Can I log access to the web interface? I need them for regulatory compliance.
Currently not. What kind of info and in what form do you need?
I have to track logins (through recovery CD, urbackup web gui, urbackup fastcgi) of every user that can access backed up data (or that can grant access to other users).
A parsable log file with a row for each login (username, login time, source IP address) should be enough.
To comply with that regulation every user should be able to change its own password, and ideally be forced to do it every 3 months.