Reviewing Magento 2 Admin Activity Log by Amasty

The Magento 2 admin activity log is a vital feature designed to boost the security and transparency of your Magento store. While Magento 2 does not include this tool by default, the Magento 2 admin actions log can be added through Amasty’s Admin Actions Log extension. This powerful module provides a comprehensive audit trail, enabling you to track every change made in the admin panel.

With the Magento 2 admin action log, you gain complete visibility into backend activities, from monitoring login attempts to tracking modifications to products, orders, and other key elements. This functionality helps safeguard your store against potential malicious attacks while also enhancing operational efficiency.

In this guide, we’ll explain what the Magento 2 admin activity log is and explore the core features of the extension. You’ll also learn how to configure and make the most of the admin actions log module for Magento 2. Let’s dive in!

Get Magento 2 Admin Actions Log Extension by Amasty

What is Magento 2 Admin Activity Log?

The Magento 2 admin activity log refers to a feature that tracks all changes made by administrators within the store. Out of the box, Magento 2 lacks a detailed, built-in admin activity logging system. This gap leaves store owners without a proper tool to monitor critical changes and activities their admin users perform. The absence of such a log could lead to missed security risks or operational mishaps that might arise from untracked administrative actions.

An admin activity log is essential for maintaining transparency, identifying issues, and securing your store against unauthorized changes or potential security breaches. It helps you track login attempts, changes to important store entities, and even system-level actions, ensuring you have full control over the store’s backend activities.

What is the Admin Actions Log Extension by Amasty?

The Admin Actions Log extension by Amasty fills the security gap in Magento 2 by offering comprehensive tracking of all admin activities. This extension logs actions performed in the admin panel and provides detailed reports that help you identify potential security threats, such as failed login attempts or unauthorized modifications. Moreover, it helps you pinpoint the exact action that may have caused an issue, ensuring quick troubleshooting and system integrity.

The Admin Actions Log extension goes beyond simple monitoring—it allows you to restore changes if any undesired or incorrect modifications are made. It also introduces real-time tracking, providing admin users with a sense of enhanced control and better security for their online store.

Key Features of Magento 2 Admin Actions Log

• Track all admin actions: Automatically log every action performed in the admin panel, whether by individual admins or all users.
• Log API activities: The extension now tracks actions made via API, adding another layer of transparency.
• Session management: Monitor and manage active working sessions, including the ability to terminate sessions with one click.
• Change restoration: If incorrect changes are made, you can restore the system to its previous state effortlessly.
• GeoIP detection: Track login attempts geographically by viewing the IP address, country, and city for each login.
• Scheduled change logging: Log automatic executions of scheduled changes, ensuring full visibility of background processes.
• Exclude specific actions from logging: Fine-tune what actions and entities you want to exclude from logging to reduce unnecessary clutter in reports.

Admin Functionality: Advanced Magento 2 Admin Activity Log For Your Security

The Magento 2 Admin Actions Log module provides an easy-to-use dashboard for administrators to review logs and manage store operations efficiently. With a user-friendly interface, admins can quickly access details like:

• Login attempts grid: View all successful, unsuccessful, and suspicious logins, including geolocation data.
• Actions log grid: Monitor detailed information such as admin name, action type, and affected items.
• Session management: View and terminate active admin sessions with a click.
• Restore functionality: Easily revert changes for individual items or perform bulk restoration to undo multiple changes at once.

With this extension, administrators can gain a complete overview of backend activities and take immediate action if necessary, whether it’s terminating a session or restoring critical data.

General Settings

To configure the extension, navigate to Stores > Configuration > Amasty Extensions > Admin Actions Log. Here, you can adjust the following settings:

• Enable Page Visit History: Turn this on to log all page visits made by administrators.
• Use GeoIP: Enable GeoIP support to track the geographical location (country and city) of admin users when they log in.
• Restore Settings Warning Text: Set up a custom warning message for the restore function.
• Log Actions for All Admin Users: Choose whether to log actions for all admin users or specify certain users for whom actions should be tracked.
• Excluding Actions and Entities from Logging. You can selectively exclude specific entities and actions from being logged. For example, you might want to prevent logging of changes to CMS pages or catalog attributes to minimize clutter in your logs. Custom entities created via third-party modules will still be logged unless specifically excluded.

Debug Mode and IP Forcing

To test or configure the extension, you can enable IP forcing, which allows you to set a specific IP address to be used instead of the real one for geolocation purposes. This is useful for testing the functionality in different geographic locations without needing to physically move or use a VPN.

• Enable Force IP: Set this to Yes to replace the real IP address with a specified one.
• Force IP Address: Enter the IP address you wish to use.

Automatic Log Cleaning

To avoid database overload, you can set up automatic log cleaning in the Admin Actions Log > General tab.

• Actions Log Auto-Cleaning: Specify the number of days after which logs will be automatically deleted.
• Login Attempts Auto-Cleaning: Set the number of days before login attempt logs are deleted.
• Visit History Log Auto-Cleaning: Set the number of days to keep page visit history logs (or set it to 0 for unlimited storage).

Email Notifications for Admin Login Attempts

The extension allows you to set up email notifications for different types of admin login attempts—successful, unsuccessful, and suspicious. To configure this:

• Enable Email Notifications: Choose to receive alerts for successful, unsuccessful, or suspicious login attempts.
• Email Sender: Select the email address from which the notifications will be sent.
• Email Template: Customize the email template for these notifications.
• Suspicious Login Criteria: Define which actions should be flagged as suspicious, such as logins from a new device, new IP address, or new location.

Viewing and Managing the Action Log

To access the Magento 2 admin action log, go to System > Actions Log. Here, you’ll find a detailed table listing all actions performed by admins, along with key information:

• Date: When the action occurred.
• Username: The name of the admin user.
• IP Address: Where the user was logged in from.
• Action Type: The type of action performed (e.g., creation, deletion).
• Object: The item that was modified.
• Store View: The store view where the action took place.

You can also preview, restore, or delete logged actions via the Actions dropdown menu.

Managing Active Sessions

To view currently active sessions, navigate to System > Admin Actions Log > Active Sessions. This table provides information about:

• Username and Full Name of the logged-in admin.
• IP Address and Location of the session.
• Recent Activity: See what the user is currently working on.

To end a session, click the Terminate Session link.

Monitoring Login Attempts

Track login attempts by going to System > Admin Actions Log > Login Attempts. The table includes details such as:

• Date: When the attempt occurred.
• Username and Full Name: Admin attempting to log in.
• IP Address and Location.
• User Agent: The browser or device used.
• Status: Whether the attempt was successful, failed, or logged out.

Viewing Page Visit History

To view page visit history, go to System > Admin Actions Log > Page Visit History. This grid shows:

• Username and Full Name of the admin.
• Session Start and End times.
• IP Address and Location.

You can view each visit by clicking Show History in the History column.

Tracking Changes with History of Changes

For each product, customer, or order, a History of Changes tab is available. This allows you to review and restore specific changes made by administrators.

Final Words

You must admit that ensuring the security and efficiency of your store’s backend operations is crucial no matter how big your ecommerce website is. The Magento 2 Admin Activity Log offers the perfect solution to track and monitor every admin action, ensuring full transparency. With the Magento 2 Admin Actions Log extension by Amasty, you’ll not only safeguard your store from potential threats but also streamline operations by having access to critical information at your fingertips. Enhanced with features like session management, API activity logging, and change restoration, this extension is an indispensable tool for any Magento 2 store aiming for superior control and security.

Enable Magento 2 Admin Activity Log