The audit log dashboard gives you a visual display of audit data across your enterprise.
In the top-right corner of GitHub Enterprise Server, click your profile photo, then click Enterprise settings.
In the enterprise account sidebar, click Settings.
Under " Settings", click Audit log.
Within the map, you can pan and zoom to see events around the world. Hover over a country to see a quick count of events from that country.
The audit log lists the following information about actions made within your enterprise:
- The repository an action was performed in
- The user who performed the action
- Which organization an action pertained to
- The action that was performed
- Which country the action took place in
- The date and time the action occurred
- While you can't use text to search for audit entries, you can construct search queries using a variety of filters. GitHub Enterprise Server supports many operators for searching across GitHub Enterprise Server. For more information, see "About searching on GitHub."
- Audit records are available for the current month and every day of the previous six months.
repo qualifier limits actions to a specific repository owned by your organization. For example:
repo:my-org/our-repofinds all events that occurred for the
our-reporepository in the
repo:my-org/our-repo repo:my-org/another-repofinds all events that occurred for both the
another-reporepositories in the
-repo:my-org/not-this-repoexcludes all events that occurred for the
not-this-reporepository in the
You must include your organization's name within the
repo qualifier; searching for just
repo:our-repo will not work.
actor qualifier scopes events based on the member of your organization that performed the action. For example:
actor:octocatfinds all events performed by
actor:octocat actor:hubotfinds all events performed by both
-actor:hubotexcludes all events performed by
You can only use a GitHub Enterprise Server username, not an individual's real name.
org qualifier limits actions to a specific organization. For example:
org:my-orgfinds all events that occurred for the
org:my-org action:teamfinds all team events performed within the
-org:my-orgexcludes all events that occurred for the
action qualifier searches for specific events, grouped within categories. For information on the events associated with these categories, see "Audit log events for your enterprise".
|Contains all activities related to webhooks.
|Contains all activities related organization membership
|Contains all activities related to the repositories owned by your organization.
|Contains all activities related to teams in your organization.
You can search for specific sets of actions using these terms. For example:
action:teamfinds all events grouped within the team category.
-action:billingexcludes all events in the billing category.
Each category has a set of associated events that you can filter on. For example:
action:team.createfinds all events where a team was created.
-action:billing.change_emailexcludes all events where the billing email was changed.
country qualifier filters actions by the originating country.
- You can use a country's two-letter short code or its full name.
- Countries with spaces in their name must be wrapped in quotation marks. For example:
country:definds all events that occurred in Germany.
country:Mexicofinds all events that occurred in Mexico.
country:"United States"all finds events that occurred in the United States.
created qualifier filters actions by the time they occurred.
- Define dates using the format of
YYYY-MM-DD--that's year, followed by month, followed by day.
- Dates support greater than, less than, and range qualifiers. For example:
created:2014-07-08finds all events that occurred on July 8th, 2014.
created:>=2014-07-01finds all events that occurred on or after July 8th, 2014.
created:<=2014-07-01finds all events that occurred on or before July 8th, 2014.
created:2014-07-01..2014-07-31finds all events that occurred in the month of July 2014.