Access Logs
What are Access Logs?
Access logs provide a focused view of authentication and authorization events for circuits that use non-public access policies (Project Members or Specific Users). While request logs capture every HTTP request regardless of type, access logs specifically track connection attempts - the moments when a user attempts to authenticate and gain access to a protected circuit. This distinction is significant because a single user session may generate hundreds of request log entries (one for each HTTP request), but only one or a few access log entries (for the initial authentication and any re-authentication events). Access logs record which identities attempted to access protected circuits and whether those attempts succeeded. This makes them essential for security auditing, detecting unauthorized access attempts, identifying brute-force attacks or credential stuffing, and maintaining compliance records that demonstrate access controls are functioning as intended.
Log Entry Fields
Each access log entry contains the following fields. The Timestamp records when the connection or authentication attempt occurred. The Source IP is the originating IP address of the client that attempted to connect. The Country is the ISO country code determined by geolocating the source IP. The Email is the email address associated with the authentication attempt, indicating which account was used in the access attempt, regardless of whether the attempt succeeded. The Connection identifies which circuit (by name or identifier) was targeted by the access attempt. The Result indicates the outcome of the attempt, which can be one of three values described below.
Result Types
The result field in an access log entry can take one of three values, each representing a different outcome of the connection attempt:
| Result | Meaning |
|---|---|
| Success | The user successfully authenticated with valid Mutexer credentials and was authorized to access the circuit based on its access policy (either as a project member or as a user on the explicit allowlist). The request was forwarded to the backend service. |
| Failed | The authentication or authorization check did not pass. This can mean the user provided invalid credentials, their account is not a member of the project (for Project Members policy), or their account is not on the circuit's allowlist (for Specific Users policy). The request was denied. |
| Rate Limited | The user (or the source IP) has made too many connection attempts in a short period of time, triggering rate limiting. The request was denied regardless of whether the credentials were valid. This protection helps prevent brute-force credential guessing and credential stuffing attacks. |
Filtering
The access logs view provides filters tailored to authentication and authorization analysis. The Search field performs a free-text search across all fields. The Date Range filter restricts entries to a specific time window. The Country filter displays only entries from a specific originating country, which is useful for identifying unexpected access attempts from unusual geographies. The Connection filter restricts the view to attempts targeting a specific circuit, enabling auditing of access to a particular service. The Result filter displays only successful, failed, or rate-limited attempts - filtering for Failed and Rate Limited results is particularly useful for identifying potential attack patterns or unauthorized access attempts.
Sorting
All columns in the access logs table support ascending and descending sorting by clicking the column header. This works the same way as in the request logs view and can be combined with filters for precise analysis.