The Login Monitor module provides comprehensive tracking and monitoring of user login activities on your Drupal site. It logs successful logins, failed login attempts, and logout events, while offering configurable email notifications and periodic statistical reports to help administrators monitor site security and user activity patterns.
- Requirements
- Installation
- Configuration
- Features
- Drush commands
- Security
- Troubleshooting
- FAQ
- Support
- Maintainers
Token module is required:
Core System, User and Views modules must be installed and enabled.
Install as you would normally install a contributed Drupal module. For further information, see Installing Drupal Modules.
- Enable the module at Administration » Extend.
- Navigate to Administration » Configuration » People » Login monitor settings
(
/admin/config/people/login-monitor) to configure the module. - Configure the following settings:
- Enable login logging: Toggle logging of login events
- Send email notifications: Enable real-time email notifications for login events
- Notification rate limit: Limit notification emails per IP address and event type per hour
- Tracked user roles: Select which user roles should be monitored
- Email recipient: Email address to receive notifications
- Email content: Customize the notification email template using tokens
- Enable log cleanup: Automatically remove old log entries
- Log retention days: Number of days to retain login logs
- Enable email reports: Send periodic statistical reports
- Report frequency: Choose daily, weekly, or monthly reports
- Report recipient: Email address to receive statistical reports
- Set permissions at Administration » People » Permissions:
- Administer Login Monitor settings: Allows users to configure module settings
- View login log entities: Allows users to view login logs
- Administer login log entities: Allows full access to login log entities including deletion
The "View login log entities" and "Administer login log entities" permissions expose sensitive audit data and are marked as restricted permissions. Grant them only to trusted operational or security roles.
- Tracks successful logins (including one-time login links)
- Logs failed login attempts (invalid users, valid users, blocked users)
- Records logout events
- Stores IP addresses, user agents, and timestamps
- Real-time email notifications for login events
- Configurable email templates with token support
- Role-based filtering for notifications
- Customizable recipient addresses
- Periodic email reports (daily, weekly, monthly)
- Login activity summaries and statistics
- Failed login attempt analysis
- User activity patterns
- Login log viewer at Administration » Reports » Login Log
(
/admin/reports/logins) - Filterable and sortable login event listings
- Detailed event information including IP addresses and user agents
- Configurable log retention periods
- Automatic cleanup of old log entries
- Bulk operations for log management
The module provides the following Drush command:
drush login-monitor:send-reportsThis command manually triggers the sending of statistical reports. It's useful for testing report functionality or sending reports outside of the normal schedule.
Login Monitor records data from three trust boundaries:
- Typed username: Read from Drupal's login form state after the form validation pipeline has run. The module trims the value and truncates it to 255 characters before account lookup, logging, tokens, or email.
- IP address: Read from Symfony's
Request::getClientIp(). The stored field is limited to 39 characters for IPv4 and IPv6 values. If the site is behind a reverse proxy, configure Drupal's trusted proxy settings soX-Forwarded-Foris trusted only from known proxy addresses. - User-Agent header: Read from the current request headers. Control characters are removed and the value is truncated to 512 characters before storage.
Stored login records include usernames, IP addresses, user agents, event types, timestamps, and user identifiers. Treat the login log as sensitive security and personal data.
This module does not replace Drupal core authentication protections. Drupal core
flood control limits login attempts before this module records the allowed
attempts. Operators should verify the site's user.flood settings, including
IP-based limits (ip_limit, ip_window) and per-user limits (user_limit,
user_window).
Login Monitor adds its own email notification flood guard. By default, it sends
at most 10 notification emails per IP address and event type per hour. Attempts
over that limit are still handled by Drupal, but the notification email is
suppressed and a warning is written to the login_monitor log channel.
Check the following:
- Verify that "Send email notifications" is enabled in the module settings
- Ensure a valid email recipient is configured
- Check that the user's role is included in the "Tracked user roles" setting
- Verify your site's email configuration is working correctly
- Check the site logs for any email-related errors
Check the following:
- Verify that "Enable login logging" is enabled in the module settings
- Ensure the user's role is included in the "Tracked user roles" setting
- Review site logs for any database-related errors
Check the following:
- Verify that "Enable email reports" is enabled
- Ensure cron is running regularly on your site
- Check that a valid report recipient email is configured
Q: Can I monitor login attempts for specific user roles only?
A: Yes, use the "Tracked user roles" setting to specify which roles should be monitored. Leave empty to monitor all users.
Q: How do I customize the email notification content?
A: Edit the "Email content" field in the module settings. You can use
tokens like [login_monitor:event_type_label], [login_monitor:username],
[login_monitor:ip_address], and standard user tokens.
Q: Can I export login data for analysis?
A: Yes, the login log uses Views, so you can create custom Views to export data in various formats (CSV, XML, etc.) or integrate with other modules.
Q: What happens to old login logs?
A: If log cleanup is enabled, logs older than the configured retention period will be automatically deleted during cron runs. Otherwise, logs are retained indefinitely.
Q: Can I disable logging for certain login methods?
A: The module logs all login events but provides filtering options. You can configure role-based tracking to exclude certain user types from monitoring.
- ECA: Event - Condition - Action: A comprehensive event-driven automation framework that can handle user login events among many other Drupal events. While ECA is more powerful and flexible, it requires significant configuration and technical knowledge to set up login monitoring workflows. ECA is ideal for complex automation needs but overkill if you only need login monitoring.
- Events Log Track: Log more event types than just user logins. No notifications and statistical reports.
- Login History: Doesn't log failed login attempts, missing role tracking. No notifications and statistical reports. Provides block with information about the user's last login.
- User Login Tracker: Lacks some features like email notifications and statistical reports. Doesn't log failed login attempts, missing role tracking. Not compatible with Drupal 11.
- Login Notification: Not compatible with Drupal 11. Notify via on page messages instead of email. No statistical reports or detailed logging.
- User Update Notify: Doesn't save logs. Focuses on user updates, not login events. Send email notifications.
- Login tracker: No further development. Not compatible with Drupal 11.
- Login Activity: No further development. Not compatible with Drupal 11. Provides basic login tracking without advanced features like email notifications or statistical reports.
- Sign Up Tracker: Logs only user registrations. Not compatible with Drupal 11.
Submit bug reports and feature suggestions, or track changes in the issue queue.
- Piotr Ramotowski - ramotowski