How do you set up Discord webhooks for staff logging? On a FiveM server, staff logging means sending important events to a private Discord channel so owners and admins see them in real time. The standard approach is a Discord webhook URL called from server-side Lua only (PerformHttpRequest) — never from client scripts. RAX Development configures webhooks for QBCore, ESX, and custom admin tools.
Quick answer: Discord channel → Integrations → Webhooks → New Webhook → copy URL into server.cfg or resource config → POST JSON from server Lua on admin/join/ban events. Keep URLs secret. Need it built?
What staff logging webhooks are for
- Accountability — Who banned, kicked, gave items, or spawned vehicles
- Faster moderation — Staff see reports without opening txAdmin
- Owner visibility — Joins, disconnects, suspicious economy moves
- Audit trail — Complement txAdmin logs (not a full replacement)
Webhooks are simple push messages. For slash commands, role sync, or database lookups in Discord, you want a custom bot — see custom Lua / C#.
Step 1: Create the Discord webhook
- Create a private staff-only channel (e.g.
#staff-logs)
- Channel settings → Integrations → Webhooks → New Webhook
- Name it (e.g. “RAX Server Logs”) and upload an avatar if desired
- Copy webhook URL — treat like a password
- Restrict channel permissions so only staff roles can read
Use separate webhooks for high-volume logs (joins) vs critical logs (bans, exploits) so alert channels stay readable.
Step 2: Store the URL securely on the server
- Put webhook URLs in
server.cfg convars, e.g. setrax:staff_webhook "https://discord.com/api/webhooks/..."
- Or in a server-only config Lua file not sent to clients
- Never hardcode webhooks in client scripts or NUI — players can extract them
- Rotate the webhook in Discord if the URL leaks (regenerate URL)
Step 3: Send logs from server-side Lua
Minimal pattern (illustrative):
local webhook = GetConvar('rax:staff_webhook', '')
local function StaffLog(title, description, color)
if webhook == '' then return end
local payload = json.encode({
username = 'Staff Logs',
embeds = {{
{{
title = title,
description = description,
color = color or 16753920,
footer = {{ text = os.date('%Y-%m-%d %H:%M:%S') }}
}}
}}
})
PerformHttpRequest(webhook, function() end, 'POST', payload, {
['Content-Type'] = 'application/json'
})
end
-- Example after validated admin action (server-side only):
-- StaffLog('Ban', ('Staff %s banned %s'):format(adminName, targetName), 15158332)
Hook this into your admin menu, ban system, and economy events after server-side validation — same rules as securing server triggers.
What to log (recommended)
| Event |
Include in embed |
Channel |
| Ban / kick | Staff, target, reason, ids | #mod-logs |
| Give item / money | Amount, item, citizenid | #economy-logs |
| Player connect | Name, license, optional queue | #joins (optional) |
| Exploit attempt | Event name, source, coords | #alerts |
| Restart / txAdmin | Who triggered, time | #server-status |
Framework and resource integration
- QBCore / ESX — Many admin menus support webhook fields in config; enable and test each action
- ox_lib / qb-admin — Check docs for
webhook or discord config keys
- Custom — One shared
StaffLog() export used by all staff resources
- Avoid duplicate webhooks firing twice for the same action
Security and reliability
- Server-side only — Clients must not hold webhook URLs
- Rate limits — Discord may throttle; batch or cooldown spammy events (join floods)
- No PII overload — Log ids needed for moderation; follow your privacy rules
- Fail silently safe — Logging failure should not break bans or kicks
- Pair with secure database practices if logs read MySQL
Webhooks vs custom Discord bot
| Webhooks |
Custom bot (linked to DB) |
| Fast to set up, one-way posts | Slash commands, buttons, queries |
| Great for staff action logs | Player lookup, whitelist, stats from MySQL |
| No bot token in FiveM required | Needs hosting + secure token storage |
For a custom Discord bot that reads your MySQL database (whitelist, player lookup), request a quote — webhooks alone are one-way posts; bots need separate hosting and a bot token.
Testing checklist
- Test ban, kick, and give-item on staging with a test account
- Confirm embed shows license / citizenid / discord id as needed
- Verify staff without permission cannot trigger log events (validate server events)
- Flood-test join webhook during restart — adjust rate limit if channel spams
- Regenerate webhook if URL was ever posted in public Discord
How RAX Development helps
- Webhook setup for admin menus and custom resources
- Shared staff logging resource for QBCore / ESX
- Separate channels for mod, economy, and alert logs
- Integration during server build or customization
- Dev standby to add logging when you install new scripts
US Navy Veteran, 13 years IT. Reviews · Contact · Discord: RAX Development
Related: Custom admin menu & logging ·
Tebex automated VIP perks ·
Secure server triggers ·
Custom Lua ·
Before starting a community
Conclusion
How do you set up Discord webhooks for staff logging? Create private Discord webhooks, store URLs server-side only, and POST embeds from server Lua when staff actions and critical events occur. RAX Development configures logging during server builds and custom admin setups.