalsPOSTHandler(w http.ResponseWriter, r *http.Requ
 		adminErrorResponse(w, "error updating flags", http.StatusInternalServerError, err)
 		return
 	}
+	h.AuditLog.ConfAction(ctx[sessions.CtxUser], "update intervals", strings.Split(r.RemoteAddr, ":")[0], env.ID)
 	// Serialize and send response
-	log.Debug().Msg("Intervals response sent")
 	adminOKResponse(w, "intervals saved successfully")
 }
 
@@ -741,8 +740,7 @@ func (h *HandlersAdmin) ExpirationPOSTHandler(w http.ResponseWriter, r *http.Req
 			adminOKResponse(w, "link set to not expire successfully")
 		}
 	}
-	// Serialize and send response
-	log.Debug().Msg("Expiration response sent")
+	h.AuditLog.ConfAction(ctx[sessions.CtxUser], fmt.Sprintf("%s:%s", e.Type, e.Action), strings.Split(r.RemoteAddr, ":")[0], env.ID)
 }
 
 // NodeActionsPOSTHandler for POST requests for multi node action
@@ -787,8 +785,7 @@ func (h *HandlersAdmin) NodeActionsPOSTHandler(w http.ResponseWriter, r *http.Re
 			return
 		}
 	}
-	// Serialize and send response
-	log.Debug().Msg("Multi-node action response sent")
+	h.AuditLog.NodeAction(ctx[sessions.CtxUser], m.Action, strings.Split(r.RemoteAddr, ":")[0], auditlog.NoEnvironment)
 }
 
 // EnvsPOSTHandler for POST request for /environments
@@ -878,8 +875,7 @@ func (h *HandlersAdmin) EnvsPOSTHandler(w http.ResponseWriter, r *http.Request)
 		}
 		adminOKResponse(w, "debug changed successfully")
 	}
-	// Serialize and send response
-	log.Debug().Msg("Environments response sent")
+	h.AuditLog.EnvAction(ctx[sessions.CtxUser], fmt.Sprintf("%s - %s", c.Action, c.Name), strings.Split(r.RemoteAddr, ":")[0], auditlog.NoEnvironment)
 }
 
 // SettingsPOSTHandler for POST request for /settings
@@ -963,8 +959,7 @@ func (h *HandlersAdmin) SettingsPOSTHandler(w http.ResponseWriter, r *http.Reque
 		}
 		adminOKResponse(w, "setting deleted successfully")
 	}
-	// Serialize and send response
-	log.Debug().Msg("Settings response sent")
+	h.AuditLog.SettingsAction(ctx[sessions.CtxUser], fmt.Sprintf("%s - %s", s.Action, s.Name), strings.Split(r.RemoteAddr, ":")[0])
 }
 
 // UsersPOSTHandler for POST request for /users
@@ -1112,8 +1107,7 @@ func (h *HandlersAdmin) UsersPOSTHandler(w http.ResponseWriter, r *http.Request)
 			adminOKResponse(w, "service changed successfully")
 		}
 	}
-	// Serialize and send response
-	log.Debug().Msg("Users response sent")
+	h.AuditLog.UserAction(ctx[sessions.CtxUser], fmt.Sprintf("%s - %s", u.Action, u.Username), strings.Split(r.RemoteAddr, ":")[0])
 }
 
 // TagsPOSTHandler for POST request for /tags
@@ -1205,8 +1199,7 @@ func (h *HandlersAdmin) TagsPOSTHandler(w http.ResponseWriter, r *http.Request)
 		}
 		adminOKResponse(w, "tag removed successfully")
 	}
-	// Serialize and send response
-	log.Debug().Msg("Tags response sent")
+	h.AuditLog.TagAction(ctx[sessions.CtxUser], fmt.Sprintf("%s - %s", t.Action, t.Name), strings.Split(r.RemoteAddr, ":")[0], env.ID)
 }
 
 // TagNodesPOSTHandler for POST request for /tags/nodes
@@ -1263,8 +1256,9 @@ func (h *HandlersAdmin) TagNodesPOSTHandler(w http.ResponseWriter, r *http.Reque
 			return
 		}
 	}
+	aMsg := fmt.Sprintf("tags processed: add %d, remove %d", len(t.TagsAdd), len(t.TagsRemove))
+	h.AuditLog.TagAction(ctx[sessions.CtxUser], aMsg, strings.Split(r.RemoteAddr, ":")[0], toBeProcessed[0].EnvironmentID)
 	// Serialize and send response
-	log.Debug().Msg("Tags response sent")
 	adminOKResponse(w, "tags processed successfully")
 }
 
@@ -1322,8 +1316,8 @@ func (h *HandlersAdmin) PermissionsPOSTHandler(w http.ResponseWriter, r *http.Re
 			return
 		}
 	}
+	h.AuditLog.UserAction(ctx[sessions.CtxUser], fmt.Sprintf("permissions - %s", usernameVar), strings.Split(r.RemoteAddr, ":")[0])
 	// Serialize and send response
-	log.Debug().Msg("Users response sent")
 	adminOKResponse(w, "permissions updated successfully")
 }
 
@@ -1423,8 +1417,8 @@ func (h *HandlersAdmin) EnrollPOSTHandler(w http.ResponseWriter, r *http.Request
 			}
 		}
 	}
+	h.AuditLog.EnvAction(ctx[sessions.CtxUser], fmt.Sprintf("%s - %s", e.Action, env.Name), strings.Split(r.RemoteAddr, ":")[0], env.ID)
 	// Serialize and send response
-	log.Debug().Msg("Configuration response sent")
 	adminOKResponse(w, "enroll data saved")
 }
 
@@ -1491,8 +1485,7 @@ func (h *HandlersAdmin) EditProfilePOSTHandler(w http.ResponseWriter, r *http.Re
 		}
 		adminOKResponse(w, "profiled updated successfully")
 	}
-	// Serialize and send response
-	log.Debug().Msg("Edit profile response sent")
+	h.AuditLog.UserAction(ctx[sessions.CtxUser], fmt.Sprintf("%s - %s", u.Action, u.Username), strings.Split(r.RemoteAddr, ":")[0])
 }
 
 // SavedQueriesPOSTHandler for POST requests to save queries
@@ -1520,6 +1513,4 @@ func (h *HandlersAdmin) SavedQueriesPOSTHandler(w http.ResponseWriter, r *http.R
 	case "edit":
 		adminOKResponse(w, "query saved successfully")
 	}
-	// Serialize and send response
-	log.Debug().Msg("Saved query response sent")
 }
diff --git a/cmd/admin/handlers/templates.go b/cmd/admin/handlers/templates.go
index 54fd0bf9..32ac875b 100644
--- a/cmd/admin/handlers/templates.go
+++ b/cmd/admin/handlers/templates.go
@@ -9,6 +9,7 @@ import (
 	"strings"
 
 	"github.com/jmpsec/osctrl/cmd/admin/sessions"
+	"github.com/jmpsec/osctrl/pkg/auditlog"
 	"github.com/jmpsec/osctrl/pkg/carves"
 	"github.com/jmpsec/osctrl/pkg/environments"
 	"github.com/jmpsec/osctrl/pkg/nodes"
@@ -37,7 +38,6 @@ var validTarget = map[string]bool{
 }
 
 // TemplateMetadata - Helper to prepare template metadata
-// TODO until a better implementation, all users are admin
 func (h *HandlersAdmin) TemplateMetadata(ctx sessions.ContextValue, metadata types.BuildMetadata, admin bool) TemplateMetadata {
 	return TemplateMetadata{
 		Username:  ctx[sessions.CtxUser],
@@ -88,7 +88,7 @@ func (h *HandlersAdmin) LoginHandler(w http.ResponseWriter, r *http.Request) {
 		log.Err(err).Msg("template error")
 		return
 	}
-	log.Debug().Msg("Login template served")
+	h.AuditLog.Visit("anonymous", r.URL.Path, strings.Split(r.RemoteAddr, ":")[0], settings.NoEnvironmentID)
 }
 
 // EnvironmentHandler for environment view of the table
@@ -169,7 +169,8 @@ func (h *HandlersAdmin) EnvironmentHandler(w http.ResponseWriter, r *http.Reques
 		log.Err(err).Msg("template error")
 		return
 	}
-	log.Debug().Msg("Environment table template served")
+	// Audit log visit
+	h.AuditLog.Visit(ctx[sessions.CtxUser], r.URL.Path, strings.Split(r.RemoteAddr, ":")[0], env.ID)
 }
 
 // QueryRunGETHandler for GET requests to run queries
@@ -269,7 +270,8 @@ func (h *HandlersAdmin) QueryRunGETHandler(w http.ResponseWriter, r *http.Reques
 		log.Err(err).Msg("template error")
 		return
 	}
-	log.Debug().Msg("Query run template served")
+	// Audit log visit
+	h.AuditLog.Visit(ctx[sessions.CtxUser], r.URL.Path, strings.Split(r.RemoteAddr, ":")[0], env.ID)
 }
 
 // QueryListGETHandler for GET requests to queries
@@ -339,7 +341,8 @@ func (h *HandlersAdmin) QueryListGETHandler(w http.ResponseWriter, r *http.Reque
 		log.Err(err).Msg("template error")
 		return
 	}
-	log.Debug().Msg("Query list template served")
+	// Audit log visit
+	h.AuditLog.Visit(ctx[sessions.CtxUser], r.URL.Path, strings.Split(r.RemoteAddr, ":")[0], env.ID)
 }
 
 // SavedQueriesGETHandler for GET requests to queries
@@ -403,7 +406,8 @@ func (h *HandlersAdmin) SavedQueriesGETHandler(w http.ResponseWriter, r *http.Re
 		log.Err(err).Msg("template error")
 		return
 	}
-	log.Debug().Msg("Query list template served")
+	// Audit log visit
+	h.AuditLog.Visit(ctx[sessions.CtxUser], r.URL.Path, strings.Split(r.RemoteAddr, ":")[0], env.ID)
 }
 
 // CarvesRunGETHandler for GET requests to run file carves
@@ -497,7 +501,8 @@ func (h *HandlersAdmin) CarvesRunGETHandler(w http.ResponseWriter, r *http.Reque
 		log.Err(err).Msg("template error")
 		return
 	}
-	log.Debug().Msg("Query run template served")
+	// Audit log visit
+	h.AuditLog.Visit(ctx[sessions.CtxUser], r.URL.Path, strings.Split(r.RemoteAddr, ":")[0], env.ID)
 }
 
 // CarvesListGETHandler for GET requests to carves
@@ -568,7 +573,8 @@ func (h *HandlersAdmin) CarvesListGETHandler(w http.ResponseWriter, r *http.Requ
 		log.Err(err).Msg("template error")
 		return
 	}
-	log.Debug().Msg("Carve list template served")
+	// Audit log visit
+	h.AuditLog.Visit(ctx[sessions.CtxUser], r.URL.Path, strings.Split(r.RemoteAddr, ":")[0], env.ID)
 }
 
 // QueryLogsHandler for GET requests to see query results by name
@@ -658,7 +664,8 @@ func (h *HandlersAdmin) QueryLogsHandler(w http.ResponseWriter, r *http.Request)
 		log.Err(err).Msg("template error")
 		return
 	}
-	log.Debug().Msg("Query logs template served")
+	// Audit log visit
+	h.AuditLog.Visit(ctx[sessions.CtxUser], r.URL.Path, strings.Split(r.RemoteAddr, ":")[0], env.ID)
 }
 
 // CarvesDetailsHandler for GET requests to see carves details by name
@@ -763,7 +770,8 @@ func (h *HandlersAdmin) CarvesDetailsHandler(w http.ResponseWriter, r *http.Requ
 		log.Err(err).Msg("template error")
 		return
 	}
-	log.Debug().Msg("Carve details template served")
+	// Audit log visit
+	h.AuditLog.Visit(ctx[sessions.CtxUser], r.URL.Path, strings.Split(r.RemoteAddr, ":")[0], env.ID)
 }
 
 // ConfGETHandler for GET requests for /conf
@@ -834,7 +842,8 @@ func (h *HandlersAdmin) ConfGETHandler(w http.ResponseWriter, r *http.Request) {
 		log.Err(err).Msg("template error")
 		return
 	}
-	log.Debug().Msg("Conf template served")
+	// Audit log visit
+	h.AuditLog.Visit(ctx[sessions.CtxUser], r.URL.Path, strings.Split(r.RemoteAddr, ":")[0], env.ID)
 }
 
 // EnrollGETHandler for GET requests for /enroll
@@ -929,7 +938,8 @@ func (h *HandlersAdmin) EnrollGETHandler(w http.ResponseWriter, r *http.Request)
 		log.Err(err).Msg("template error")
 		return
 	}
-	log.Debug().Msg("Enroll template served")
+	// Audit log visit
+	h.AuditLog.Visit(ctx[sessions.CtxUser], r.URL.Path, strings.Split(r.RemoteAddr, ":")[0], env.ID)
 }
 
 // EnrollGETHandler for GET requests for /enroll
@@ -1007,6 +1017,8 @@ func (h *HandlersAdmin) EnrollDownloadHandler(w http.ResponseWriter, r *http.Req
 	utils.HTTPDownload(w, description, fName, int64(len(toDownload)))
 	w.WriteHeader(http.StatusOK)
 	_, _ = io.Copy(w, bytes.NewReader(toDownload))
+	// Audit log visit
+	h.AuditLog.Visit(ctx[sessions.CtxUser], r.URL.Path, strings.Split(r.RemoteAddr, ":")[0], env.ID)
 }
 
 // NodeHandler for node view
@@ -1126,7 +1138,8 @@ func (h *HandlersAdmin) NodeHandler(w http.ResponseWriter, r *http.Request) {
 		log.Err(err).Msg("template error")
 		return
 	}
-	log.Debug().Msg("Node template served")
+	// Audit log visit
+	h.AuditLog.Visit(ctx[sessions.CtxUser], r.URL.Path, strings.Split(r.RemoteAddr, ":")[0], env.ID)
 }
 
 // EnvsGETHandler for GET requests for /env
@@ -1170,7 +1183,8 @@ func (h *HandlersAdmin) EnvsGETHandler(w http.ResponseWriter, r *http.Request) {
 		log.Err(err).Msg("template error")
 		return
 	}
-	log.Debug().Msg("Environments template served")
+	// Audit log visit
+	h.AuditLog.Visit(ctx[sessions.CtxUser], r.URL.Path, strings.Split(r.RemoteAddr, ":")[0], auditlog.NoEnvironment)
 }
 
 // SettingsGETHandler for GET requests for /settings
@@ -1244,7 +1258,8 @@ func (h *HandlersAdmin) SettingsGETHandler(w http.ResponseWriter, r *http.Reques
 		log.Err(err).Msg("template error")
 		return
 	}
-	log.Debug().Msg("Settings template served")
+	// Audit log visit
+	h.AuditLog.Visit(ctx[sessions.CtxUser], r.URL.Path, strings.Split(r.RemoteAddr, ":")[0], auditlog.NoEnvironment)
 }
 
 // UsersGETHandler for GET requests for /users
@@ -1307,7 +1322,8 @@ func (h *HandlersAdmin) UsersGETHandler(w http.ResponseWriter, r *http.Request)
 		log.Err(err).Msg("template error")
 		return
 	}
-	log.Debug().Msg("Users template served")
+	// Audit log visit
+	h.AuditLog.Visit(ctx[sessions.CtxUser], r.URL.Path, strings.Split(r.RemoteAddr, ":")[0], auditlog.NoEnvironment)
 }
 
 // UsersTokensGETHandler for GET requests for /users/tokens
@@ -1362,7 +1378,8 @@ func (h *HandlersAdmin) UsersTokensGETHandler(w http.ResponseWriter, r *http.Req
 		log.Err(err).Msg("template error")
 		return
 	}
-	log.Debug().Msg("Users template served")
+	// Audit log visit
+	h.AuditLog.Visit(ctx[sessions.CtxUser], r.URL.Path, strings.Split(r.RemoteAddr, ":")[0], auditlog.NoEnvironment)
 }
 
 // TagsGETHandler for GET requests for /tags
@@ -1420,7 +1437,8 @@ func (h *HandlersAdmin) TagsGETHandler(w http.ResponseWriter, r *http.Request) {
 		log.Err(err).Msg("template error")
 		return
 	}
-	log.Debug().Msg("Tags template served")
+	// Audit log visit
+	h.AuditLog.Visit(ctx[sessions.CtxUser], r.URL.Path, strings.Split(r.RemoteAddr, ":")[0], auditlog.NoEnvironment)
 }
 
 // EditProfileGETHandler for user profile edit
@@ -1476,7 +1494,8 @@ func (h *HandlersAdmin) EditProfileGETHandler(w http.ResponseWriter, r *http.Req
 		log.Err(err).Msg("template error")
 		return
 	}
-	log.Debug().Msg("Profile template served")
+	// Audit log visit
+	h.AuditLog.Visit(ctx[sessions.CtxUser], r.URL.Path, strings.Split(r.RemoteAddr, ":")[0], auditlog.NoEnvironment)
 }
 
 // DashboardGETHandler for dashboard page
@@ -1537,5 +1556,56 @@ func (h *HandlersAdmin) DashboardGETHandler(w http.ResponseWriter, r *http.Reque
 		log.Err(err).Msg("template error")
 		return
 	}
-	log.Debug().Msg("Dashboard template served")
+	// Audit log visit
+	h.AuditLog.Visit(ctx[sessions.CtxUser], r.URL.Path, strings.Split(r.RemoteAddr, ":")[0], auditlog.NoEnvironment)
+}
+
+// AuditLogsGETHandler for GET requests for /audit-logs
+func (h *HandlersAdmin) AuditLogsGETHandler(w http.ResponseWriter, r *http.Request) {
+	if h.DebugHTTPConfig.Enabled {
+		utils.DebugHTTPDump(h.DebugHTTP, r, h.DebugHTTPConfig.ShowBody)
+	}
+	// Get context data
+	ctx := r.Context().Value(sessions.ContextKey(sessions.CtxSession)).(sessions.ContextValue)
+	// Check permissions
+	if !h.Users.CheckPermissions(ctx[sessions.CtxUser], users.AdminLevel, users.NoEnvironment) {
+		log.Info().Msgf("%s has insufficient permissions", ctx[sessions.CtxUser])
+		return
+	}
+	// Custom functions to handle formatting
+	funcMap := template.FuncMap{
+		"pastFutureTimes": utils.PastFutureTimes,
+		"inFutureTime":    utils.InFutureTime,
+	}
+	// Prepare template
+	tempateFiles := h.NewTemplateFiles(h.TemplatesFolder, "audit.html").filepaths
+	t, err := template.New("audit.html").Funcs(funcMap).ParseFiles(tempateFiles...)
+	if err != nil {
+		log.Err(err).Msg("error getting audit log template")
+		return
+	}
+	// Get stats for all environments
+	envAll, err := h.Envs.All()
+	if err != nil {
+		log.Err(err).Msg("error getting environments")
+		return
+	}
+	// Get if the user is admin
+	user, err := h.Users.Get(ctx[sessions.CtxUser])
+	if err != nil {
+		log.Err(err).Msg("error getting user")
+		return
+	}
+	// Prepare template data
+	templateData := AuditLogTemplateData{
+		Title:        "Audit logs for all environments",
+		Metadata:     h.TemplateMetadata(ctx, h.ServiceMetadata, user.Admin),
+		Environments: h.allowedEnvironments(ctx[sessions.CtxUser], envAll),
+	}
+	if err := t.Execute(w, templateData); err != nil {
+		log.Err(err).Msg("template error")
+		return
+	}
+	// Audit log visit
+	h.AuditLog.Visit(ctx[sessions.CtxUser], r.URL.Path, strings.Split(r.RemoteAddr, ":")[0], auditlog.NoEnvironment)
 }
diff --git a/cmd/admin/handlers/tokens.go b/cmd/admin/handlers/tokens.go
index 4d2e06b4..494d0121 100644
--- a/cmd/admin/handlers/tokens.go
+++ b/cmd/admin/handlers/tokens.go
@@ -4,8 +4,10 @@ import (
 	"encoding/json"
 	"fmt"
 	"net/http"
+	"strings"
 
 	"github.com/jmpsec/osctrl/cmd/admin/sessions"
+	"github.com/jmpsec/osctrl/pkg/auditlog"
 	"github.com/jmpsec/osctrl/pkg/users"
 	"github.com/jmpsec/osctrl/pkg/utils"
 	"github.com/rs/zerolog/log"
@@ -50,6 +52,8 @@ func (h *HandlersAdmin) TokensGETHandler(w http.ResponseWriter, r *http.Request)
 			ExpiresTS: utils.TimeTimestamp(user.TokenExpire),
 		}
 	}
+	// Audit log visit
+	h.AuditLog.Visit(ctx[sessions.CtxUser], r.URL.Path, strings.Split(r.RemoteAddr, ":")[0], auditlog.NoEnvironment)
 	// Serve JSON
 	utils.HTTPResponse(w, utils.JSONApplicationUTF8, http.StatusOK, returned)
 }
@@ -105,6 +109,8 @@ func (h *HandlersAdmin) TokensPOSTHandler(w http.ResponseWriter, r *http.Request
 		ExpirationTS: utils.TimeTimestamp(exp),
 		Expiration:   utils.PastFutureTimes(exp),
 	}
+	// Audit log token creation
+	h.AuditLog.NewToken(ctx[sessions.CtxUser], strings.Split(r.RemoteAddr, ":")[0])
 	// Serialize and serve JSON
 	utils.HTTPResponse(w, utils.JSONApplicationUTF8, http.StatusOK, response)
 }
diff --git a/cmd/admin/handlers/types-templates.go b/cmd/admin/handlers/types-templates.go
index e3f71581..ec037197 100644
--- a/cmd/admin/handlers/types-templates.go
+++ b/cmd/admin/handlers/types-templates.go
@@ -229,6 +229,14 @@ type TagsTemplateData struct {
 	LeftMetadata AsideLeftMetadata
 }
 
+// AuditLogTemplateData for passing data to the audit log template
+type AuditLogTemplateData struct {
+	Title        string
+	Environments []environments.TLSEnvironment
+	Metadata     TemplateMetadata
+	LeftMetadata AsideLeftMetadata
+}
+
 // NodeTemplateData for passing data to the query template
 type NodeTemplateData struct {
 	Title         string
diff --git a/cmd/admin/main.go b/cmd/admin/main.go
index 0e1750f9..ba5dd1d0 100644
--- a/cmd/admin/main.go
+++ b/cmd/admin/main.go
@@ -14,6 +14,7 @@ import (
 	"github.com/crewjam/saml/samlsp"
 	"github.com/jmpsec/osctrl/cmd/admin/handlers"
 	"github.com/jmpsec/osctrl/cmd/admin/sessions"
+	"github.com/jmpsec/osctrl/pkg/auditlog"
 	"github.com/jmpsec/osctrl/pkg/backend"
 	"github.com/jmpsec/osctrl/pkg/cache"
 	"github.com/jmpsec/osctrl/pkg/carves"
@@ -98,6 +99,7 @@ var (
 	// FIXME this is nasty and should not be a global but here we are
 	osqueryTables []types.OsqueryTable
 	handlersAdmin *handlers.HandlersAdmin
+	auditLog      *auditlog.AuditLogManager
 )
 
 // SAML variables
@@ -302,6 +304,12 @@ func osctrlAdminService() {
 		}
 	}
 
+	// Initialize audit log manager
+	auditLog, err = auditlog.CreateAuditLogManager(db.Conn, serviceName, flagParams.AuditLog)
+	if err != nil {
+		log.Fatal().Msgf("Error initializing audit log manager - %v", err)
+	}
+
 	// Initialize Admin handlers before router
 	log.Info().Msg("Initializing handlers")
 	handlersAdmin = handlers.CreateHandlersAdmin(
@@ -327,6 +335,7 @@ func osctrlAdminService() {
 		handlers.WithCarvesFolder(flagParams.CarvedDir),
 		handlers.WithOptimizedUI(flagParams.OptimizeUI),
 		handlers.WithAdminConfig(&flagParams.ConfigValues),
+		handlers.WithAuditLog(auditLog),
 		handlers.WithDBLogger(flagParams.LoggerFile, loggerDBConfig),
 		handlers.WithDebugHTTP(&flagParams.DebugHTTPValues),
 	)
@@ -397,6 +406,12 @@ func osctrlAdminService() {
 	adminMux.Handle(
 		"GET /json/tags",
 		handlerAuthCheck(http.HandlerFunc(handlersAdmin.JSONTagsHandler), flagParams.ConfigValues.Auth))
+	// Admin: JSON data for audit logs
+	if flagParams.AuditLog {
+		adminMux.Handle(
+			"GET /json/audit-logs",
+			handlerAuthCheck(http.HandlerFunc(handlersAdmin.JSONAuditLogHandler), flagParams.ConfigValues.Auth))
+	}
 	// Admin: table for environments
 	adminMux.Handle(
 		"GET /environment/{env}/{target}",
@@ -541,6 +556,12 @@ func osctrlAdminService() {
 	adminMux.Handle(
 		"POST /profile",
 		handlerAuthCheck(http.HandlerFunc(handlersAdmin.EditProfilePOSTHandler), flagParams.ConfigValues.Auth))
+	// Admin: audit logs
+	if flagParams.AuditLog {
+		adminMux.Handle(
+			"GET /audit-logs",
+			handlerAuthCheck(http.HandlerFunc(handlersAdmin.AuditLogsGETHandler), flagParams.ConfigValues.Auth))
+	}
 	// Admin: dashboard and search bar
 	adminMux.Handle(
 		"GET /dashboard",
diff --git a/cmd/admin/templates/audit.html b/cmd/admin/templates/audit.html
new file mode 100644
index 00000000..15291dd4
--- /dev/null
+++ b/cmd/admin/templates/audit.html
@@ -0,0 +1,179 @@
+<!DOCTYPE html>
+<html lang="en">
+
+  {{ $metadata := .Metadata }}
+  {{ $leftmeta := .LeftMetadata }}
+
+  {{ template "page-head" . }}
+
+  <body class="app header-fixed sidebar-fixed sidebar-lg-show">
+
+    {{ template "page-header" . }}
+
+    <div class="app-body">
+
+      {{ template "page-aside-left" . }}
+
+      <main class="main">
+
+        <div class="container-fluid">
+
+          <div class="animated fadeIn">
+
+
+            <div class="card mt-2">
+              <div class="card-header">
+                <i class="fas fa-id-card"></i> Audit Logs
+                <div class="card-header-actions">
+                  <small>Refresh in <span id="refresh_seconds">30</span> seconds</small>
+                  <button id="refresh_pause" class="btn btn-sm btn-outline-dark" data-tooltip="true" data-placement="bottom" title="Pause refresh" onclick="changeTableRefresh('refresh_value', 'refresh_pause');">
+                    <i class="fas fa-pause"></i>
+                  </button>
+                  <button class="btn btn-sm btn-outline-primary" data-tooltip="true" data-placement="bottom" title="Refresh nodes" onclick="refreshTableNow('tableAudit');">
+                    <i class="fas fa-sync-alt"></i>
+                  </button>
+                </div>
+              </div>
+              <div class="card-body table-responsive" style="width:100%;">
+                <table id="tableAudit" class="table table-bordered table-striped" style="width:100%;">
+                  <input type="hidden" id="refresh_value" value="yes" />
+                  <thead>
+                    <tr>
+                      <th>Service</th>
+                      <th>User</th>
+                      <th>Log</th>
+                      <th>IP Address</th>
+                      <th>LogType</th>
+                      <th>Severity</th>
+                      <th>Environment</th>
+                      <th>When</th>
+                    </tr>
+                  </thead>
+                </table>
+              </div>
+            </div>
+
+          {{ template "page-modals" . }}
+
+        </div>
+
+      </main>
+
+      {{ if $metadata.Admin }}
+        {{ template "page-aside-right" . }}
+      {{ end }}
+
+    </div>
+
+    {{ template "page-js" . }}
+
+    <!-- custom JS -->
+    <script src="/static/js/tables.js"></script>
+    <script type="text/javascript">
+      $(document).ready(function() {
+        $.fn.dataTable.ext.errMode = function(settings, helpPage, message) {
+          console.log(message);
+          $('.card-header').addClass("bg-danger");
+        };
+        $.fn.dataTable.ext.ajax;
+        var tableAudit = $('#tableAudit').DataTable({
+          pageLength : 25,
+          paging: true,
+          searching : true,
+          processing : true,
+          order : [[ 7, "desc" ]],
+          scrollX: true,
+          initComplete : function(settings, json) {
+            $('.card-header').removeClass("bg-danger");
+          },
+          ajax : {
+            url: "/json/audit-logs",
+            dataSrc: function(json) {
+              $('.card-header').removeClass("bg-danger");
+              return json.data;
+            },
+            error: function(xhr, error, code) {
+              $('.card-header').addClass("bg-danger");
+              console.log("Error: " + error);
+              console.log("Error code: " + code);
+              console.log("Error response: " + xhr.responseText);
+            }
+          },
+          columns : [
+            {"data" : "service"},
+            {"data" : "username"},
+            {"data" : "line"},
+            {"data" : "sourceip"},
+            {"data" : "logtype"},
+            {"data" : "severity"},
+            {"data" : "environment"},
+            {"data" : {
+                _:    "when.display",
+                sort: "when.timestamp"
+              }
+            }
+          ],
+          columnDefs: [
+            {
+              targets: 0,
+              data: 'service',
+              width: '10%'
+            },{
+              targets: 1,
+              data: 'username',
+              width: '10%'
+            },{
+              targets: 2,
+              data: 'line',
+              width: '25%'
+            },{
+              targets: 3,
+              data: 'sourceip',
+              width: '10%'
+            },{
+              targets: 4,
+              data: 'logtype',
+              width: '10%'
+            },{
+              targets: 5,
+              data: 'severity',
+              width: '10%'
+            },{
+              targets: 6,
+              data: 'environment',
+              width: '10%'
+            },{
+              targets: 7,
+              data: 'when',
+              width: '15%'
+            }
+          ]
+        });
+
+        // Enable all tooltips
+        $('[data-tooltip="true"]').tooltip({trigger : 'hover'});
+
+        // Display the number of seconds left and refresh
+        var refreshSeconds = 30;
+        var timeleft = refreshSeconds;
+        var tableTimer = setInterval(function(){
+          if (document.getElementById("refresh_value").value === 'yes') {
+            timeleft--;
+          }
+          document.getElementById("refresh_seconds").textContent = timeleft;
+          if(timeleft <= 0) {
+            timeleft = refreshSeconds;
+            tableAudit.ajax.reload();
+          }
+        },1000);
+
+        // Refresh sidebar stats
+        beginStats();
+        var statsTimer = setInterval(function(){
+          beginStats();
+        },60000);
+
+      });
+    </script>
+  </body>
+</html>
diff --git a/cmd/admin/templates/components/page-aside-right.html b/cmd/admin/templates/components/page-aside-right.html
index 25247736..d187e104 100644
--- a/cmd/admin/templates/components/page-aside-right.html
+++ b/cmd/admin/templates/components/page-aside-right.html
@@ -17,6 +17,16 @@ <h6>Admin Server Settings</h6>
             <div>
               <small class="text-muted">Settings for the Admin service</small>
             </div>
+            <div class="clearfix mt-4">
+              <small>
+                <button class="btn btn-block btn-sm btn-info" type="button" onclick="window.location = '/audit-logs';">
+                  <b>Audit Logs</b>
+                </button>
+              </small>
+            </div>
+            <div>
+              <small class="text-muted">View the Audit Logs</small>
+            </div>
             <div class="clearfix mt-4">
               <small>
                 <button class="btn btn-block btn-sm btn-primary" type="button" onclick="window.location = '/users';">
diff --git a/go.mod b/go.mod
index 74cf63d8..f60e2702 100644
--- a/go.mod
+++ b/go.mod
@@ -98,7 +98,6 @@ require (
 	github.com/russellhaering/goxmldsig v1.5.0 // indirect
 	github.com/russross/blackfriday/v2 v2.1.0 // indirect
 	github.com/sagikazarmark/locafero v0.12.0 // indirect
-	github.com/sourcegraph/conc v0.3.1-0.20240121214520-5f936abd7ae8 // indirect
 	github.com/spf13/afero v1.15.0 // indirect
 	github.com/spf13/cast v1.10.0 // indirect
 	github.com/spf13/pflag v1.0.10 // indirect
diff --git a/go.sum b/go.sum
index 36ad3180..153d543f 100644
--- a/go.sum
+++ b/go.sum
@@ -4,82 +4,44 @@ github.com/DATA-DOG/go-sqlmock v1.5.2 h1:OcvFkGmslmlZibjAjaHm3L//6LiuBgolP7Oputl
 github.com/DATA-DOG/go-sqlmock v1.5.2/go.mod h1:88MAG/4G7SMwSE3CeA0ZKzrT5CiOU3OJ+JlNzwDqpNU=
 github.com/aws/aws-sdk-go v1.55.8 h1:JRmEUbU52aJQZ2AjX4q4Wu7t4uZjOu71uyNmaWlUkJQ=
 github.com/aws/aws-sdk-go v1.55.8/go.mod h1:ZkViS9AqA6otK+JBBNH2++sx1sgxrPKcSzPPvQkUtXk=
-github.com/aws/aws-sdk-go-v2 v1.37.2 h1:xkW1iMYawzcmYFYEV0UCMxc8gSsjCGEhBXQkdQywVbo=
-github.com/aws/aws-sdk-go-v2 v1.37.2/go.mod h1:9Q0OoGQoboYIAJyslFyF1f5K1Ryddop8gqMhWx/n4Wg=
 github.com/aws/aws-sdk-go-v2 v1.39.2 h1:EJLg8IdbzgeD7xgvZ+I8M1e0fL0ptn/M47lianzth0I=
 github.com/aws/aws-sdk-go-v2 v1.39.2/go.mod h1:sDioUELIUO9Znk23YVmIk86/9DOpkbyyVb1i/gUNFXY=
-github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.7.0 h1:6GMWV6CNpA/6fbFHnoAjrv4+LGfyTqZz2LtCHnspgDg=
-github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.7.0/go.mod h1:/mXlTIVG9jbxkqDnr5UQNQxW1HRYxeGklkM9vAFeabg=
 github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.7.1 h1:i8p8P4diljCr60PpJp6qZXNlgX4m2yQFpYk+9ZT+J4E=
 github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.7.1/go.mod h1:ddqbooRZYNoJ2dsTwOty16rM+/Aqmk/GOXrK8cg7V00=
-github.com/aws/aws-sdk-go-v2/config v1.30.3 h1:utupeVnE3bmB221W08P0Moz1lDI3OwYa2fBtUhl7TCc=
-github.com/aws/aws-sdk-go-v2/config v1.30.3/go.mod h1:NDGwOEBdpyZwLPlQkpKIO7frf18BW8PaCmAM9iUxQmI=
 github.com/aws/aws-sdk-go-v2/config v1.31.12 h1:pYM1Qgy0dKZLHX2cXslNacbcEFMkDMl+Bcj5ROuS6p8=
 github.com/aws/aws-sdk-go-v2/config v1.31.12/go.mod h1:/MM0dyD7KSDPR+39p9ZNVKaHDLb9qnfDurvVS2KAhN8=
-github.com/aws/aws-sdk-go-v2/credentials v1.18.3 h1:ptfyXmv+ooxzFwyuBth0yqABcjVIkjDL0iTYZBSbum8=
-github.com/aws/aws-sdk-go-v2/credentials v1.18.3/go.mod h1:Q43Nci++Wohb0qUh4m54sNln0dbxJw8PvQWkrwOkGOI=
 github.com/aws/aws-sdk-go-v2/credentials v1.18.16 h1:4JHirI4zp958zC026Sm+V4pSDwW4pwLefKrc0bF2lwI=
 github.com/aws/aws-sdk-go-v2/credentials v1.18.16/go.mod h1:qQMtGx9OSw7ty1yLclzLxXCRbrkjWAM7JnObZjmCB7I=
-github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.2 h1:nRniHAvjFJGUCl04F3WaAj7qp/rcz5Gi1OVoj5ErBkc=
-github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.2/go.mod h1:eJDFKAMHHUvv4a0Zfa7bQb//wFNUXGrbFpYRCHe2kD0=
 github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.9 h1:Mv4Bc0mWmv6oDuSWTKnk+wgeqPL5DRFu5bQL9BGPQ8Y=
 github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.9/go.mod h1:IKlKfRppK2a1y0gy1yH6zD+yX5uplJ6UuPlgd48dJiQ=
-github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.18.3 h1:Nb2pUE30lySKPGdkiIJ1SZgHsjiebOiRNI7R9NA1WtM=
-github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.18.3/go.mod h1:BO5EKulvhBF1NXwui8lfnuDPBQQU5807yvWASZ/5n6k=
 github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.19.10 h1:i9EmUTyCWtUp1KsBwKGTtZUxaRym4LmiFiBcb//i8Kw=
 github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.19.10/go.mod h1:IPS1CSYQ8lfLYGytpMEPW4erZmVFUdxLpC0RCI/RCn8=
-github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.2 h1:sPiRHLVUIIQcoVZTNwqQcdtjkqkPopyYmIX0M5ElRf4=
-github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.2/go.mod h1:ik86P3sgV+Bk7c1tBFCwI3VxMoSEwl4YkRB9xn1s340=
 github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.9 h1:se2vOWGD3dWQUtfn4wEjRQJb1HK1XsNIt825gskZ970=
 github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.9/go.mod h1:hijCGH2VfbZQxqCDN7bwz/4dzxV+hkyhjawAtdPWKZA=
-github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.2 h1:ZdzDAg075H6stMZtbD2o+PyB933M/f20e9WmCBC17wA=
-github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.2/go.mod h1:eE1IIzXG9sdZCB0pNNpMpsYTLl4YdOQD3njiVN1e/E4=
 github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.9 h1:6RBnKZLkJM4hQ+kN6E7yWFveOTg8NLPHAkqrs4ZPlTU=
 github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.9/go.mod h1:V9rQKRmK7AWuEsOMnHzKj8WyrIir1yUJbZxDuZLFvXI=
 github.com/aws/aws-sdk-go-v2/internal/ini v1.8.3 h1:bIqFDwgGXXN1Kpp99pDOdKMTTb5d2KyU5X/BZxjOkRo=
 github.com/aws/aws-sdk-go-v2/internal/ini v1.8.3/go.mod h1:H5O/EsxDWyU+LP/V8i5sm8cxoZgc2fdNR9bxlOFrQTo=
-github.com/aws/aws-sdk-go-v2/internal/v4a v1.4.2 h1:sBpc8Ph6CpfZsEdkz/8bfg8WhKlWMCms5iWj6W/AW2U=
-github.com/aws/aws-sdk-go-v2/internal/v4a v1.4.2/go.mod h1:Z2lDojZB+92Wo6EKiZZmJid9pPrDJW2NNIXSlaEfVlU=
 github.com/aws/aws-sdk-go-v2/internal/v4a v1.4.9 h1:w9LnHqTq8MEdlnyhV4Bwfizd65lfNCNgdlNC6mM5paE=
 github.com/aws/aws-sdk-go-v2/internal/v4a v1.4.9/go.mod h1:LGEP6EK4nj+bwWNdrvX/FnDTFowdBNwcSPuZu/ouFys=
-github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.0 h1:6+lZi2JeGKtCraAj1rpoZfKqnQ9SptseRZioejfUOLM=
-github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.0/go.mod h1:eb3gfbVIxIoGgJsi9pGne19dhCBpK6opTYpQqAmdy44=
 github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.1 h1:oegbebPEMA/1Jny7kvwejowCaHz1FWZAQ94WXFNCyTM=
 github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.1/go.mod h1:kemo5Myr9ac0U9JfSjMo9yHLtw+pECEHsFtJ9tqCEI8=
-github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.8.2 h1:blV3dY6WbxIVOFggfYIo2E1Q2lZoy5imS7nKgu5m6Tc=
-github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.8.2/go.mod h1:cBWNeLBjHJRSmXAxdS7mwiMUEgx6zup4wQ9J+/PcsRQ=
 github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.8.9 h1:by3nYZLR9l8bUH7kgaMU4dJgYFjyRdFEfORlDpPILB4=
 github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.8.9/go.mod h1:IWjQYlqw4EX9jw2g3qnEPPWvCE6bS8fKzhMed1OK7c8=
-github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.2 h1:oxmDEO14NBZJbK/M8y3brhMFEIGN4j8a6Aq8eY0sqlo=
-github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.2/go.mod h1:4hH+8QCrk1uRWDPsVfsNDUup3taAjO8Dnx63au7smAU=
 github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.9 h1:5r34CgVOD4WZudeEKZ9/iKpiT6cM1JyEROpXjOcdWv8=
 github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.9/go.mod h1:dB12CEbNWPbzO2uC6QSWHteqOg4JfBVJOojbAoAUb5I=
-github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.19.2 h1:0hBNFAPwecERLzkhhBY+lQKUMpXSKVv4Sxovikrioms=
-github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.19.2/go.mod h1:Vcnh4KyR4imrrjGN7A2kP2v9y6EPudqoPKXtnmBliPU=
 github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.19.9 h1:wuZ5uW2uhJR63zwNlqWH2W4aL4ZjeJP3o92/W+odDY4=
 github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.19.9/go.mod h1:/G58M2fGszCrOzvJUkDdY8O9kycodunH4VdT5oBAqls=
-github.com/aws/aws-sdk-go-v2/service/s3 v1.86.0 h1:utPhv4ECQzJIUbtx7vMN4A8uZxlQ5tSt1H1toPI41h8=
-github.com/aws/aws-sdk-go-v2/service/s3 v1.86.0/go.mod h1:1/eZYtTWazDgVl96LmGdGktHFi7prAcGCrJ9JGvBITU=
 github.com/aws/aws-sdk-go-v2/service/s3 v1.88.3 h1:P18I4ipbk+b/3dZNq5YYh+Hq6XC0vp5RWkLp1tJldDA=
 github.com/aws/aws-sdk-go-v2/service/s3 v1.88.3/go.mod h1:Rm3gw2Jov6e6kDuamDvyIlZJDMYk97VeCZ82wz/mVZ0=
-github.com/aws/aws-sdk-go-v2/service/sso v1.27.0 h1:j7/jTOjWeJDolPwZ/J4yZ7dUsxsWZEsxNwH5O7F8eEA=
-github.com/aws/aws-sdk-go-v2/service/sso v1.27.0/go.mod h1:M0xdEPQtgpNT7kdAX4/vOAPkFj60hSQRb7TvW9B0iug=
 github.com/aws/aws-sdk-go-v2/service/sso v1.29.6 h1:A1oRkiSQOWstGh61y4Wc/yQ04sqrQZr1Si/oAXj20/s=
 github.com/aws/aws-sdk-go-v2/service/sso v1.29.6/go.mod h1:5PfYspyCU5Vw1wNPsxi15LZovOnULudOQuVxphSflQA=
-github.com/aws/aws-sdk-go-v2/service/ssooidc v1.32.0 h1:ywQF2N4VjqX+Psw+jLjMmUL2g1RDHlvri3NxHA08MGI=
-github.com/aws/aws-sdk-go-v2/service/ssooidc v1.32.0/go.mod h1:Z+qv5Q6b7sWiclvbJyPSOT1BRVU9wfSUPaqQzZ1Xg3E=
 github.com/aws/aws-sdk-go-v2/service/ssooidc v1.35.1 h1:5fm5RTONng73/QA73LhCNR7UT9RpFH3hR6HWL6bIgVY=
 github.com/aws/aws-sdk-go-v2/service/ssooidc v1.35.1/go.mod h1:xBEjWD13h+6nq+z4AkqSfSvqRKFgDIQeaMguAJndOWo=
-github.com/aws/aws-sdk-go-v2/service/sts v1.36.0 h1:bRP/a9llXSSgDPk7Rqn5GD/DQCGo6uk95plBFKoXt2M=
-github.com/aws/aws-sdk-go-v2/service/sts v1.36.0/go.mod h1:tgBsFzxwl65BWkuJ/x2EUs59bD4SfYKgikvFDJi1S58=
 github.com/aws/aws-sdk-go-v2/service/sts v1.38.6 h1:p3jIvqYwUZgu/XYeI48bJxOhvm47hZb5HUQ0tn6Q9kA=
 github.com/aws/aws-sdk-go-v2/service/sts v1.38.6/go.mod h1:WtKK+ppze5yKPkZ0XwqIVWD4beCwv056ZbPQNoeHqM8=
-github.com/aws/smithy-go v1.22.5 h1:P9ATCXPMb2mPjYBgueqJNCA5S9UfktsW0tTxi+a7eqw=
-github.com/aws/smithy-go v1.22.5/go.mod h1:t1ufH5HMublsJYulve2RKmHDC15xu1f26kHCp/HgceI=
 github.com/aws/smithy-go v1.23.0 h1:8n6I3gXzWJB2DxBDnfxgBaSX6oe0d/t10qGz7OKqMCE=
 github.com/aws/smithy-go v1.23.0/go.mod h1:t1ufH5HMublsJYulve2RKmHDC15xu1f26kHCp/HgceI=
-github.com/beevik/etree v1.5.1 h1:TC3zyxYp+81wAmbsi8SWUpZCurbxa6S8RITYRSkNRwo=
-github.com/beevik/etree v1.5.1/go.mod h1:gPNJNaBGVZ9AwsidazFZyygnd+0pAU38N4D+WemwKNs=
 github.com/beevik/etree v1.6.0 h1:u8Kwy8pp9D9XeITj2Z0XtA5qqZEmtJtuXZRQi+j03eE=
 github.com/beevik/etree v1.6.0/go.mod h1:bh4zJxiIr62SOf9pRzN7UUYaEDa9HEKafK25+sLc0Gc=
 github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
@@ -117,8 +79,6 @@ github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag=
 github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE=
 github.com/go-redis/redis/v8 v8.11.5 h1:AcZZR7igkdvfVmQTPnu9WE37LRrO/YrBH5zWyjDC0oI=
 github.com/go-redis/redis/v8 v8.11.5/go.mod h1:gREzHqY1hg6oD9ngVRbLStwAWKhA0FEgq8Jd4h5lpwo=
-github.com/go-sql-driver/mysql v1.8.1 h1:LedoTUt/eveggdHS9qUFC1EFSa8bU2+1pZjSRpvNJ1Y=
-github.com/go-sql-driver/mysql v1.8.1/go.mod h1:wEBSXgmK//2ZFJyE+qWnIsVGmvmEKlqwuVSjsCm7DZg=
 github.com/go-sql-driver/mysql v1.9.3 h1:U/N249h2WzJ3Ukj8SowVFjdtZKfu9vlLZxjPXV1aweo=
 github.com/go-sql-driver/mysql v1.9.3/go.mod h1:qn46aNg1333BRMNU69Lq93t8du/dwxI64Gl8i5p1WMU=
 github.com/go-viper/mapstructure/v2 v2.4.0 h1:EBsztssimR/CONLSZZ04E8qAkxNYq4Qp9LvH92wZUgs=
@@ -140,8 +100,6 @@ github.com/jackc/pgpassfile v1.0.0 h1:/6Hmqy13Ss2zCq62VdNG8tM1wchn8zjSGOBJ6icpsI
 github.com/jackc/pgpassfile v1.0.0/go.mod h1:CEx0iS5ambNFdcRtxPj5JhEz+xB6uRky5eyVu/W2HEg=
 github.com/jackc/pgservicefile v0.0.0-20240606120523-5a60cdf6a761 h1:iCEnooe7UlwOQYpKFhBabPMi4aNAfoODPEFNiAnClxo=
 github.com/jackc/pgservicefile v0.0.0-20240606120523-5a60cdf6a761/go.mod h1:5TJZWKEWniPve33vlWYSoGYefn3gLQRzjfDlhSJ9ZKM=
-github.com/jackc/pgx/v5 v5.7.5 h1:JHGfMnQY+IEtGM63d+NGMjoRpysB2JBwDr5fsngwmJs=
-github.com/jackc/pgx/v5 v5.7.5/go.mod h1:aruU7o91Tc2q2cFp5h4uP3f6ztExVpyVv88Xl/8Vl8M=
 github.com/jackc/pgx/v5 v5.7.6 h1:rWQc5FwZSPX58r1OQmkuaNicxdmExaEz5A2DO2hUuTk=
 github.com/jackc/pgx/v5 v5.7.6/go.mod h1:aruU7o91Tc2q2cFp5h4uP3f6ztExVpyVv88Xl/8Vl8M=
 github.com/jackc/puddle/v2 v2.2.2 h1:PR8nw+E/1w0GLuRFSmiioY6UooMp6KJv0/61nB7icHo=
@@ -174,12 +132,8 @@ github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/
 github.com/mattn/go-isatty v0.0.19/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
 github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY=
 github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
-github.com/mattn/go-runewidth v0.0.16 h1:E5ScNMtiwvlvB5paMFdw9p4kSQzbXFikJ5SQO6TULQc=
-github.com/mattn/go-runewidth v0.0.16/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w=
 github.com/mattn/go-runewidth v0.0.19 h1:v++JhqYnZuu5jSKrk9RbgF5v4CGUjqRfBm05byFGLdw=
 github.com/mattn/go-runewidth v0.0.19/go.mod h1:XBkDxAl56ILZc9knddidhrOlY5R/pDhgLpndooCuJAs=
-github.com/mattn/go-sqlite3 v1.14.24 h1:tpSp2G2KyMnnQu99ngJ47EIkWVmliIizyZBfPrBWDRM=
-github.com/mattn/go-sqlite3 v1.14.24/go.mod h1:Uh1q+B4BYcTPb+yiD3kU8Ct7aC0hY9fxUwlHK0RXw+Y=
 github.com/mattn/go-sqlite3 v1.14.32 h1:JD12Ag3oLy1zQA+BNn74xRgaBbdhbNIDYvQUEuuErjs=
 github.com/mattn/go-sqlite3 v1.14.32/go.mod h1:Uh1q+B4BYcTPb+yiD3kU8Ct7aC0hY9fxUwlHK0RXw+Y=
 github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA=
@@ -190,12 +144,8 @@ github.com/olekukonko/cat v0.0.0-20250911104152-50322a0618f6 h1:zrbMGy9YXpIeTnGj
 github.com/olekukonko/cat v0.0.0-20250911104152-50322a0618f6/go.mod h1:rEKTHC9roVVicUIfZK7DYrdIoM0EOr8mK1Hj5s3JjH0=
 github.com/olekukonko/errors v1.1.0 h1:RNuGIh15QdDenh+hNvKrJkmxxjV4hcS50Db478Ou5sM=
 github.com/olekukonko/errors v1.1.0/go.mod h1:ppzxA5jBKcO1vIpCXQ9ZqgDh8iwODz6OXIGKU8r5m4Y=
-github.com/olekukonko/ll v0.0.9 h1:Y+1YqDfVkqMWuEQMclsF9HUR5+a82+dxJuL1HHSRpxI=
-github.com/olekukonko/ll v0.0.9/go.mod h1:En+sEW0JNETl26+K8eZ6/W4UQ7CYSrrgg/EdIYT2H8g=
 github.com/olekukonko/ll v0.1.1 h1:9Dfeed5/Mgaxb9lHRAftLK9pVfYETvHn+If6lywVhJc=
 github.com/olekukonko/ll v0.1.1/go.mod h1:2dJo+hYZcJMLMbKwHEWvxCUbAOLc/CXWS9noET22Mdo=
-github.com/olekukonko/tablewriter v1.0.9 h1:XGwRsYLC2bY7bNd93Dk51bcPZksWZmLYuaTHR0FqfL8=
-github.com/olekukonko/tablewriter v1.0.9/go.mod h1:5c+EBPeSqvXnLLgkm9isDdzR3wjfBkHR9Nhfp3NWrzo=
 github.com/olekukonko/tablewriter v1.1.0 h1:N0LHrshF4T39KvI96fn6GT8HEjXRXYNDrDjKFDB7RIY=
 github.com/olekukonko/tablewriter v1.1.0/go.mod h1:5c+EBPeSqvXnLLgkm9isDdzR3wjfBkHR9Nhfp3NWrzo=
 github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE=
@@ -211,23 +161,18 @@ github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINE
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U=
 github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
-github.com/prometheus/client_golang v1.23.0 h1:ust4zpdl9r4trLY/gSjlm07PuiBq2ynaXXlptpfy8Uc=
-github.com/prometheus/client_golang v1.23.0/go.mod h1:i/o0R9ByOnHX0McrTMTyhYvKE4haaf2mW08I+jGAjEE=
 github.com/prometheus/client_golang v1.23.2 h1:Je96obch5RDVy3FDMndoUsjAhG5Edi49h0RJWRi/o0o=
 github.com/prometheus/client_golang v1.23.2/go.mod h1:Tb1a6LWHB3/SPIzCoaDXI4I8UHKeFTEQ1YCr+0Gyqmg=
 github.com/prometheus/client_model v0.6.2 h1:oBsgwpGs7iVziMvrGhE53c/GrLUsZdHnqNwqPLxwZyk=
 github.com/prometheus/client_model v0.6.2/go.mod h1:y3m2F6Gdpfy6Ut/GBsUqTWZqCUvMVzSfMLjcu6wAwpE=
-github.com/prometheus/common v0.65.0 h1:QDwzd+G1twt//Kwj/Ww6E9FQq1iVMmODnILtW1t2VzE=
-github.com/prometheus/common v0.65.0/go.mod h1:0gZns+BLRQ3V6NdaerOhMbwwRbNh9hkGINtQAsP5GS8=
 github.com/prometheus/common v0.66.1 h1:h5E0h5/Y8niHc5DlaLlWLArTQI7tMrsfQjHV+d9ZoGs=
 github.com/prometheus/common v0.66.1/go.mod h1:gcaUsgf3KfRSwHY4dIMXLPV0K/Wg1oZ8+SbZk/HH/dA=
 github.com/prometheus/procfs v0.17.0 h1:FuLQ+05u4ZI+SS/w9+BWEM2TXiHKsUQ9TADiRH7DuK0=
 github.com/prometheus/procfs v0.17.0/go.mod h1:oPQLaDAMRbA+u8H5Pbfq+dl3VDAvHxMUOVhe0wYB2zw=
-github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc=
 github.com/rivo/uniseg v0.4.7 h1:WUdvkW8uEhrYfLC4ZzdpI2ztxP1I582+49Oc5Mq64VQ=
 github.com/rivo/uniseg v0.4.7/go.mod h1:FN3SvrM+Zdj16jyLfmOkMNblXMcoc8DfTHruCPUcx88=
-github.com/rogpeppe/go-internal v1.13.1 h1:KvO1DLK/DRN07sQ1LQKScxyZJuNnedQ5/wKSR38lUII=
-github.com/rogpeppe/go-internal v1.13.1/go.mod h1:uMEvuHeurkdAXX61udpOXGD/AzZDWNMNyH2VO9fmH0o=
+github.com/rogpeppe/go-internal v1.14.1 h1:UQB4HGPB6osV0SQTLymcB4TgvyWu6ZyliaW0tI/otEQ=
+github.com/rogpeppe/go-internal v1.14.1/go.mod h1:MaRKkUm5W0goXpeCfT7UZI6fk/L7L7so1lCWt35ZSgc=
 github.com/rs/xid v1.6.0/go.mod h1:7XoLgs4eV+QndskICGsho+ADou8ySMSjJKDIan90Nz0=
 github.com/rs/zerolog v1.34.0 h1:k43nTLIwcTVQAncfCw4KZ2VY6ukYoZaBPNOE8txlOeY=
 github.com/rs/zerolog v1.34.0/go.mod h1:bJsvje4Z08ROH4Nhs5iH600c3IkWhwp44iRc54W6wYQ=
@@ -235,36 +180,22 @@ github.com/russellhaering/goxmldsig v1.5.0 h1:AU2UkkYIUOTyZRbe08XMThaOCelArgvNfY
 github.com/russellhaering/goxmldsig v1.5.0/go.mod h1:x98CjQNFJcWfMxeOrMnMKg70lvDP6tE0nTaeUnjXDmk=
 github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf35Ld67mk=
 github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
-github.com/sagikazarmark/locafero v0.10.0 h1:FM8Cv6j2KqIhM2ZK7HZjm4mpj9NBktLgowT1aN9q5Cc=
-github.com/sagikazarmark/locafero v0.10.0/go.mod h1:Ieo3EUsjifvQu4NZwV5sPd4dwvu0OCgEQV7vjc9yDjw=
 github.com/sagikazarmark/locafero v0.12.0 h1:/NQhBAkUb4+fH1jivKHWusDYFjMOOKU88eegjfxfHb4=
 github.com/sagikazarmark/locafero v0.12.0/go.mod h1:sZh36u/YSZ918v0Io+U9ogLYQJ9tLLBmM4eneO6WwsI=
 github.com/segmentio/ksuid v1.0.4 h1:sBo2BdShXjmcugAMwjugoGUdUV0pcxY5mW4xKRn3v4c=
 github.com/segmentio/ksuid v1.0.4/go.mod h1:/XUiZBD3kVx5SmUOl55voK5yeAbBNNIed+2O73XgrPE=
-github.com/sourcegraph/conc v0.3.1-0.20240121214520-5f936abd7ae8 h1:+jumHNA0Wrelhe64i8F6HNlS8pkoyMv5sreGx2Ry5Rw=
-github.com/sourcegraph/conc v0.3.1-0.20240121214520-5f936abd7ae8/go.mod h1:3n1Cwaq1E1/1lhQhtRK2ts/ZwZEhjcQeJQ1RuC6Q/8U=
-github.com/spf13/afero v1.14.0 h1:9tH6MapGnn/j0eb0yIXiLjERO8RB6xIVZRDCX7PtqWA=
-github.com/spf13/afero v1.14.0/go.mod h1:acJQ8t0ohCGuMN3O+Pv0V0hgMxNYDlvdk+VTfyZmbYo=
 github.com/spf13/afero v1.15.0 h1:b/YBCLWAJdFWJTN9cLhiXXcD7mzKn9Dm86dNnfyQw1I=
 github.com/spf13/afero v1.15.0/go.mod h1:NC2ByUVxtQs4b3sIUphxK0NioZnmxgyCrfzeuq8lxMg=
-github.com/spf13/cast v1.9.2 h1:SsGfm7M8QOFtEzumm7UZrZdLLquNdzFYfIbEXntcFbE=
-github.com/spf13/cast v1.9.2/go.mod h1:jNfB8QC9IA6ZuY2ZjDp0KtFO2LZZlg4S/7bzP6qqeHo=
 github.com/spf13/cast v1.10.0 h1:h2x0u2shc1QuLHfxi+cTJvs30+ZAHOGRic8uyGTDWxY=
 github.com/spf13/cast v1.10.0/go.mod h1:jNfB8QC9IA6ZuY2ZjDp0KtFO2LZZlg4S/7bzP6qqeHo=
-github.com/spf13/pflag v1.0.7 h1:vN6T9TfwStFPFM5XzjsvmzZkLuaLX+HS+0SeFLRgU6M=
-github.com/spf13/pflag v1.0.7/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
 github.com/spf13/pflag v1.0.10 h1:4EBh2KAYBwaONj6b2Ye1GiHfwjqyROoF4RwYO+vPwFk=
 github.com/spf13/pflag v1.0.10/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
-github.com/spf13/viper v1.20.1 h1:ZMi+z/lvLyPSCoNtFCpqjy0S4kPbirhpTMwl8BkW9X4=
-github.com/spf13/viper v1.20.1/go.mod h1:P9Mdzt1zoHIG8m2eZQinpiBjo6kCmZSKBClNNqjJvu4=
 github.com/spf13/viper v1.21.0 h1:x5S+0EU27Lbphp4UKm1C+1oQO+rKx36vfCoaVebLFSU=
 github.com/spf13/viper v1.21.0/go.mod h1:P0lhsswPGWD/1lZJ9ny3fYnVqxiegrlNrEmgLjbTCAY=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
 github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
-github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA=
-github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
 github.com/stretchr/testify v1.11.1 h1:7s2iGBzp5EwR7/aIZr8ao5+dra3wiQyKjjFuvgVKu7U=
 github.com/stretchr/testify v1.11.1/go.mod h1:wZwfW3scLgRK+23gO65QZefKpKQRnfz6sD981Nm4B6U=
 github.com/subosito/gotenv v1.6.0 h1:9NlTDc1FTs4qu0DDq7AEtTPNw6SVm7uBMsUCUjABIf8=
@@ -279,22 +210,14 @@ github.com/urfave/cli/v2 v2.27.7 h1:bH59vdhbjLv3LAvIu6gd0usJHgoTTPhCFib8qqOwXYU=
 github.com/urfave/cli/v2 v2.27.7/go.mod h1:CyNAG/xg+iAOg0N4MPGZqVmv2rCoP267496AOXUZjA4=
 github.com/xrash/smetrics v0.0.0-20250705151800-55b8f293f342 h1:FnBeRrxr7OU4VvAzt5X7s6266i6cSVkkFPS0TuXWbIg=
 github.com/xrash/smetrics v0.0.0-20250705151800-55b8f293f342/go.mod h1:Ohn+xnUBiLI6FVj/9LpzZWtj1/D6lUovWYBkxHVV3aM=
-go.opentelemetry.io/auto/sdk v1.1.0 h1:cH53jehLUN6UFLY71z+NDOiNJqDdPRaXzTel0sJySYA=
-go.opentelemetry.io/auto/sdk v1.1.0/go.mod h1:3wSPjt5PWp2RhlCcmmOial7AvC4DQqZb7a7wCow3W8A=
 go.opentelemetry.io/auto/sdk v1.2.1 h1:jXsnJ4Lmnqd11kwkBV2LgLoFMZKizbCi5fNZ/ipaZ64=
 go.opentelemetry.io/auto/sdk v1.2.1/go.mod h1:KRTj+aOaElaLi+wW1kO/DZRXwkF4C5xPbEe3ZiIhN7Y=
-go.opentelemetry.io/otel v1.37.0 h1:9zhNfelUvx0KBfu/gb+ZgeAfAgtWrfHJZcAqFC228wQ=
-go.opentelemetry.io/otel v1.37.0/go.mod h1:ehE/umFRLnuLa/vSccNq9oS1ErUlkkK71gMcN34UG8I=
 go.opentelemetry.io/otel v1.38.0 h1:RkfdswUDRimDg0m2Az18RKOsnI8UDzppJAtj01/Ymk8=
 go.opentelemetry.io/otel v1.38.0/go.mod h1:zcmtmQ1+YmQM9wrNsTGV/q/uyusom3P8RxwExxkZhjM=
-go.opentelemetry.io/otel/metric v1.37.0 h1:mvwbQS5m0tbmqML4NqK+e3aDiO02vsf/WgbsdpcPoZE=
-go.opentelemetry.io/otel/metric v1.37.0/go.mod h1:04wGrZurHYKOc+RKeye86GwKiTb9FKm1WHtO+4EVr2E=
 go.opentelemetry.io/otel/metric v1.38.0 h1:Kl6lzIYGAh5M159u9NgiRkmoMKjvbsKtYRwgfrA6WpA=
 go.opentelemetry.io/otel/metric v1.38.0/go.mod h1:kB5n/QoRM8YwmUahxvI3bO34eVtQf2i4utNVLr9gEmI=
 go.opentelemetry.io/otel/sdk v1.21.0 h1:FTt8qirL1EysG6sTQRZ5TokkU8d0ugCj8htOgThZXQ8=
 go.opentelemetry.io/otel/sdk v1.21.0/go.mod h1:Nna6Yv7PWTdgJHVRD9hIYywQBRx7pbox6nwBnZIxl/E=
-go.opentelemetry.io/otel/trace v1.37.0 h1:HLdcFNbRQBE2imdSEgm/kwqmQj1Or1l/7bW6mxVK7z4=
-go.opentelemetry.io/otel/trace v1.37.0/go.mod h1:TlgrlQ+PtQO5XFerSPUYG0JSgGyryXewPGyayAWSBS0=
 go.opentelemetry.io/otel/trace v1.38.0 h1:Fxk5bKrDZJUH+AMyyIXGcFAPah0oRcT+LuNtJrmcNLE=
 go.opentelemetry.io/otel/trace v1.38.0/go.mod h1:j1P9ivuFsTceSWe1oY+EeW3sc+Pp42sO++GHkg4wwhs=
 go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto=
@@ -303,34 +226,21 @@ go.yaml.in/yaml/v2 v2.4.3 h1:6gvOSjQoTB3vt1l+CU+tSyi/HOjfOjRLJ4YwYZGwRO0=
 go.yaml.in/yaml/v2 v2.4.3/go.mod h1:zSxWcmIDjOzPXpjlTTbAsKokqkDNAVtZO0WOMiT90s8=
 go.yaml.in/yaml/v3 v3.0.4 h1:tfq32ie2Jv2UxXFdLJdh3jXuOzWiL1fo0bu/FbuKpbc=
 go.yaml.in/yaml/v3 v3.0.4/go.mod h1:DhzuOOF2ATzADvBadXxruRBLzYTpT36CKvDb3+aBEFg=
-golang.org/x/crypto v0.41.0 h1:WKYxWedPGCTVVl5+WHSSrOBT0O8lx32+zxmHxijgXp4=
-golang.org/x/crypto v0.41.0/go.mod h1:pO5AFd7FA68rFak7rOAGVuygIISepHftHnr8dr6+sUc=
 golang.org/x/crypto v0.42.0 h1:chiH31gIWm57EkTXpwnqf8qeuMUi0yekh6mT2AvFlqI=
 golang.org/x/crypto v0.42.0/go.mod h1:4+rDnOTJhQCx2q7/j6rAN5XDw8kPjeaXEUR2eL94ix8=
-golang.org/x/net v0.42.0 h1:jzkYrhi3YQWD6MLBJcsklgQsoAcw89EcZbJw8Z614hs=
-golang.org/x/net v0.42.0/go.mod h1:FF1RA5d3u7nAYA4z2TkclSCKh68eSXtiFwcWQpPXdt8=
 golang.org/x/net v0.43.0 h1:lat02VYK2j4aLzMzecihNvTlJNQUq316m2Mr9rnM6YE=
-golang.org/x/sync v0.16.0 h1:ycBJEhp9p4vXvUZNszeOq0kGTPghopOL8q0fq3vstxw=
-golang.org/x/sync v0.16.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA=
+golang.org/x/net v0.43.0/go.mod h1:vhO1fvI4dGsIjh73sWfUVjj3N7CA9WkKJNQm2svM6Jg=
 golang.org/x/sync v0.17.0 h1:l60nONMj9l5drqw6jlhIELNv9I0A4OFgRsG9k2oT9Ug=
 golang.org/x/sync v0.17.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI=
 golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.35.0 h1:vz1N37gP5bs89s7He8XuIYXpyY0+QlsKmzipCbUtyxI=
-golang.org/x/sys v0.35.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
 golang.org/x/sys v0.36.0 h1:KVRy2GtZBrk1cBYA7MKu5bEZFxQk4NIDV6RLVcC8o0k=
 golang.org/x/sys v0.36.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
-golang.org/x/term v0.34.0 h1:O/2T7POpk0ZZ7MAzMeWFSg6S5IpWd/RXDlM9hgM3DR4=
-golang.org/x/term v0.34.0/go.mod h1:5jC53AEywhIVebHgPVeg0mj8OD3VO9OzclacVrqpaAw=
 golang.org/x/term v0.35.0 h1:bZBVKBudEyhRcajGcNc3jIfWPqV4y/Kt2XcoigOWtDQ=
 golang.org/x/term v0.35.0/go.mod h1:TPGtkTLesOwf2DE8CgVYiZinHAOuy5AYUYT1lENIZnA=
-golang.org/x/text v0.28.0 h1:rhazDwis8INMIwQ4tpjLDzUhx6RlXqZNPEM0huQojng=
-golang.org/x/text v0.28.0/go.mod h1:U8nCwOR8jO/marOQ0QbDiOngZVEBB7MAiitBuMjXiNU=
 golang.org/x/text v0.29.0 h1:1neNs90w9YzJ9BocxfsQNHKuAT4pkghyXc4nhZ6sJvk=
 golang.org/x/text v0.29.0/go.mod h1:7MhJOA9CD2qZyOKYazxdYMF85OwPdEr9jTtBpO7ydH4=
-google.golang.org/protobuf v1.36.7 h1:IgrO7UwFQGJdRNXH/sQux4R1Dj1WAKcLElzeeRaXV2A=
-google.golang.org/protobuf v1.36.7/go.mod h1:jduwjTPXsFjZGTmRluh+L6NjiWu7pchiJ2/5YcXBHnY=
 google.golang.org/protobuf v1.36.9 h1:w2gp2mA27hUeUzj9Ex9FBjsBm40zfaDtEWow293U7Iw=
 google.golang.org/protobuf v1.36.9/go.mod h1:fuxRtAxBytpl4zzqUh6/eyUujkJdNiuEkXntxiD/uRU=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
@@ -350,12 +260,8 @@ gorm.io/driver/mysql v1.6.0 h1:eNbLmNTpPpTOVZi8MMxCi2aaIm0ZpInbORNXDwyLGvg=
 gorm.io/driver/mysql v1.6.0/go.mod h1:D/oCC2GWK3M/dqoLxnOlaNKmXz8WNTfcS9y5ovaSqKo=
 gorm.io/driver/postgres v1.6.0 h1:2dxzU8xJ+ivvqTRph34QX+WrRaJlmfyPqXmoGVjMBa4=
 gorm.io/driver/postgres v1.6.0/go.mod h1:vUw0mrGgrTK+uPHEhAdV4sfFELrByKVGnaVRkXDhtWo=
-gorm.io/driver/sqlite v1.5.7 h1:8NvsrhP0ifM7LX9G4zPB97NwovUakUxc+2V2uuf3Z1I=
-gorm.io/driver/sqlite v1.5.7/go.mod h1:U+J8craQU6Fzkcvu8oLeAQmi50TkwPEhHDEjQZXDah4=
 gorm.io/driver/sqlite v1.6.0 h1:WHRRrIiulaPiPFmDcod6prc4l2VGVWHz80KspNsxSfQ=
 gorm.io/driver/sqlite v1.6.0/go.mod h1:AO9V1qIQddBESngQUKWL9yoH93HIeA1X6V633rBwyT8=
-gorm.io/gorm v1.30.1 h1:lSHg33jJTBxs2mgJRfRZeLDG+WZaHYCk3Wtfl6Ngzo4=
-gorm.io/gorm v1.30.1/go.mod h1:8Z33v652h4//uMA76KjeDH8mJXPm1QNCYrMeatR0DOE=
 gorm.io/gorm v1.31.0 h1:0VlycGreVhK7RF/Bwt51Fk8v0xLiiiFdbGDPIZQ7mJY=
 gorm.io/gorm v1.31.0/go.mod h1:XyQVbO2k6YkOis7C2437jSit3SsDK72s7n7rsSHd+Gs=
 gotest.tools v2.2.0+incompatible h1:VsBPFP1AI068pPrMxtb/S8Zkgf9xEmTLJjfM+P5UIEo=
diff --git a/pkg/auditlog/audit.go b/pkg/auditlog/audit.go
new file mode 100644
index 00000000..b84548a5
--- /dev/null
+++ b/pkg/auditlog/audit.go
@@ -0,0 +1,294 @@
+package auditlog
+
+import (
+	"fmt"
+
+	"github.com/rs/zerolog/log"
+	"gorm.io/gorm"
+)
+
+const (
+	// Log types
+	LogTypeLogin       = 1
+	LogTypeLogout      = 2
+	LogTypeNode        = 3
+	LogTypeQuery       = 4
+	LogTypeCarve       = 5
+	LogTypeTag         = 6
+	LogTypeEnvironment = 7
+	LogTypeSetting     = 8
+	LogTypeVisit       = 9
+	LogTypeUser        = 10
+	// Severities
+	SeverityInfo    = 1
+	SeverityWarning = 2
+	SeverityError   = 3
+	// No environment action
+	NoEnvironment = 0
+)
+
+// AuditLog to store all audit logs
+type AuditLog struct {
+	gorm.Model
+	Service       string
+	Username      string
+	Line          string
+	LogType       uint
+	Severity      uint
+	SourceIP      string
+	EnvironmentID uint
+}
+
+// AuditLogManager for audit logs
+type AuditLogManager struct {
+	DB      *gorm.DB
+	Service string
+	Enabled bool
+}
+
+// CreateAuditLogManager to initialize the audit log struct and tables
+func CreateAuditLogManager(backend *gorm.DB, service string, enabled bool) (*AuditLogManager, error) {
+	var t *AuditLogManager = &AuditLogManager{
+		DB:      backend,
+		Service: service,
+		Enabled: enabled,
+	}
+	// table audit_log
+	if err := backend.AutoMigrate(&AuditLog{}); err != nil {
+		return t, fmt.Errorf("failed to AutoMigrate table (audit_log): %w", err)
+	}
+	return t, nil
+}
+
+// New audit log entry
+func (m *AuditLogManager) New(username, line, ip string, logType, severity, envID uint) (AuditLog, error) {
+	var alog AuditLog
+	if line == "" {
+		return alog, fmt.Errorf("empty log line")
+	}
+	return AuditLog{
+		Service:       m.Service,
+		Username:      username,
+		Line:          line,
+		LogType:       logType,
+		Severity:      severity,
+		SourceIP:      ip,
+		EnvironmentID: envID,
+	}, nil
+}
+
+// Create new audit log entry
+func (m *AuditLogManager) Create(logLine *AuditLog) error {
+	if !m.Enabled {
+		return nil
+	}
+	if err := m.DB.Create(&logLine).Error; err != nil {
+		return fmt.Errorf("create AuditLog %w", err)
+	}
+	return nil
+}
+
+// CreateNew - create new audit log entry
+func (m *AuditLogManager) CreateNew(username, line, ip string, logType, severity, envID uint) error {
+	if !m.Enabled {
+		return nil
+	}
+	logLine, err := m.New(username, line, ip, logType, severity, envID)
+	if err != nil {
+		return fmt.Errorf("new AuditLog %w", err)
+	}
+	if err := m.Create(&logLine); err != nil {
+		return fmt.Errorf("create AuditLog %w", err)
+	}
+	return nil
+}
+
+// NewLogin - create new login audit log entry
+func (m *AuditLogManager) NewLogin(username, ip string) {
+	if !m.Enabled {
+		return
+	}
+	line := fmt.Sprintf("user %s logged in", username)
+	if err := m.CreateNew(username, line, ip, LogTypeLogin, SeverityInfo, NoEnvironment); err != nil {
+		log.Err(err).Msg("error creating login audit log")
+	}
+}
+
+// NewLogout - create new logout audit log entry
+func (m *AuditLogManager) NewLogout(username, ip string) {
+	if !m.Enabled {
+		return
+	}
+	line := fmt.Sprintf("user %s logged out", username)
+	if err := m.CreateNew(username, line, ip, LogTypeLogout, SeverityInfo, NoEnvironment); err != nil {
+		log.Err(err).Msg("error creating logout audit log")
+	}
+}
+
+// NewQuery - create new query audit log entry
+func (m *AuditLogManager) NewQuery(username, query, ip string, envID uint) {
+	if !m.Enabled {
+		return
+	}
+	line := fmt.Sprintf("user %s created new query: %s", username, query)
+	if err := m.CreateNew(username, line, ip, LogTypeQuery, SeverityInfo, envID); err != nil {
+		log.Err(err).Msg("error creating new query audit log")
+	}
+}
+
+// NewCarve - create new carve audit log entry
+func (m *AuditLogManager) NewCarve(username, path, ip string, envID uint) {
+	if !m.Enabled {
+		return
+	}
+	line := fmt.Sprintf("user %s created new carve for: %s", username, path)
+	if err := m.CreateNew(username, line, ip, LogTypeCarve, SeverityInfo, envID); err != nil {
+		log.Err(err).Msg("error creating new carve audit log")
+	}
+}
+
+// QueryAction - create new query action audit log entry
+func (m *AuditLogManager) QueryAction(username, action, ip string, envID uint) {
+	if !m.Enabled {
+		return
+	}
+	line := fmt.Sprintf("user %s performed query action: %s", username, action)
+	if err := m.CreateNew(username, line, ip, LogTypeNode, SeverityInfo, envID); err != nil {
+		log.Err(err).Msg("error creating query action audit log")
+	}
+}
+
+// CarveAction - create new carve action audit log entry
+func (m *AuditLogManager) CarveAction(username, action, ip string, envID uint) {
+	if !m.Enabled {
+		return
+	}
+	line := fmt.Sprintf("user %s performed carve action: %s", username, action)
+	if err := m.CreateNew(username, line, ip, LogTypeCarve, SeverityInfo, envID); err != nil {
+		log.Err(err).Msg("error creating carve action audit log")
+	}
+}
+
+// Visit - create new visit tag audit log entry
+func (m *AuditLogManager) Visit(username, path, ip string, envID uint) {
+	if !m.Enabled {
+		return
+	}
+	line := fmt.Sprintf("user %s visited path: %s", username, path)
+	if err := m.CreateNew(username, line, ip, LogTypeVisit, SeverityInfo, envID); err != nil {
+		log.Err(err).Msg("error creating visit audit log")
+	}
+}
+
+// NewToken - create new token audit log entry
+func (m *AuditLogManager) NewToken(username, ip string) {
+	if !m.Enabled {
+		return
+	}
+	line := fmt.Sprintf("user %s refreshed API token", username)
+	if err := m.CreateNew(username, line, ip, LogTypeUser, SeverityInfo, NoEnvironment); err != nil {
+		log.Err(err).Msg("error creating token audit log")
+	}
+}
+
+// ConfAction - create new configuration action audit log entry
+func (m *AuditLogManager) ConfAction(username, action, ip string, envID uint) {
+	if !m.Enabled {
+		return
+	}
+	line := fmt.Sprintf("user %s performed configuration action: %s", username, action)
+	if err := m.CreateNew(username, line, ip, LogTypeEnvironment, SeverityInfo, envID); err != nil {
+		log.Err(err).Msg("error creating configuration action audit log")
+	}
+}
+
+// NodeAction - create new node action audit log entry
+func (m *AuditLogManager) NodeAction(username, action, ip string, envID uint) {
+	if !m.Enabled {
+		return
+	}
+	line := fmt.Sprintf("user %s performed node action: %s", username, action)
+	if err := m.CreateNew(username, line, ip, LogTypeNode, SeverityInfo, envID); err != nil {
+		log.Err(err).Msg("error creating node action audit log")
+	}
+}
+
+// EnvAction - create new environment action audit log entry
+func (m *AuditLogManager) EnvAction(username, action, ip string, envID uint) {
+	if !m.Enabled {
+		return
+	}
+	line := fmt.Sprintf("user %s performed environment action: %s", username, action)
+	if err := m.CreateNew(username, line, ip, LogTypeEnvironment, SeverityInfo, envID); err != nil {
+		log.Err(err).Msg("error creating environment action audit log")
+	}
+}
+
+// SettingsAction - create new settings action audit log entry
+func (m *AuditLogManager) SettingsAction(username, action, ip string) {
+	if !m.Enabled {
+		return
+	}
+	line := fmt.Sprintf("user %s performed settings action: %s", username, action)
+	if err := m.CreateNew(username, line, ip, LogTypeSetting, SeverityInfo, NoEnvironment); err != nil {
+		log.Err(err).Msg("error creating settings action audit log")
+	}
+}
+
+// TagAction - create new tag action audit log entry
+func (m *AuditLogManager) TagAction(username, action, ip string, envID uint) {
+	if !m.Enabled {
+		return
+	}
+	line := fmt.Sprintf("user %s performed tag action: %s", username, action)
+	if err := m.CreateNew(username, line, ip, LogTypeTag, SeverityInfo, envID); err != nil {
+		log.Err(err).Msg("error creating tag action audit log")
+	}
+}
+
+// UserAction - create new user action audit log entry
+func (m *AuditLogManager) UserAction(username, action, ip string) {
+	if !m.Enabled {
+		return
+	}
+	line := fmt.Sprintf("user %s performed user action: %s", username, action)
+	if err := m.CreateNew(username, line, ip, LogTypeUser, SeverityInfo, NoEnvironment); err != nil {
+		log.Err(err).Msg("error creating user action audit log")
+	}
+}
+
+// GetAll - get all audit logs
+func (m *AuditLogManager) GetAll() ([]AuditLog, error) {
+	var logs []AuditLog
+	if err := m.DB.Order("created_at desc").Find(&logs).Error; err != nil {
+		return logs, fmt.Errorf("get all AuditLog %w", err)
+	}
+	return logs, nil
+}
+
+// GetByEnv - get audit logs by environment
+func (m *AuditLogManager) GetByEnv(envID uint) ([]AuditLog, error) {
+	var logs []AuditLog
+	if err := m.DB.Where("environment_id = ?", envID).Order("created_at desc").Find(&logs).Error; err != nil {
+		return logs, fmt.Errorf("get AuditLog by env %w", err)
+	}
+	return logs, nil
+}
+
+// GetByType - get audit logs by type and environment
+func (m *AuditLogManager) GetByTypeEnv(logType, envID uint) ([]AuditLog, error) {
+	var logs []AuditLog
+	if err := m.DB.Where("log_type = ? AND environment_id = ?", logType, envID).Order("created_at desc").Find(&logs).Error; err != nil {
+		return logs, fmt.Errorf("get AuditLog by type and environment %w", err)
+	}
+	return logs, nil
+}
+
+// GetBySeverityEnv - get audit logs by severity and environment
+func (m *AuditLogManager) GetBySeverityEnv(severity, envID uint) ([]AuditLog, error) {
+	var logs []AuditLog
+	if err := m.DB.Where("severity = ? AND environment_id = ?", severity, envID).Order("created_at desc").Find(&logs).Error; err != nil {
+		return logs, fmt.Errorf("get AuditLog by severity and environment %w", err)
+	}
+	return logs, nil
+}
diff --git a/pkg/auditlog/utils.go b/pkg/auditlog/utils.go
new file mode 100644
index 00000000..6bbef511
--- /dev/null
+++ b/pkg/auditlog/utils.go
@@ -0,0 +1,63 @@
+package auditlog
+
+const (
+	// Log type strings
+	LogTypeLoginStr   = "Login"
+	LogTypeLogoutStr  = "Logout"
+	LogTypeNodeStr    = "Node"
+	LogTypeQueryStr   = "Query"
+	LogTypeCarveStr   = "Carve"
+	LogTypeTagStr     = "Tag"
+	LogTypeEnvStr     = "Environment"
+	LogTypeSettingStr = "Setting"
+	LogTypeVisitStr   = "Visit"
+	LogTypeUserStr    = "User"
+	LogTypeUnknown    = "Unknown"
+	// Severity strings
+	SeverityInfoStr    = "Info"
+	SeverityWarningStr = "Warning"
+	SeverityErrorStr   = "Error"
+	SeverityUnknownStr = "Unknown"
+)
+
+// LogTypeToString to convert log type to string
+func LogTypeToString(logType uint) string {
+	switch logType {
+	case 1:
+		return LogTypeLoginStr
+	case 2:
+		return LogTypeLogoutStr
+	case 3:
+		return LogTypeNodeStr
+	case 4:
+		return LogTypeQueryStr
+	case 5:
+		return LogTypeCarveStr
+	case 6:
+		return LogTypeTagStr
+	case 7:
+		return LogTypeEnvStr
+	case 8:
+		return LogTypeSettingStr
+	case 9:
+		return LogTypeVisitStr
+	case 10:
+		return LogTypeUserStr
+	default:
+		return LogTypeUnknown
+	}
+}
+
+// SeverityToString to convert severity to string
+func SeverityToString(severity uint) string {
+	switch severity {
+	case 1:
+		return SeverityInfoStr
+	case 2:
+		return SeverityWarningStr
+	case 3:
+		return SeverityErrorStr
+	default:
+		return SeverityUnknownStr
+	}
+}
diff --git a/pkg/auditlog/utils_test.go b/pkg/auditlog/utils_test.go
new file mode 100644
index 00000000..5fcf4cfc
--- /dev/null
+++ b/pkg/auditlog/utils_test.go
@@ -0,0 +1,50 @@
+package auditlog
+
+import "testing"
+
+func TestLogTypeToString(t *testing.T) {
+	tests := []struct {
+		input    uint
+		expected string
+	}{
+		{1, "Login"},
+		{2, "Logout"},
+		{3, "Node"},
+		{4, "Query"},
+		{5, "Carve"},
+		{6, "Tag"},
+		{7, "Environment"},
+		{8, "Setting"},
+		{9, "Visit"},
+		{10, "User"},
+		{0, "Unknown"},
+		{99, "Unknown"},
+	}
+
+	for _, tt := range tests {
+		result := LogTypeToString(tt.input)
+		if result != tt.expected {
+			t.Errorf("LogTypeToString(%d) = %q; want %q", tt.input, result, tt.expected)
+		}
+	}
+}
+
+func TestSeverityToString(t *testing.T) {
+	tests := []struct {
+		input    uint
+		expected string
+	}{
+		{1, "Info"},
+		{2, "Warning"},
+		{3, "Error"},
+		{0, "Unknown"},
+		{99, "Unknown"},
+	}
+
+	for _, tt := range tests {
+		result := SeverityToString(tt.input)
+		if result != tt.expected {
+			t.Errorf("SeverityToString(%d) = %q; want %q", tt.input, result, tt.expected)
+		}
+	}
+}
diff --git a/pkg/config/flags.go b/pkg/config/flags.go
index d9b3235a..0788d078 100644
--- a/pkg/config/flags.go
+++ b/pkg/config/flags.go
@@ -105,6 +105,8 @@ type ServiceFlagParams struct {
 	BrandingImage string
 	// Background image file
 	BackgroundImage string
+	// Audit log
+	AuditLog bool
 
 	// Debug HTTP configuration values
 	DebugHTTPValues DebugHTTPConfiguration
@@ -842,6 +844,14 @@ func initAdminFlags(params *ServiceFlagParams) []cli.Flag {
 			EnvVars:     []string{"BRANDING_IMAGE"},
 			Destination: &params.BrandingImage,
 		},
+		&cli.BoolFlag{
+			Name:        "audit-log",
+			Aliases:     []string{"audit"},
+			Value:       false,
+			Usage:       "Enable audit log for the osctrl-admin UI. It will log all the user actions in the UI",
+			EnvVars:     []string{"AUDIT_LOG"},
+			Destination: &params.AuditLog,
+		},
 	}
 }
 
diff --git a/pkg/environments/environments.go b/pkg/environments/environments.go
index a1cc100c..2b4160ad 100644
--- a/pkg/environments/environments.go
+++ b/pkg/environments/environments.go
@@ -219,6 +219,15 @@ func (environment *EnvManager) Exists(identifier string) bool {
 	return (results > 0)
 }
 
+// ExistsGet checks if TLS Environment exists already and returns it
+func (environment *EnvManager) ExistsGet(identifier string) (bool, TLSEnvironment) {
+	e, err := environment.Get(identifier)
+	if err != nil {
+		return false, TLSEnvironment{}
+	}
+	return true, e
+}
+
 // All gets all TLS Environment
 func (environment *EnvManager) All() ([]TLSEnvironment, error) {
 	var envs []TLSEnvironment
diff --git a/pkg/environments/util.go b/pkg/environments/util.go
index f71fb2f3..b01a49a2 100644
--- a/pkg/environments/util.go
+++ b/pkg/environments/util.go
@@ -57,6 +57,9 @@ func PackageDownloadURL(env TLSEnvironment, pkg string) string {
 
 // EnvironmentFinderID to find the environment and return its name based on the environment ID
 func EnvironmentFinderID(envID uint, envs []TLSEnvironment, uuid bool) string {
+	if envID == 0 {
+		return "None"
+	}
 	for _, env := range envs {
 		if env.ID == envID {
 			if uuid {