Document toolboxDocument toolbox

(no) Login Reports

Owned by Tom Wyczółkowski
Jul 22, 2020
3 min read

Translation needed

The content of this page was copied from another page tree and needs to be translated or updated.

When you finish translation, make sure to

  • Replace the label NEEDS-TRANSLATING with TRANSLATED

  • Remove this macro from the page

 

Since 3.8.0

User's successful and failed login activities are logged and can be monitored both by the user himself or by system administrators. 


Login report for user

To access security log for currently logged in user, open drop-down menu available under Users menu button, and select Security Log.


Security Log dialog presents both successful and failed login attempts for user's login and some additional information if it is available.

 

Information available in the log:

  • Login date and Time - recorded time of the user login 

  • User Agent - this is decoded from information passed by the users device. Please not that this information might not be accurate, as it can be altered by a malicious user. 

  • IP - IP address that the login requests originates from. This is always an exact information, although a user might be using a VPN or other techniques used to mask real IP address. 

  • Country/Region - Estimated location of the user that made the login attempt. Please note that this information is based on IP address. If the IP address is obscured by TOR or VPN network, this might not be a true location.
    For SaaS (hosted) customers, IP addresses are resolved by so called GEO IP service provided by HyperHouse Technology AB. 
    NOTE: this service works internally and IP addresses or other data is not processed outside of our data-centre.
    For On-premises customers, an additional GEO IP service must be used to obtain this functionality. 


Logins report for administrators

System Administrators with HyperDoc Security Administrator role can see login reports for all users in the Administration panel under User/Groups section:


Failed login attempts section contains all login tries also done for not existing logins.

 

Setup GEO IP server

GeoIP server must accept a GET request with IP address as part of the URL:

http://{server-ip}:{port}/{ip}

the {ip} parameter will be filled in automatically. 

for example, a valid template UTR would look like this: https://192.168.40.18:11111/json/{ip}

 

Four or more failed login attempts for specific and existing user will trigger new notification event called "Excessive login attempts".

As a result an email notification will be sent to the account owner informing of multiple failed login attempts.

Specific notifications for this event can be set using Notifications center. For example, a security group can be set up to receive all notifications about Excessive login attempts. (Read more about Notifications)