Action and access logs

BILLmanager records user activity in logs. In the logs, you can see when a user logged into the platform and what actions they performed.

Access log

BILLmanager keeps a log of visits, where it records the following:

• time at which the action in the system was performed;
• name of the user who logged in;
• IP address from which the user logged in;
• port from which the user logged in;
• action in the system:
• • registration;
  • authorization;
  • logout;
  • session reset;
• authorization method:
• • by login
  • OAuth VK;
  • OAuth Google.

  To view information about user sessions, enter Statistics → Visit log.

  Information about user sessions is stored in the file /usr/local/mgr5/var/billmgr.auth.log, where each line has the format:

  date<tab>client_ip<tab>user<tab>client_port<tab>user_agent<tab>action<tab>auth_method

  Details

  <tab> — tab

  • user_agent — Client's UserAgent, generated by the client's browser
  • action — action name
  • auth_method — authorization method. For example, login (by login and password), phone (by phone number), etc.

  To have information about user sessions written to the database, add the Option EnableDbAuthlog option to the configuration file /usr/local/mgr5/etc/billmgr.conf.

  To move existing data from the /usr/local/mgr5/var/billmgr.auth.log file to the database:

  1. Connect to the server with the platform via SSH. For more information about connecting via SSH, see Workstation setup.

  2. Run the command:

     /usr/local/mgr5/sbin/mgrctl -m billmgr fix.billmgr.authlog

  Action log

  The log contains a list of operations performed in the platform.

  To configure the period for which operation log entries are kept, enter Settings → System configuration → Keep the log, days.

  To view information about operations, enter Statistics → Action log.

  BILLmanager writes the following to the operation log:

  • time at which the action in the system was performed;
  • name of the user who triggered the operation;
  • IP address of the user who performed the operation;
  • name of the function corresponding to the operation.

  If the operation is triggered by the platform, the User field will contain "root" and the Remote IP Address field will contain the name of the service that triggered the operation.

  

  To see more details on operations, select an operation in the list → click Details. The form displays the following:

  • Time — the date and time when the operation was performed;
  • User — login of the user who triggered the operation;
  • Remote IP address — The IP address of the user who performed the operation;
  • Function — name of the function corresponding to the operation;
  • Parameters — parameters with which the function is launched.

  To view a detailed report of function use statistics, click Report.