To track Ory Kratos logins for record-keeping, you can leverage Ory's logging and audit trail features. Ory provides structured logs that include information about login attempts (both successful and failed), along with metadata such as timestamp, identity, device, and IP address. These logs are machine-readable and can be used for auditing and monitoring user activity. Specifically, Ory distinguishes between application logs and audit logs. Audit logs document events like allowed and denied authorizations, as well as failed and successful login attempts. Each log entry includes context such as HTTP request details (headers, method, path, remote IP, etc.) and is intended for operators and administrators. Sensitive information like Authorization headers and cookies is redacted by default, but you can configure log verbosity if needed. Logs are separated by tenant and are accessible to admins only, with retention policies in place for sensitive data. In the Ory Console, admins can also view aggregate activity and recent account activity for individual identities, with PII hidden by default and accessible on demand [Logs and audit trails](https://www.ory.sh/docs/self-hosted/operations/logging#log-fields) [Github Issue: Observability of self-service account activity and authentication](https://github.com/ory/network/issues/118). Example log entry for a successful login:

time=2020-05-20T11:57:29+02:00 level=info msg=Login successful. audience=audit service_name=foo service_version=bar

What to do: - Ensure your Ory Kratos deployment is configured to write logs to a location you control. - Collect and store these logs securely for your desired retention period. - Use the Ory Console for a UI-based overview of login activity if you are using Ory Network. If you need to programmatically access session or login information, you can also query the

/sessions/whoami

endpoint to retrieve session details, including the identity and authentication method used [Session Checks](https://www.ory.sh/docs/kratos/bring-your-own-ui/custom-ui-basic-integration#session-checks). If you require more advanced integrations (e.g., sending login events to external systems), Ory Actions can be configured to trigger custom logic after login events [Configure Hooks and Actions](https://www.ory.sh/docs/kratos/hooks/configure-hooks). Summary: - Use Ory's audit logs for tracking logins. - Access logs via your logging backend or the Ory Console. - Optionally, use Ory Actions for custom integrations or automation.

If you do not see "Login successful" in your Ory Kratos logs, this is expected based on the available documentation. The knowledge sources describe the structure and fields of Ory logs, including examples that show messages like "Login successful" as possible log entries, but they do not guarantee that such messages will always appear in your logs by default. The documentation provides example log lines to illustrate the types of information that can be logged, but it does not state that Ory Kratos will always emit a "Login successful" message for every login event out of the box [Logs and audit trails](https://www.ory.sh/docs/self-hosted/operations/logging#log-fields). If you require explicit "Login successful" messages or more detailed login event tracking, you may need to: - Adjust your log level or log format settings to ensure all relevant events are captured. - Implement custom hooks or actions to log additional information after successful logins [Configure Hooks and Actions](https://www.ory.sh/docs/kratos/hooks/configure-hooks). In summary, the absence of "Login successful" in your logs does not indicate a misconfiguration, but rather that such messages are not guaranteed by default according to the documentation.