They will run on successful authentication. You can see some information about the authentication event via the context object. I am not sure what you mean by determine if it is a login, as they should all be some sort of login.
What are you wanting to do with the IP data? You can whitelist or blacklist IPs using rules too if that is your end goal.