Skip to main content
The Activity tab provides a comprehensive audit trail of all server events, including administrative actions, server state changes, user activity logs, and system warnings or errors.

Overview

The Activity feed displays a chronological timeline of server events, helping you:
  • Track administrative actions performed by you and subusers
  • Monitor server state changes (starts, stops, restarts)
  • Review user activity for security and accountability
  • Identify system issues through warnings and error logs
All timestamps are displayed in your local timezone and include the user’s IP address for security tracking.

Event Types

Records all server power state changes:Each power action includes the full startup command used and execution time.
Tracks all file management activities:
  • File uploaded: server.properties
  • File edited: config.yml
  • File deleted: old_backup.zip
  • Directory created: plugins/
Shows the specific user who performed the action and affected file paths.
Records subuser and permission changes:
Documents all backup-related activities:
  • Backup created: “Pre-Update Backup”
  • Backup restored: “Rollback to stable version”
  • Backup deleted: Automated cleanup
  • Scheduled backup execution status
Alerts for security-related incidents:
  • Failed login attempts from unknown IPs
  • Permission denied actions
  • Suspicious file access patterns
  • SFTP connection attempts
Refine the activity log using the built-in filtering options:

Time Range Filters

  • Last 24 hours - Recent activity
  • Last 7 days - Weekly overview
  • Last 30 days - Monthly audit
  • Custom range - Specify exact dates

Event Type Filters

  • Power Actions - Server start/stop/restart events
  • File Management - Upload, edit, delete operations
  • User Actions - Login, permission changes
  • System Events - Automated processes, errors

User-Specific Filtering

  • Filter by primary admin actions
  • Filter by specific subuser activity
  • Show system-generated events only
Use the search bar to find specific events: 
"backup failed"
"config.yml"  
"192.168.1.100"

Detailed Event Information

Click on any activity entry to view comprehensive details:

Execution Context

  • Full command or action that was performed
  • Working directory where the action occurred
  • Process ID and execution time
  • Exit codes for completed operations

User Information

  • Account email and display name
  • Source IP address and geolocation
  • Session details and authentication method
  • Permission level at time of action

Common Use Cases

Security Auditing

1

Review Failed Logins

Filter events by “Security” type to identify unauthorized access attempts
2

Track Permission Changes

Monitor user management events for suspicious permission modifications
3

Verify File Access

Check file operation logs to ensure only authorized changes were made

Troubleshooting Server Issues

1

Identify Error Patterns

Search for error keywords to find recurring issues
2

Cross-Reference with Console

Use timestamps to correlate activity logs with console output
3

Track Configuration Changes

Review recent file edits that may have caused server problems

Accountability & Team Management

1

Monitor Team Activity

Filter by individual team members to review their actions
2

Document Changes

Use activity logs as evidence for change management processes
3

Identify Training Needs

Look for patterns that suggest team members need additional guidance

Best Practices

Regular Reviews

Schedule weekly activity log reviews to maintain security awareness and catch issues early

Document Incidents

Export relevant activity logs when reporting issues to support or for compliance records

Monitor Automation

Keep an eye on scheduled tasks and automated processes to ensure they’re working correctly

Set Up Alerts

Configure external monitoring tools to alert on specific activity patterns if needed

Troubleshooting

Problem: Recent actions aren’t showing in the activity feedSolutions:
  • Refresh the page to load the latest events
  • Check if time range filters are excluding recent activity
  • Verify that the action actually completed successfully
Problem: Activity shows “Unknown user” for some actionsExplanation:
  • User account was deleted but historical actions remain logged
  • System-generated events may not have an associated user
  • This is normal behavior and maintains audit trail integrity
Problem: Unusual patterns or unauthorized access attemptsImmediate Actions:
  1. Change all account passwords immediately
  2. Revoke access for suspicious subuser accounts
  3. Enable two-factor authentication if not already active
  4. Contact support with the relevant activity log details

Exporting Activity Data

For compliance or detailed analysis, you can export activity data:
  1. Set appropriate filters to narrow down the events you need
  2. Copy relevant entries using browser selection tools
  3. Screenshot important events for visual documentation
  4. Contact support for bulk export assistance if needed
Activity logs are retained for 90 days. For long-term audit requirements, consider regularly exporting important events.
Need help analyzing suspicious activity? Join our Discord support server and include your Server ID when submitting tickets.