Last Login to Plesk report analyzer

Understand Plesk last logins and failed control panel access

This calculator turns a raw Plesk Action Log into a clear, filterable table that highlights who tried to access your control panel, from which IP address and at what time. By tagging the log with a server name, you can easily distinguish activity between multiple Plesk servers.

Where this report comes from in Plesk

The input for this tool is the Action Log that you export from the Plesk interface. In the control panel, you can obtain it by navigating to Tools & Settings and selecting Action Log. After applying your desired filters inside Plesk, export or copy the log and paste the text into the analyzer. Each line is then parsed into fields such as IP address, timestamp, event type, login name and client GUID.

How the Plesk login analyzer interprets your log

The analyzer identifies control panel login events, failed login attempts and background maintenance such as component upgrades or license updates. For every parsed event, the tool extracts:

• Source IP address used to reach the Plesk interface.
• Server name that you entered in the form to tag the log.
• Timestamp split into full date-time, date-only and time-only views.
• Event type, for example CP User Login Attempt Failed or Plesk component upgrade.
• Login Name and Client GUID when available in the log entry.

Rows are then classified as login events, failed attempts, successful logins, maintenance events or other activity. Visually, failed login attempts are highlighted so that you can quickly scan for suspicious activity or brute-force patterns.

Using filters, grouping and columns to find security issues

The event filter lets you focus on specific subsets of the log, such as only failed login attempts or only successful logins. The grouping options allow you to show every event or restrict the view to the last event per IP address, per login name or per IP and login combination. Formally, the last event per IP is computed as

\[ \text{LastEvent}(IP) = \max_{i \in E_{IP}} \left( t_i \right) \]

where \( E_{IP} \) is the set of events associated with that IP and \( t_i \) is the event timestamp. A unique IP count is calculated as

\[ N_{\text{unique}} = \left| \{ IP_i \} \right|. \]

These metrics help you distinguish between isolated mistakes and repeated aggressive attempts from the same address or user name.

Exporting and documenting Plesk login activity

After you refine the view with filters and grouping, you can export the results to CSV or Excel. The exported data includes the server name you specified, so that you can merge logs from multiple instances while still knowing which record came from which host. This makes it easier to prepare incident reports, share security findings with other teams or archive historical access records for audit purposes. Because the underlying numbers are restricted to at most two decimal places where relevant, the exported sheets remain clean and easy to read.