The Audit Log (Activities) page serves as a read-only, chronological trail of all administrative actions performed across the platform. It logs critical events like staff logins, gateway updates, settings edits, and database manipulations, alongside metadata like user ID, timestamp, and IP address.
Getting here
- Log in to the OwnPay admin dashboard
- Under the REPORTS & FINANCE section in the left sidebar, click Audit Log
Page sections
1. Activity log table
- TIME: Month, day, and time of the event
- USER: The username or system actor
- ACTION: Event identifier (e.g.,
gateway.created, login.success, brand.updated)
- ENTITY: Target ID of the modification
- IP: The IP address of the user who performed the action
Located at the bottom of the table, showing Page X of Y and a Next link.
Fields and options reference
Step-by-step: tracking unauthorized login attempts
- Navigate to the Audit Log page
- Scan the ACTION column for
login.failed event tags
- Check the IP address next to failed login attempts
- If multiple failed attempts originate from an unknown IP address, consider blocking that IP at your server firewall level
Best practices
- Monitor failed login activities weekly to check for brute-force attempts
- Correlate ledger entries with manual gateway approvals by checking who approved the transaction
- Do not share raw audit logs with external partners
- Do not disable logging triggers, as they are mandatory for security compliance
Activities are scoped by brand permissions. Staff users can only see log entries created under their own brand (merchant_id). Bypassing this scoping rule will lead to unauthorized data access.
Common mistakes and troubleshooting
Related pages
- Staff - Manage administrative user accounts
- Reports - Analyze payment conversion data
- Developer Hub - Monitor API and webhook logs