关于搜索企业审� �日志
通过使用“筛选器”下拉菜单或键入搜索查询来直接从用户界面搜索企业审� �日志。
有关查看企业审� �日志的详细信息,请参阅“访问企业的审� �日志”。
也可以使用 API 检索审� �日志事件。 有关详细信息,请参阅“使用� 企业的审� �日志 API”。
� 法使用文本搜索条目。 但是,您可以使用各种过滤器构建搜索查询。 查询日志时使用的许多运算符,如 -、> 或 <,与在 GitHub Enterprise Server 上搜索时的� �式相同。 有关详细信息,请参阅“在 GitHub 上搜索”。
注意:审� �日志列出了由影响企业的活动触发的事件。 GitHub Enterprise Server 的审� �日志将� 限期保留.
默认情况下,仅显示过去三个月的事件。 若要查看较旧的事件,必须使用 created 参数指定日期范围。 有关详细信息,请参阅“了解搜索语法”。
搜索查询筛选器
| 筛选器 | 说明 |
|---|---|
Yesterday's activity | 在过去一天中创建的所有操作。 |
Enterprise account management | business 类别中的所有操作。 |
Organization membership | 邀请新用户� 入组织时的所有操作。 |
Team management | 与团队管理相关的所有操作。 - 从团队添� 或� 除用户帐户或存储库时 - 当团队维护者被提升或降级时 - � 除团队时 |
Repository management | 用于存储库管理的所有操作。 - 创建或� 除存储库时 - 更改存储库可见性时 - 从存储库添� 或� 除团队时 |
Hook activity | 用于 Webhook 和预接收挂钩的所有操作。 |
Security management | 有关 SSH 密钥、部署密钥、安全密钥、2FA 和 SAML 单一登录凭据授权以及存储库漏洞警报的所有操作。 |
搜索查询语法
� 可以用一个或多个 key:value 对(以 AND/OR 逻辑运算符分隔)构成一个搜索查询。 例如,要查看自 2017 年初开始影响存储库 octocat/Spoon-Knife 的所有操作:
repo:"octocat/Spoon-Knife" AND created:>=2017-01-01
可以在搜索查询中使用的 key:value 对包括:
| 密钥 | 值 |
|---|---|
actor_id | 发起操作的用户帐户的 ID |
actor | 发起操作的用户帐户的名称 |
oauth_app_id | 与操作相关联的 OAuth 应用程序的 ID |
action | 已审� �操作的名称 |
user_id | 受操作影响的用户的 ID |
user | 受操作影响的用户的名称 |
repo_id | 受操作影响的仓库的 ID(若适用) |
repo | 受操作影响的仓库的名称(若适用) |
actor_ip | 发起操作的 IP 地址 |
created | 发生操作的时间 。 如果从站点管理员仪表板查询审� �日志,请改用 created_at |
from | 发起操作的视图 |
note | 事件特定的其他信息(采用纯文本或 JSON � �式) |
org | 受操作影响的组织的名称(若适用) |
org_id | 受操作影响的组织的 ID(若适用) |
business | 受操作影响的企业名(若适用) |
business_id | 受操作影响的企业 ID(若适用) |
要查看按类别分组的操作,还可以将操作限定符用作 key:value 对。 有关详细信息,请参阅“基于执行的操作进行搜索”。
有关企业审� �日志中的操作的完整列表,请参阅“企业的审� �日志操作”。
搜索审� �日志
基于操作搜索
使用 operation 限定符将操作限制为特定类型的操作。 例如:
operation:access查找访问过资源的所有事件。operation:authentication查找执行过身份验证事件的所有事件。operation:create查找创建过资源的所有事件。operation:modify查找修改过现有资源的所有事件。operation:remove查找� 除过现有资源的所有事件。operation:restore查找还原过现有资源的所有事件。operation:transfer查找� 输过现有资源的所有事件。
基于仓库搜索
使用 repo 限定符将操作限制到特定存储库。 例如:
repo:my-org/our-repo查找my-org组织中our-repo存储库发生的所有事件。repo:my-org/our-repo repo:my-org/another-repo查找my-org组织中our-repo和another-repo存储库发生的所有事件。-repo:my-org/not-this-repo排除my-org组织中not-this-repo存储库发生的所有事件。
请注意,必须在 repo 限定符包括帐户名称;仅搜索 repo:our-repo 将不起作用。
基于用户搜索
actor 限定符可将事件范围限于执行操作的人员。 例如:
actor:octocat查找octocat执行的所有事件。actor:octocat actor:hubot查找octocat和hubot执行的所有事件。-actor:hubot排除hubot执行的所有事件。
请注意,只能使用 GitHub Enterprise Server 用户名,而不是个人的真实姓名。
基于执行的操作搜索
要搜索特定事件,请在查询中使用 action 限定符。 例如:
action:team查找分组在团队类别中的所有事件。-action:hook排除 Webhook 类别中的所有事件。
每个类别都有一组可进行过滤的关联操作。 例如:
action:team.create查找创建团队的所有事件。-action:hook.events_changed排除已更改 Webhook 上事件的所有事件。
可在企业审� �日志中找到的操作按以下类别分组:
| Category name | Description |
|---|---|
artifact | Contains activities related to GitHub Actions workflow run artifacts. |
business | Contains activities related to business settings for an enterprise. |
checks | Contains activities related to check suites and runs. |
commit_comment | Contains activities related to updating or deleting commit comments. |
config_entry | Contains activities related to configuration settings. These events are only visible in the site admin audit log. |
dependency_graph | Contains organization-level configuration activities for dependency graphs for repositories. For more information, see "About the dependency graph." |
dependency_graph_new_repos | Contains organization-level configuration activities for new repositories created in the organization. |
dotcom_connection | Contains activities related to GitHub Connect. |
enterprise | Contains activities related to enterprise settings. |
gist | Contains activities related to Gists. |
hook | Contains activities related to webhooks. |
integration | Contains activities related to integrations in an account. |
integration_installation | Contains activities related to integrations installed in an account. |
integration_installation_request | Contains activities related to organization member requests for owners to approve integrations for use in the organization. |
issue | Contains activities related to pinning, transferring, or deleting an issue in a repository. |
issue_comment | Contains activities related to pinning, transferring, or deleting issue comments. |
issues | Contains activities related to enabling or disabling issue creation for an organization. |
members_can_create_pages | Contains activities related to managing the publication of GitHub Pages sites for repositories in the organization. For more information, see "Managing the publication of GitHub Pages sites for your organization." |
members_can_create_private_pages | Contains activities related to managing the publication of private GitHub Pages sites for repositories in the organization. |
members_can_create_public_pages | Contains activities related to managing the publication of public GitHub Pages sites for repositories in the organization. |
members_can_delete_repos | Contains activities related to enabling or disabling repository creation for an organization. |
oauth_access | Contains activities related to OAuth access tokens. |
oauth_application | Contains activities related to OAuth Apps. |
org | Contains activities related to organization membership. |
org_credential_authorization | Contains activities related to authorizing credentials for use with SAML single sign-on. |
organization_default_label | Contains activities related to default labels for repositories in an organization. |
organization_domain | Contains activities related to verified organization domains. |
organization_projects_change | Contains activities related to organization-wide project boards in an enterprise. |
pre_receive_environment | Contains activities related to pre-receive hook environments. |
pre_receive_hook | Contains activities related to pre-receive hooks. |
private_instance_encryption | Contains activities related to enabling private mode for an enterprise. |
private_repository_forking | Contains activities related to allowing forks of private and internal repositories, for a repository, organization or enterprise. |
project | Contains activities related to project boards. |
project_field | Contains activities related to field creation and deletion in a project board. |
project_view | Contains activities related to view creation and deletion in a project board. |
protected_branch | Contains activities related to protected branches. |
public_key | Contains activities related to SSH keys and deploy keys. |
pull_request | Contains activities related to pull requests. |
pull_request_review | Contains activities related to pull request reviews. |
pull_request_review_comment | Contains activities related to pull request review comments. |
repo | Contains activities related to the repositories owned by an organization. |
repository_image | Contains activities related to images for a repository. |
repository_invitation | Contains activities related to invitations to join a repository. |
repository_projects_change | Contains activities related to enabling projects for a repository or for all repositories in an organization. |
repository_secret_scanning | Contains repository-level activities related to secret scanning. For more information, see "About secret scanning." |
repository_vulnerability_alert | Contains activities related to Dependabot alerts. |
restrict_notification_delivery | Contains activities related to the restriction of email notifications to approved or verified domains for an enterprise. |
secret_scanning | Contains organization-level configuration activities for secret scanning in existing repositories. For more information, see "About secret scanning." |
secret_scanning_new_repos | Contains organization-level configuration activities for secret scanning for new repositories created in the organization. |
security_key | Contains activities related to security keys registration and removal. |
ssh_certificate_authority | Contains activities related to a SSH certificate authority in an organization or enterprise. |
ssh_certificate_requirement | Contains activities related to requiring members use SSH certificates to access organization resources. |
staff | Contains activities related to a site admin performing an action. |
team | Contains activities related to teams in an organization. |
team_discussions | Contains activities related to managing team discussions for an organization. |
two_factor_authentication | Contains activities related to two-factor authentication. |
user | Contains activities related to users in an enterprise or organization. |
user_license | Contains activities related to a user occupying a licensed seat in, and being a member of, an enterprise. |
workflows | Contains activities related to GitHub Actions workflows. |
基于操作时间搜索
使用 created 限定符可以� �据事件发生的时间筛选审� �日志中的事件。
日期� �式必须遵循 ISO8601 � �准,即 YYYY-MM-DD(年-月-日)。 也可以在日期后添� 可选的时间信息 THH:MM:SS+00:00,以按小时、分钟和秒进行搜索。 即 T,随后是 HH:MM:SS(时-分-秒)和 UTC 时差 (+00:00)。
搜索日期时,可以使用大于、小于和范围限定符来进一步筛选结果。 有关详细信息,请参阅“了解搜索语法”。
例如:
created:2014-07-08查找 2014 年 7 月 8 日发生的所有事件。created:>=2014-07-08查找 2014 年 7 月 8 日当天或之后发生的所有事件。created:<=2014-07-08查找 2014 年 7 月 8 日当天或之前发生的所有事件。created:2014-07-01..2014-07-31查找 2014 年 7 月发生的所有事件。
基于位置搜索
使用限定符 country,可以� �据原始国家/地区筛选审� �日志中的事件。 � 可以使用国家/地区的两字母短代� �或完整名称。 名称中包含空� �的国家/地区需要� 引号。 例如:
country:de查找在德国发生的所有事件。country:Mexico查找在墨西哥发生的所有事件。country:"United States"查找在美国发生的所有事件。