diff --git a/auth/api_auth.go b/auth/api_auth.go
index 498da8e..882771c 100644
--- a/auth/api_auth.go
+++ b/auth/api_auth.go
@@ -8,6 +8,7 @@ import (
 	"github.com/gin-gonic/gin"
 	"github.com/rs/zerolog/log"
 	"kumoly.io/kumoly/app/errors"
+	"kumoly.io/kumoly/app/history"
 	"kumoly.io/kumoly/app/server"
 )
 
@@ -26,6 +27,9 @@ func ApiLogin(c *gin.Context) {
 	if err != nil {
 		panic(err)
 	}
+	// log.Trace().Str("mod", "auth").
+	// 	Str("username", data.Name).Str("password", string(pwd)).
+	// 	Msg("user login")
 	usr := &User{}
 
 	// system developer login
@@ -39,6 +43,8 @@ func ApiLogin(c *gin.Context) {
 		if err != nil {
 			panic(err)
 		}
+		server.OK(c, usr)
+		return
 	}
 
 	err = DB.Preload("Profile").Preload("Groups").Where("username = ?", data.Name).First(usr).Error
@@ -74,6 +80,7 @@ func ApiLogin(c *gin.Context) {
 	if err != nil {
 		panic(err)
 	}
+
 	usr.LastLogin = time.Now()
 	usr.LastLoginIP = c.ClientIP()
 	usr.LoginFailed = 0
@@ -82,6 +89,15 @@ func ApiLogin(c *gin.Context) {
 		"login_failed":  usr.LoginFailed,
 		"last_login_ip": usr.LastLoginIP,
 	})
+
+	// send to history
+	history.Send(history.Info().Grp(usr.Username).Nm("Login").
+		Msgf("user login from %v", usr.LastLoginIP).
+		Bd(map[string]string{
+			"username": usr.Username,
+			"login_ip": usr.LastLoginIP,
+		}))
+
 	server.Res(c, &server.Response{
 		Status: 200,
 		Data:   usr,
diff --git a/auth/api_grp.go b/auth/api_grp.go
index 269bcc5..0e4d9c2 100644
--- a/auth/api_grp.go
+++ b/auth/api_grp.go
@@ -34,7 +34,8 @@ func ApiGrpNew(c *gin.Context) {
 	if err := c.ShouldBindJSON(&data); err != nil {
 		panic(err)
 	}
-	if strings.HasPrefix(data.Name, SYS_AUTH_PREFIX) && !ACHas(c, ADMIN) {
+	if (strings.HasPrefix(data.Name, SYS_AUTH_PREFIX) || data.Name == sys_user) &&
+		!ACHas(c, ADMIN) {
 		panic(errors.ErrorForbidden)
 	}
 	grp := &Group{
diff --git a/auth/helper.go b/auth/helper.go
index e97af65..c0b620f 100644
--- a/auth/helper.go
+++ b/auth/helper.go
@@ -152,6 +152,10 @@ func GetUser(c *gin.Context) (*User, error) {
 		return nil, err
 	}
 	usr := &User{}
+	if claim.Uid == sys_user {
+		usr = GetSysUser()
+		return usr, nil
+	}
 	err = DB.Preload("Groups").Preload("Profile").Where("id = ?", claim.Uid).First(usr).Error
 	if err != nil {
 		return nil, err
@@ -164,7 +168,7 @@ func NewUser(usr *User) error {
 	if usr.Username == "" || usr.Password == "" {
 		return ErrorBadRequestTmpl.New("auth.User")
 	}
-	if usr.Username == sys_user && usr.Password == sys_pwd {
+	if usr.Username == sys_user {
 		return ErrorUserExist
 	}
 	bytes, err := bcrypt.GenerateFromPassword([]byte(usr.Password), 14)
@@ -207,15 +211,15 @@ func NewUser(usr *User) error {
 
 func GetSysUser() *User {
 	grps := []*Group{}
-	if err := DB.Where("name = ?", SYSTEM).Find(&grps); err != nil {
-		grps = append(grps, &Group{
+	if err := DB.Where("name = ?", SYSTEM).Find(&grps).Error; err != nil {
+		grps = []*Group{{
 			Name:        SYSTEM,
 			DisplayName: strings.TrimPrefix(SYSTEM, SYS_AUTH_PREFIX),
-		})
+		}}
 	}
 	usr := &User{
-		ID:       "arec",
-		Username: "arec",
+		ID:       sys_user,
+		Username: sys_user,
 		Profile: Profile{
 			DisplayName: "System Developer",
 		},
diff --git a/control/service.go b/control/service.go
index baba32e..e774435 100644
--- a/control/service.go
+++ b/control/service.go
@@ -5,7 +5,6 @@ import (
 	"strings"
 
 	"github.com/gin-gonic/gin"
-	"github.com/spf13/viper"
 	"kumoly.io/kumoly/app/auth"
 	"kumoly.io/kumoly/app/email"
 	"kumoly.io/kumoly/app/errors"
@@ -59,20 +58,6 @@ func (srv Service) Load() error {
 		server.OK(c, "email sent.")
 	})
 
-	if !viper.GetBool("prod") {
-		ctlAPI.GET("sys_login", func(c *gin.Context) {
-			err := auth.SetClaims(c, &auth.Claims{
-				// Uid:    usr.ID,
-				// User:   usr.Username,
-				Groups: []string{auth.SYSTEM},
-			})
-			if err != nil {
-				panic(err)
-			}
-			server.OK(c, "logged in.")
-		})
-	}
-
 	// this should be in task service
 	ctlAPI.GET("tasks", auth.ACAdmin(), func(c *gin.Context) {
 		server.OK(c, task.GetProfile())
diff --git a/history/helper.go b/history/helper.go
index e063ff0..da3e7ca 100644
--- a/history/helper.go
+++ b/history/helper.go
@@ -1,6 +1,10 @@
 package history
 
-import "kumoly.io/kumoly/app/util"
+import (
+	"fmt"
+
+	"kumoly.io/kumoly/app/util"
+)
 
 func Error() *History {
 	h := getBase()
@@ -34,6 +38,10 @@ func (h *History) Msg(msg string) *History {
 	h.Message = msg
 	return h
 }
+func (h *History) Msgf(msg string, args ...interface{}) *History {
+	h.Message = fmt.Sprintf(msg, args...)
+	return h
+}
 func (h *History) Bd(body interface{}) *History {
 	h.Body = body
 	return h
diff --git a/history/history.go b/history/history.go
index 7ab953a..d509f05 100644
--- a/history/history.go
+++ b/history/history.go
@@ -40,8 +40,9 @@ type History struct {
 
 func (h *History) BeforeCreate(tx *gorm.DB) (err error) {
 	if h.Body != nil {
-		body, err := json.Marshal(h.Body)
-		if err != nil {
+		if body, err := json.Marshal(h.Body); err != nil {
+			log.Error().Str("mod", "history").Err(err).Msg("history create error")
+		} else {
 			h.BodyJson = string(body)
 		}
 	}
@@ -84,7 +85,9 @@ func Start(r Receiver) {
 
 func Stop() {
 	quit <- struct{}{}
+	log.Debug().Str("mod", "history").Msg("stop received")
 	wg.Wait()
+	log.Debug().Str("mod", "history").Msg("stoped")
 }
 
 func Send(h *History) {