> ## Documentation Index
> Fetch the complete documentation index at: https://ownpay.org/docs/llms.txt
> Use this file to discover all available pages before exploring further.

> ## Agent Instructions
> OwnPay is licensed under AGPL-3.0 and is completely free - no licensing fees.
> Production docs URL: https://ownpay.org/docs - append .md to any page URL for clean markdown.
> OwnPay requires PHP 8.3+, MySQL/MariaDB, and Redis.
> MCP server available at https://ownpay.org/docs/mcp for programmatic documentation queries.
> Use root-relative links (e.g. /quickstart) for internal navigation - do NOT include /docs prefix.
> Plugin development: consult /developer/plugin-types/ pages for correct interfaces and manifests.

# Audit Log - Track Admin Actions and Security Events

> Review administrative actions, staff logins, configuration changes, and security events with filters by user, brand, and date range in OwnPay.

The Audit Log (Activities) page serves as a read-only, chronological trail of all administrative actions performed across the platform. It logs critical events like staff logins, gateway updates, settings edits, and database manipulations, alongside metadata like user ID, timestamp, and IP address.

## Getting here

1. Log in to the OwnPay admin dashboard
2. Under the **REPORTS & FINANCE** section in the left sidebar, click **Audit Log**

## Page sections

### 1. Activity log table

* **TIME:** Month, day, and time of the event
* **USER:** The username or system actor
* **ACTION:** Event identifier (e.g., `gateway.created`, `login.success`, `brand.updated`)
* **ENTITY:** Target ID of the modification
* **IP:** The IP address of the user who performed the action

### 2. Pagination nav bar

Located at the bottom of the table, showing **Page X of Y** and a **Next** link.

## Fields and options reference

| Table Header | Type       | Description                                        |
| ------------ | ---------- | -------------------------------------------------- |
| **TIME**     | Timestamp  | The exact timestamp when the activity occurred     |
| **USER**     | Text       | The administrative account executing the action    |
| **ACTION**   | Identifier | The system action tag                              |
| **ENTITY**   | Text Code  | The target component modified                      |
| **IP**       | IP Address | Network location from which the request originated |

## Step-by-step: tracking unauthorized login attempts

1. Navigate to the **Audit Log** page
2. Scan the **ACTION** column for `login.failed` event tags
3. Check the **IP** address next to failed login attempts
4. If multiple failed attempts originate from an unknown IP address, consider blocking that IP at your server firewall level

## Best practices

* Monitor failed login activities weekly to check for brute-force attempts
* Correlate ledger entries with manual gateway approvals by checking who approved the transaction
* Do not share raw audit logs with external partners
* Do not disable logging triggers, as they are mandatory for security compliance

<Warning>
  Activities are scoped by brand permissions. Staff users can only see log entries created under their own brand (`merchant_id`). Bypassing this scoping rule will lead to unauthorized data access.
</Warning>

## Common mistakes and troubleshooting

| Symptom                       | Cause                                                 | Fix                                                       |
| ----------------------------- | ----------------------------------------------------- | --------------------------------------------------------- |
| Missing log entries           | Staff action performed under different brand          | Switch to the correct brand context to see those logs     |
| Can't see other staff actions | Role lacks audit log permissions                      | Ask administrator to grant audit log access in your role  |
| Log entries seem incomplete   | Action was performed before audit logging was enabled | Check when audit logging was activated in system settings |

## Related pages

* [Staff](/user-guide/people/staff) - Manage administrative user accounts
* [Reports](/user-guide/reports-finance/reports) - Analyze payment conversion data
* [Developer Hub](/user-guide/developers/developer-hub) - Monitor API and webhook logs


## Related topics

- [Webhook Delivery Log](/docs/api-reference/webhook-delivery-log.md)
- [Reports - Transaction Volume, Fees, and CSV Export](/docs/user-guide/reports-finance/reports.md)
- [Roles and Permissions - RBAC for Admin and Brand Access](/docs/user-guide/people/roles.md)
- [Invoices - Create, Send, and Track Payment Invoices](/docs/user-guide/payments/invoices.md)
- [Features and Capabilities](/docs/resources/features.md)
