Document toolboxDocument toolbox

Login Reports

Owned by Tom Wyczółkowski
Last updated: Mar 19, 2024 by Maciej Zabielski
3 min read

Since 3.8.0

User's successful and failed login activities are logged and can be monitored both by the user himself or by system administrators. 

Login report for user

To access security log for currently logged in user, open drop-down menu available under Users menu button, and select Security Log.


Security Log dialog presents both successful and failed login attempts for user's login and some additional information if it is available.

 

Information available in the log:

  • Login date and Time - recorded time of the user login 

  • User Agent - this is decoded from information passed by the users device. Please not that this information might not be accurate, as it can be altered by a malicious user. 

  • IP - IP address that the login requests originates from. This is always an exact information, although a user might be using a VPN or other techniques used to mask real IP address. 

  • Country/Region - Estimated location of the user that made the login attempt. Please note that this information is based on IP address. If the IP address is obscured by TOR or VPN network, this might not be a true location.
    For SaaS (hosted) customers, IP addresses are resolved by so called GEO IP service provided by HyperHouse Technology AB. 
    NOTE: this service works internally and IP addresses or other data is not processed outside of our data-centre.
    For On-premises customers, an additional GEO IP service must be used to obtain this functionality. 


Logins report for administrators

System Administrators with HyperDoc Security Administrator role can see login reports for all users in the Administration panel under User/Groups section:


Failed login attempts section contains all login tries also done for not existing logins.

 

Setup GEO IP server

GeoIP server must accept a GET request with IP address as part of the URL:

http://{server-ip}:{port}/{ip}

the {ip} parameter will be filled in automatically. 

for example, a valid template UTR would look like this: https://192.168.40.18:11111/json/{ip}



Four or more failed login attempts for a specific and existing user will trigger a new notification event called "Excessive login attempts".

Consequently, an email notification will be sent to the account owner, informing them of multiple failed login attempts.

Specific notifications for this event can be configured using the Notifications center. For instance, a security group can be established to receive all notifications related to Excessive login attempts. (Read more about Notifications)