# Security Log

### Overview

The **Security Log** tracks key security events, such as changes in access location, unauthorized attempts to access resources, and any automatic actions taken by the system in response to these events. Each security event is logged with specific details, including the user's name, the date and time of the event, the platform, and the IP address from which the event was triggered.

<img src="/files/ntniOZa958TjXwnCUfgO" alt="Admin Portal > Home > Logs > Security Log" width="563">

By default, the security log displays the most recent security events for your domain.

***

### Key Fields in the Security Log

* **Name:** Name of the user who triggered the security event.
* **IP Address:** The IP address of the system from which the event was initiated.
* **Platform:** The platform where the security event occurred (web, iOS, Android, Windows, etc.).
* **Event:** A description of the security event.
* **Time of Event:** The exact date and time the security event took place.
* **Action Taken:** The action taken by the system in response to the security event.
* **Time of Action:** When the system's action in response to the event was executed.
* **Email Notification:** Email IDs of the network admins who were notified of the security event.

<figure><img src="/files/ifehrCQiHC2tIT2crNz2" alt="" width="375"><figcaption></figcaption></figure>

***

### List of Possible Security Events

Some examples of security events logged in MangoApps are:

* A user logs in from a different geographic location than previously recorded.
* A user attempts to access flagged content.
* Multiple failed password attempts by a user.
* Unauthorized access to a resource or page.
* Unauthorized attempts to access an invalid URL.
* Unauthorized attempts to access the Admin Portal.
* Access attempts from an IP address outside the configured range.

***

### Searching the Security Log

You can search for specific security log entries using a variety of search filters.

**Steps:**

1. Enter the user name in the **User Name** search box (optional).
2. Enter the user's email ID or login ID in the **Email ID/Login ID** search box (optional).
3. Select a platform from the **Platform** drop-down list to filter security events by platform (e.g., Web).
4. Use the **Event Occurred Between** date picker to define the time period for your search.
5. Click the **Search** button to retrieve the results.
6. Optionally, export the filtered results to a .csv or .pdf file.

***

### Exporting the Security Log

To export the security log:

1. Navigate to **Admin Portal > Home > Logs > Security Log**.
2. Use the **Items per page** drop-down to display up to 1000 entries.
3. Click **Export CSV** or **Export PDF** to download the log file.

{% hint style="info" %}
Admin users can export a maximum of 1000 records for a selected period. Exporting the log does not trigger any notifications or emails.
{% endhint %}

***

### Retention Policy

MangoApps retains Security Log entries from the date of domain creation, and these logs are never deleted. Network admins can access them at any time.

***

### FAQs

#### **When does the security log register a login?**

The security log registers a login only if there is an attempt by a user who is not authorized.

#### **Can I choose which security event triggers an email notification to the network admin?**

Yes, you can configure email notifications for specific security breach events under **Admin Portal > Notifications > Security Notifications**. Some events that can trigger notifications include:

* Login from a different geographic location.
* Multiple incorrect password attempts.
* Unauthorized access attempts to resources, pages, or the Admin Portal.
* Attempts from an IP address outside the allowed range.

<figure><img src="/files/DqgSxbINWMqhRvqXPuzG" alt="" width="563"><figcaption></figcaption></figure>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://guides.mangoapps.com/admin-guide/home-1/logs/security-log.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.