Audit Logs
Track all security and operational events in your Qserve account.
What is Logged?
Qserve maintains a comprehensive audit trail of all security-relevant and operational events. Every action is stamped with a timestamp, the acting user, their IP address, and relevant metadata.
| Category | Events Tracked |
|---|---|
| Auth | Login, logout, failed login, password change, account lockout, unlock |
| Subscriber | Account created, edited, suspended, reconnected, deleted, package changed |
| Payment | M-Pesa STK push, payment callback received, manual payment recorded |
| Network | Router connected/disconnected, CoA sent, subscriber disconnected by expiry |
| Admin | Team member added/removed, role changed, settings modified |
| System | Configuration changes, SMS/WhatsApp/email provider updates |
Viewing Audit Logs
- Go to Admin → Audit Logs (only accessible to Owner and Manager roles).
- Logs are shown in reverse chronological order — newest first.
- Use the search box to find events by action type, email, or IP address.
- Filter by category (Auth, Payment, Network, etc.) using the dropdown.
- Filter by severity: Info, Warning, or Critical.
Severity Levels
| Level | Meaning |
|---|---|
| Info | Normal operation — login succeeded, subscriber activated, payment received |
| Warning | Events requiring attention — failed login attempt, rate limit hit, account locked |
| Critical | Security incidents — multiple failed logins, suspicious access patterns |
Log Retention
Audit logs are retained for 90 days. After 90 days, logs older than this threshold are automatically deleted. If you need longer retention for compliance purposes, export logs regularly using the Export CSV function.
Security Monitoring
Check audit logs regularly for these warning signs:
- Multiple failed logins from the same IP — possible brute force attempt
- Logins from unusual locations or IP addresses
- Unexpected subscriber account changes
- Large numbers of CoA disconnects in a short period
- Payment callbacks from unknown sources
If you suspect a security incident, immediately change all team member passwords and review recent audit log entries for unauthorised actions.