How do I install Laravel SentinelLog in my Laravel 12 project?

Run `composer require harryes/laravel-sentinellog`, publish the config with `php artisan vendor:publish --tag=sentinel-log-config`, and execute `php artisan migrate` to set up the database tables. Ensure your `User` model uses the `HasSentinelLog` trait.

Does this package support Laravel 9.x or older versions?

No, Laravel SentinelLog is officially tested on Laravel 10–13. Backporting to Laravel 9.x may require manual adjustments to composer dependencies and event listeners, as the package relies on newer Laravel features like middleware groups and event improvements.

How does the geo-fencing feature work, and what IP database does it use?

Geo-fencing restricts logins to allowed countries by comparing IP addresses against the MaxMind GeoIP2 database. You’ll need a MaxMind license for production use, or you can opt for open-source alternatives like db-ip, though performance may vary.

Can I customize the email notifications for new devices or failed logins?

Yes, notifications extend Laravel’s `Notifiable` trait, so you can override the `sendNewDeviceNotification` or `sendFailedLoginNotification` methods in your `User` model or create custom notification classes. The demo project includes examples for email/SMS templates.

What’s the best way to test brute-force protection before going live?

Use the built-in test command `php artisan sentinellog:test` to simulate brute-force attacks. Configure rate limits in `config/sentinellog.php` (e.g., `max_attempts: 5`) and monitor logs with `AuthLog::failed()->latest()->take(10)->get()` to verify blocks.

Will this package slow down my high-traffic Laravel app?

For apps with >10K MAU, log aggregation (e.g., Elasticsearch) or asynchronous logging via Laravel Queues + Redis is recommended to avoid database bottlenecks. The package is optimized for low overhead, but geo-fencing and 2FA checks add minor latency.

How do I integrate TOTP 2FA with Laravel Breeze or Jetstream?

Extend the existing 2FA middleware by adding `SentinelLog::checkTwoFactor()` to your login flow. The package provides QR code generation for TOTP setup; pair it with Laravel Breeze’s 2FA scaffolding or Jetstream’s built-in 2FA system for a seamless user experience.

Can I use this for multi-tenant SaaS apps with shared authentication?

Yes, the package supports multi-tenancy by storing tenant IDs in the `auth_logs` table. Use middleware like `SentinelLog::setTenant($tenantId)` before authentication events to ensure logs are tenant-scoped. Geo-fencing and SSO can also be tenant-specific via config.

What alternatives exist for Laravel authentication logging?

Alternatives include **spatie/laravel-activitylog** (general activity tracking), **laravel-notifiable** (custom notifications), and **laravel-bouncer** (rate limiting). However, SentinelLog uniquely combines logging, 2FA, geo-fencing, and session management in one package, reducing dependency sprawl.

How do I handle session hijacking detection in production?

Enable session hijacking detection by configuring `session_hijack_protection: true` in `config/sentinellog.php`. The package monitors IP/device changes mid-session and triggers `SessionHijacked` events. Pair this with Laravel Sanctum/Passport’s secure cookie settings to mitigate CSRF risks.

Weave Code

Code Weaver

Helps Laravel developers discover, compare, and choose open-source packages. See popularity, security, maintainers, and scores at a glance to make better decisions.

Laravel Sentinellog Laravel Package

harryes/laravel-sentinellog

All-in-one Laravel security and auth logging package: tracks login/logout/failed attempts with device + geo detection, alerts, TOTP 2FA, session management, brute-force protection, geo-fencing, SSO, and new-location verify/deny flows.

View on GitHub

Deep Wiki

Context7

A vigilant authentication logging and security package for Laravel 10-13.

Frequently asked questions about Laravel Sentinellog

How do I install Laravel SentinelLog in my Laravel 12 project?: Run `composer require harryes/laravel-sentinellog`, publish the config with `php artisan vendor:publish --tag=sentinel-log-config`, and execute `php artisan migrate` to set up the database tables. Ensure your `User` model uses the `HasSentinelLog` trait.
Does this package support Laravel 9.x or older versions?: No, Laravel SentinelLog is officially tested on Laravel 10–13. Backporting to Laravel 9.x may require manual adjustments to composer dependencies and event listeners, as the package relies on newer Laravel features like middleware groups and event improvements.
How does the geo-fencing feature work, and what IP database does it use?: Geo-fencing restricts logins to allowed countries by comparing IP addresses against the MaxMind GeoIP2 database. You’ll need a MaxMind license for production use, or you can opt for open-source alternatives like db-ip, though performance may vary.
Can I customize the email notifications for new devices or failed logins?: Yes, notifications extend Laravel’s `Notifiable` trait, so you can override the `sendNewDeviceNotification` or `sendFailedLoginNotification` methods in your `User` model or create custom notification classes. The demo project includes examples for email/SMS templates.
What’s the best way to test brute-force protection before going live?: Use the built-in test command `php artisan sentinellog:test` to simulate brute-force attacks. Configure rate limits in `config/sentinellog.php` (e.g., `max_attempts: 5`) and monitor logs with `AuthLog::failed()->latest()->take(10)->get()` to verify blocks.
Will this package slow down my high-traffic Laravel app?: For apps with >10K MAU, log aggregation (e.g., Elasticsearch) or asynchronous logging via Laravel Queues + Redis is recommended to avoid database bottlenecks. The package is optimized for low overhead, but geo-fencing and 2FA checks add minor latency.
How do I integrate TOTP 2FA with Laravel Breeze or Jetstream?: Extend the existing 2FA middleware by adding `SentinelLog::checkTwoFactor()` to your login flow. The package provides QR code generation for TOTP setup; pair it with Laravel Breeze’s 2FA scaffolding or Jetstream’s built-in 2FA system for a seamless user experience.
Can I use this for multi-tenant SaaS apps with shared authentication?: Yes, the package supports multi-tenancy by storing tenant IDs in the `auth_logs` table. Use middleware like `SentinelLog::setTenant($tenantId)` before authentication events to ensure logs are tenant-scoped. Geo-fencing and SSO can also be tenant-specific via config.
What alternatives exist for Laravel authentication logging?: Alternatives include **spatie/laravel-activitylog** (general activity tracking), **laravel-notifiable** (custom notifications), and **laravel-bouncer** (rate limiting). However, SentinelLog uniquely combines logging, 2FA, geo-fencing, and session management in one package, reducing dependency sprawl.
How do I handle session hijacking detection in production?: Enable session hijacking detection by configuring `session_hijack_protection: true` in `config/sentinellog.php`. The package monitors IP/device changes mid-session and triggers `SessionHijacked` events. Pair this with Laravel Sanctum/Passport’s secure cookie settings to mitigate CSRF risks.

Popularity trends

Recorded values over time (once-a-day snapshots). May 10, 2026 – Jun 8, 2026

GitHub · stars

GitHub · forks

GitHub · watchers

Packagist · monthly downloads

View on GitHub

Stars

Favorites

Forks

Score

0.1

Score breakdown

Sum of components, capped 0–100. Halved if archived.

Stars

input: 7

+0.0
Forks

input: 1

+0.0
Open issues + PRs

input: 0

+0.0
Releases

input: 0

+0.0
Recency

input: —

+0.0
Issue opportunity

input: 0

+0.0
Laravel News mentions

input: 0

+0.0
Dependents

input: 0

+0.0

Total 0.1

License

MIT

Watchers

Dependents

Open issues

Weaver

How can I help you explore Laravel packages today?

Conversation history is not saved when not logged in.

Add packages to context

No packages found.

milito/query-filter

apiboxsym/user-bundle

apiboxsym/health-check-bundle

jayeshmepani/jpl-moshier-ephemeris-php

elnasnato/laraliveui

labrodev/rest-sdk

sampaui/sampaui

babelqueue/php-sdk

facebook/capi-param-builder-php

babelqueue/symfony

hamzi/corewatch

minionfactory/raw-hydrator

hexters/coinpayment

rjcodes/rjcms

act-training/laravel-permissions-manager

alimarchal/laravel-chart-of-accounts

babenkoivan/elastic-scout-driver

mkwebdesign/filament-watchdog-v5

renatomarinho/laravel-page-speed

zedmagdy/filament-business-hours