Authentication Logs record every login and logout in your Mumara installation, showing who accessed the system, when, and from which IP address. You'll find them under Tools → Logs → Authentication Logs, listed chronologically with the newest events first.
Each entry shows a unique ID, the user account name, the originating IP address, the activity type (Login or Logout), a description like "John has been logged in" with the username as a clickable link to the user's profile, and the exact timestamp. A search box filters across user names, IPs, and descriptions, and a Show entries control adjusts how many records appear per page.
These logs are your first stop for security monitoring: watch for logins from unfamiliar IPs, logins at unusual hours, multiple logins in quick succession, or the same account appearing from distant geographic regions within a short window — a strong indicator of compromised credentials. For a full picture, pair them with Activity Logs: Authentication Logs tell you who logged in and when, Activity Logs tell you what they did afterward.
Worth knowing: logout events include session timeouts, not just manual logouts; entries older than the retention period may be purged; and if logins show private IPs like 192.168.x.x, a reverse proxy or load balancer is in front of Mumara — configure it to forward the real client IP via X-Forwarded-For headers.
