Skip to main content

Reviewing your security log

You can review the security log for your personal account to better understand actions you've performed and actions others have performed that involve you.

Accessing your security log

The security log lists all actions performed within the last 90 days.

  1. 在任何页面的右上角,单击个人资料照片,然后单击“设置”。

    用户栏中的 Settings 图标

  2. In the "Archives" section of the sidebar, click Security log.

Searching your security log

每个审核日志条目的名称由 action 对象或类别限定符组成,后跟操作类型。 例如,repo.create 条目是指对 repo 类别的 create 操作。

每个审核日志条目都显示有关事件的适用信息,例如:

  • 执行操作的企业或组织
  • 执行操作的用户(参与者)
  • 受操作影响的用户
  • 执行操作的仓库
  • 执行的操作
  • 发生操作的国家/地区
  • 发生操作的日期和时间

请注意,无法使用文本搜索条目。 但是,您可以使用各种过滤器构建搜索查询。 查询日志时使用的许多运算符,如 -><,与在 GitHub Enterprise Server 上搜索时的格式相同。 有关详细信息,请参阅“在 GitHub 上搜索”。

基于操作搜索

使用 operation 限定符将操作限制为特定类型的操作。 例如:

  • operation:access 查找访问过资源的所有事件。
  • operation:authentication 查找执行过身份验证事件的所有事件。
  • operation:create 查找创建过资源的所有事件。
  • operation:modify 查找修改过现有资源的所有事件。
  • operation:remove 查找删除过现有资源的所有事件。
  • operation:restore 查找还原过现有资源的所有事件。
  • operation:transfer 查找传输过现有资源的所有事件。

基于仓库搜索

使用 repo 限定符将操作限制到特定存储库。 例如:

  • repo:my-org/our-repo 查找 my-org 组织中 our-repo 存储库发生的所有事件。
  • repo:my-org/our-repo repo:my-org/another-repo 查找 my-org 组织中 our-repoanother-repo 存储库发生的所有事件。
  • -repo:my-org/not-this-repo 排除 my-org 组织中 not-this-repo 存储库发生的所有事件。

请注意,必须在 repo 限定符包括帐户名称;仅搜索 repo:our-repo 将不起作用。

基于用户搜索

actor 限定符可将事件范围限于执行操作的人员。 例如:

  • actor:octocat 查找 octocat 执行的所有事件。
  • actor:octocat actor:hubot 查找 octocathubot 执行的所有事件。
  • -actor:hubot 排除 hubot 执行的所有事件。

请注意,只能使用 GitHub Enterprise Server 用户名,而不是个人的真实姓名。

Search based on the action performed

The events listed in your security log are triggered by your actions. Actions are grouped into the following categories:

Category nameDescription
oauth_accessContains all activities related to OAuth Apps you've connected with.
profile_pictureContains all activities related to your profile picture.
projectContains all activities related to project boards.
public_keyContains all activities related to your public SSH keys.
repoContains all activities related to the repositories you own.
teamContains all activities related to teams you are a part of.
two_factor_authenticationContains all activities related to two-factor authentication.
userContains all activities related to your account.

Security log actions

An overview of some of the most common actions that are recorded as events in the security log.

oauth_authorization category actions

ActionDescription
createTriggered when you grant access to an OAuth App.
destroyTriggered when you revoke an OAuth App's access to your account and when authorizations are revoked or expire.

profile_picture category actions

ActionDescription
updateTriggered when you set or update your profile picture.

project category actions

ActionDescription
accessTriggered when a project board's visibility is changed.
createTriggered when a project board is created.
renameTriggered when a project board is renamed.
updateTriggered when a project board is updated.
deleteTriggered when a project board is deleted.
linkTriggered when a repository is linked to a project board.
unlinkTriggered when a repository is unlinked from a project board.
update_user_permissionTriggered when an outside collaborator is added to or removed from a project board or has their permission level changed.

public_key category actions

ActionDescription
createTriggered when you add a new public SSH key to your account on your GitHub Enterprise Server instance.
deleteTriggered when you remove a public SSH key to your account on your GitHub Enterprise Server instance.

repo category actions

ActionDescription
accessTriggered when you a repository you own is switched from "private" to "public" (or vice versa).
add_memberTriggered when a GitHub Enterprise Server user is given collaboration access to a repository.
add_topicTriggered when a repository owner adds a topic to a repository.
archivedTriggered when a repository owner archives a repository.
config.disable_anonymous_git_accessTriggered when anonymous Git read access is disabled in a public repository.
config.enable_anonymous_git_accessTriggered when anonymous Git read access is enabled in a public repository.
config.lock_anonymous_git_accessTriggered when a repository's anonymous Git read access setting is locked.
config.unlock_anonymous_git_accessTriggered when a repository's anonymous Git read access setting is unlocked.
createTriggered when a new repository is created.
destroyTriggered when a repository is deleted.
remove_memberTriggered when a GitHub Enterprise Server user is removed from a repository as a collaborator.
remove_topicTriggered when a repository owner removes a topic from a repository.
renameTriggered when a repository is renamed.
transferTriggered when a repository is transferred.
transfer_startTriggered when a repository transfer is about to occur.
unarchivedTriggered when a repository owner unarchives a repository.

team category actions

ActionDescription
add_memberTriggered when a member of an organization you belong to adds you to a team.
add_repositoryTriggered when a team you are a member of is given control of a repository.
createTriggered when a new team in an organization you belong to is created.
destroyTriggered when a team you are a member of is deleted from the organization.
remove_memberTriggered when a member of an organization is removed from a team you are a member of.
remove_repositoryTriggered when a repository is no longer under a team's control.

two_factor_authentication category actions

ActionDescription
enabledTriggered when two-factor authentication is enabled.
disabledTriggered when two-factor authentication is disabled.

user category actions

ActionDescription
add_emailTriggered when you add a new email address.
createTriggered when you create a new personal account.
change_passwordTriggered when you change your password.
forgot_passwordTriggered when you ask for a password reset.
hide_private_contributions_countTriggered when you hide private contributions on your profile.
loginTriggered when you log in to your GitHub Enterprise Server instance.
mandatory_message_viewedTriggered when you view a mandatory message (see "Customizing user messages" for details)
failed_loginTriggered when you failed to log in successfully.
remove_emailTriggered when you remove an email address.
renameTriggered when you rename your account.
show_private_contributions_countTriggered when you publicize private contributions on your profile.
two_factor_requestedTriggered when GitHub Enterprise Server asks you for your two-factor authentication code.

user_status category actions

ActionDescription
updateTriggered when you set or change the status on your profile. For more information, see "Setting a status."
destroyTriggered when you clear the status on your profile.