REST-API-Endpunkte für Enterprise-Überwachungsprotokolle
Verwende die REST-API, um Überwachungsprotokolle für ein Unternehmen abzurufen.
Note
Diese Endpunkte unterstützen nur die Authentifizierung über ein personal access token (classic). Weitere Informationen findest du unter Verwalten deiner persönlichen Zugriffstoken.
Get the audit log for an enterprise
Gets the audit log for an enterprise.
This endpoint has a rate limit of 1,750 queries per hour per user and IP address. If your integration receives a rate limit error (typically a 403 or 429 response), it should wait before making another request to the GitHub API. For more information, see "Rate limits for the REST API" and "Best practices for integrators."
The authenticated user must be an enterprise admin to use this endpoint.
OAuth app tokens and personal access tokens (classic) need the read:audit_log
scope to use this endpoint.
Differenzierte Zugriffstoken für "Get the audit log for an enterprise"
Dieser Endpunkt funktioniert mit den folgenden differenzierten Tokentypen.:
- GitHub-App-Benutzerzugriffstoken
- Zugriffstoken für GitHub App-Installation
- Differenzierte persönliche Zugriffstoken
Das differenzierte Token muss einen der folgenden Berechtigungssätze aufweisen.:
- "Enterprise administration" business permissions (read)
Parameter für „Get the audit log for an enterprise“
Name, type, BESCHREIBUNG |
---|
accept string Setting to |
Name, type, BESCHREIBUNG |
---|
enterprise string ErforderlichThe slug version of the enterprise name. You can also substitute this value with the enterprise id. |
Name, type, BESCHREIBUNG |
---|
phrase string A search phrase. For more information, see Searching the audit log. |
include string The event types to include:
The default is Kann eine der Folgenden sein: |
after string A cursor, as given in the Link header. If specified, the query only searches for events after this cursor. |
before string A cursor, as given in the Link header. If specified, the query only searches for events before this cursor. |
order string The order of audit log events. To list newest events first, specify The default is Kann eine der Folgenden sein: |
page integer The page number of the results to fetch. For more information, see "Using pagination in the REST API." Standard: |
per_page integer The number of results per page (max 100). For more information, see "Using pagination in the REST API." Standard: |
HTTP-Antwortstatuscodes für „Get the audit log for an enterprise“
Statuscode | BESCHREIBUNG |
---|---|
200 | OK |
Codebeispiele für „Get the audit log for an enterprise“
Wenn du unter GHE.com auf GitHub zugreifst, ersetze api.github.com
unter api.SUBDOMAIN.ghe.com
mit der dedizierten Unterdomäne deines Unternehmens.
Anforderungsbeispiel
curl -L \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer <YOUR-TOKEN>" \
-H "X-GitHub-Api-Version: 2022-11-28" \
https://api.github.com/enterprises/ENTERPRISE/audit-log
Response
Status: 200
[
{
"@timestamp": 1606929874512,
"action": "team.add_member",
"actor": "octocat",
"created_at": 1606929874512,
"_document_id": "xJJFlFOhQ6b-5vaAFy9Rjw",
"org": "octo-corp",
"team": "octo-corp/example-team",
"user": "monalisa"
},
{
"@timestamp": 1606507117008,
"action": "org.create",
"actor": "octocat",
"created_at": 1606507117008,
"_document_id": "Vqvg6kZ4MYqwWRKFDzlMoQ",
"org": "octocat-test-org"
},
{
"@timestamp": 1605719148837,
"action": "repo.destroy",
"actor": "monalisa",
"created_at": 1605719148837,
"_document_id": "LwW2vpJZCDS-WUmo9Z-ifw",
"org": "mona-org",
"repo": "mona-org/mona-test-repo",
"visibility": "private"
}
]
Get the audit log stream key for encrypting secrets
Retrieves the audit log streaming public key for encrypting secrets.
When using this endpoint, you must encrypt the credentials following the same encryption steps as outlined in the guide on encrypting secrets. See "Encrypting secrets for the REST API."
Differenzierte Zugriffstoken für "Get the audit log stream key for encrypting secrets"
Dieser Endpunkt funktioniert nicht mit GitHub-App-Benutzerzugriffstoken, GitHub-App-Installationszugriffstoken oder differenzierten persönlichen Zugriffstoken.
Parameter für „Get the audit log stream key for encrypting secrets“
Name, type, BESCHREIBUNG |
---|
accept string Setting to |
Name, type, BESCHREIBUNG |
---|
enterprise string ErforderlichThe slug version of the enterprise name. You can also substitute this value with the enterprise id. |
HTTP-Antwortstatuscodes für „Get the audit log stream key for encrypting secrets“
Statuscode | BESCHREIBUNG |
---|---|
200 | The stream key for the audit log streaming configuration was retrieved successfully. |
Codebeispiele für „Get the audit log stream key for encrypting secrets“
Wenn du unter GHE.com auf GitHub zugreifst, ersetze api.github.com
unter api.SUBDOMAIN.ghe.com
mit der dedizierten Unterdomäne deines Unternehmens.
Anforderungsbeispiel
curl -L \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer <YOUR-TOKEN>" \
-H "X-GitHub-Api-Version: 2022-11-28" \
https://api.github.com/enterprises/ENTERPRISE/audit-log/stream-key
The stream key for the audit log streaming configuration was retrieved successfully.
Status: 200
{
"key_id": "123",
"key": "actual-public-key-value"
}
List audit log stream configurations for an enterprise
Lists the configured audit log streaming configurations for an enterprise. This only lists configured streams for supported providers.
When using this endpoint, you must encrypt the credentials following the same encryption steps as outlined in the guide on encrypting secrets. See "Encrypting secrets for the REST API."
Differenzierte Zugriffstoken für "List audit log stream configurations for an enterprise"
Dieser Endpunkt funktioniert nicht mit GitHub-App-Benutzerzugriffstoken, GitHub-App-Installationszugriffstoken oder differenzierten persönlichen Zugriffstoken.
Parameter für „List audit log stream configurations for an enterprise“
Name, type, BESCHREIBUNG |
---|
accept string Setting to |
Name, type, BESCHREIBUNG |
---|
enterprise string ErforderlichThe slug version of the enterprise name. You can also substitute this value with the enterprise id. |
HTTP-Antwortstatuscodes für „List audit log stream configurations for an enterprise“
Statuscode | BESCHREIBUNG |
---|---|
200 | OK |
Codebeispiele für „List audit log stream configurations for an enterprise“
Wenn du unter GHE.com auf GitHub zugreifst, ersetze api.github.com
unter api.SUBDOMAIN.ghe.com
mit der dedizierten Unterdomäne deines Unternehmens.
Anforderungsbeispiel
curl -L \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer <YOUR-TOKEN>" \
-H "X-GitHub-Api-Version: 2022-11-28" \
https://api.github.com/enterprises/ENTERPRISE/audit-log/streams
OK
Status: 200
[
{
"id": 1,
"stream_type": "Splunk",
"stream_details": "US",
"enabled": true,
"created_at": "2024-06-06T08:00:00Z",
"updated_at": "2024-06-06T08:00:00Z",
"paused_at": null
}
]
Create an audit log streaming configuration for an enterprise
Creates an audit log streaming configuration for any of the supported streaming endpoints: Azure Blob Storage, Azure Event Hubs, Amazon S3, Splunk, Google Cloud Storage, Datadog.
When using this endpoint, you must encrypt the credentials following the same encryption steps as outlined in the guide on encrypting secrets. See "Encrypting secrets for the REST API."
Differenzierte Zugriffstoken für "Create an audit log streaming configuration for an enterprise"
Dieser Endpunkt funktioniert nicht mit GitHub-App-Benutzerzugriffstoken, GitHub-App-Installationszugriffstoken oder differenzierten persönlichen Zugriffstoken.
Parameter für „Create an audit log streaming configuration for an enterprise“
Name, type, BESCHREIBUNG |
---|
accept string Setting to |
Name, type, BESCHREIBUNG |
---|
enterprise string ErforderlichThe slug version of the enterprise name. You can also substitute this value with the enterprise id. |
Name, type, BESCHREIBUNG | |||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
enabled boolean ErforderlichThis setting pauses or resumes a stream. | |||||||||||||||||||||||||||||||||||||||||||||||||
stream_type string ErforderlichThe audit log streaming provider. The name is case sensitive. Kann eine der Folgenden sein: | |||||||||||||||||||||||||||||||||||||||||||||||||
vendor_specific object Erforderlich | |||||||||||||||||||||||||||||||||||||||||||||||||
Can be one of these objects:
AzureHubConfig object ErforderlichAzure Event Hubs Config for audit log streaming configuration. Properties of |
Name, type, BESCHREIBUNG |
---|
name string ErforderlichInstance name of Azure Event Hubs |
encrypted_connstring string ErforderlichEncrypted Connection String for Azure Event Hubs |
key_id string ErforderlichKey ID obtained from the audit log stream key endpoint used to encrypt secrets. |
AmazonS3OIDCConfig
object ErforderlichAmazon S3 OIDC Config for audit log streaming configuration.
Properties of AmazonS3OIDCConfig
Name, type, BESCHREIBUNG |
---|
bucket string ErforderlichAmazon S3 Bucket Name. |
region string ErforderlichAWS S3 Bucket Region. |
key_id string ErforderlichKey ID obtained from the audit log stream key endpoint used to encrypt secrets. |
authentication_type string ErforderlichAuthentication Type for Amazon S3. Wert: |
arn_role string Erforderlich |
AmazonS3AccessKeysConfig
object ErforderlichAmazon S3 Access Keys Config for audit log streaming configuration.
Properties of AmazonS3AccessKeysConfig
Name, type, BESCHREIBUNG |
---|
bucket string ErforderlichAmazon S3 Bucket Name. |
region string ErforderlichAmazon S3 Bucket Name. |
key_id string ErforderlichKey ID obtained from the audit log stream key endpoint used to encrypt secrets. |
authentication_type string ErforderlichAuthentication Type for Amazon S3. Wert: |
encrypted_secret_key string ErforderlichEncrypted AWS Secret Key. |
encrypted_access_key_id string ErforderlichEncrypted AWS Access Key ID. |
SplunkConfig
object ErforderlichSplunk Config for Audit Log Stream Configuration
Properties of SplunkConfig
Name, type, BESCHREIBUNG |
---|
domain string ErforderlichDomain of Splunk instance. |
port integer ErforderlichThe port number for connecting to Splunk. |
key_id string ErforderlichKey ID obtained from the audit log stream key endpoint used to encrypt secrets. |
encrypted_token string ErforderlichEncrypted Token. |
ssl_verify boolean ErforderlichSSL verification helps ensure your events are sent to your Splunk endpoint securely. |
GoogleCloudConfig
object ErforderlichGoogle Cloud Config for audit log streaming configuration.
Properties of GoogleCloudConfig
Name, type, BESCHREIBUNG |
---|
bucket string ErforderlichGoogle Cloud Bucket Name |
key_id string ErforderlichKey ID obtained from the audit log stream key endpoint used to encrypt secrets. |
encrypted_json_credentials string Erforderlich |
DatadogConfig
object ErforderlichDatadog Config for audit log streaming configuration.
Properties of DatadogConfig
Name, type, BESCHREIBUNG |
---|
encrypted_token string ErforderlichEncrypted Splunk token. |
site string ErforderlichDatadog Site to use. Kann eine der Folgenden sein: |
key_id string ErforderlichKey ID obtained from the audit log stream key endpoint used to encrypt secrets. |
HTTP-Antwortstatuscodes für „Create an audit log streaming configuration for an enterprise“
Statuscode | BESCHREIBUNG |
---|---|
200 | The audit log stream configuration was created successfully. |
Codebeispiele für „Create an audit log streaming configuration for an enterprise“
Wenn du unter GHE.com auf GitHub zugreifst, ersetze api.github.com
unter api.SUBDOMAIN.ghe.com
mit der dedizierten Unterdomäne deines Unternehmens.
Anforderungsbeispiel
curl -L \
-X POST \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer <YOUR-TOKEN>" \
-H "X-GitHub-Api-Version: 2022-11-28" \
https://api.github.com/enterprises/ENTERPRISE/audit-log/streams \
-d '{"enabled":false,"stream_type":"Azure Event Hubs","vendor_specific":{"namespace":"newnamespace","shared_access_key_name":"newaccesskeyname","shared_access_key":"newaccesskey","event_hub_name":"neweventhub"}}'
The audit log stream configuration was created successfully.
Status: 200
{
"id": 1,
"stream_type": "Splunk",
"stream_details": "US",
"enabled": true,
"created_at": "2024-06-06T08:00:00Z",
"updated_at": "2024-06-06T08:00:00Z",
"paused_at": null
}
List one audit log streaming configuration via a stream ID
Lists one audit log stream configuration via a stream ID.
When using this endpoint, you must encrypt the credentials following the same encryption steps as outlined in the guide on encrypting secrets. See "Encrypting secrets for the REST API."
Differenzierte Zugriffstoken für "List one audit log streaming configuration via a stream ID"
Dieser Endpunkt funktioniert nicht mit GitHub-App-Benutzerzugriffstoken, GitHub-App-Installationszugriffstoken oder differenzierten persönlichen Zugriffstoken.
Parameter für „List one audit log streaming configuration via a stream ID“
Name, type, BESCHREIBUNG |
---|
accept string Setting to |
Name, type, BESCHREIBUNG |
---|
enterprise string ErforderlichThe slug version of the enterprise name. You can also substitute this value with the enterprise id. |
stream_id integer ErforderlichThe ID of the audit log stream configuration. |
HTTP-Antwortstatuscodes für „List one audit log streaming configuration via a stream ID“
Statuscode | BESCHREIBUNG |
---|---|
200 | Lists one audit log stream configuration via stream ID. |
Codebeispiele für „List one audit log streaming configuration via a stream ID“
Wenn du unter GHE.com auf GitHub zugreifst, ersetze api.github.com
unter api.SUBDOMAIN.ghe.com
mit der dedizierten Unterdomäne deines Unternehmens.
Anforderungsbeispiel
curl -L \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer <YOUR-TOKEN>" \
-H "X-GitHub-Api-Version: 2022-11-28" \
https://api.github.com/enterprises/ENTERPRISE/audit-log/streams/STREAM_ID
Lists one audit log stream configuration via stream ID.
Status: 200
{
"id": 1,
"stream_type": "Splunk",
"stream_details": "US",
"enabled": true,
"created_at": "2024-06-06T08:00:00Z",
"updated_at": "2024-06-06T08:00:00Z",
"paused_at": null
}
Update an existing audit log stream configuration
Updates an existing audit log stream configuration for an enterprise.
When using this endpoint, you must encrypt the credentials following the same encryption steps as outlined in the guide on encrypting secrets. See "Encrypting secrets for the REST API."
Differenzierte Zugriffstoken für "Update an existing audit log stream configuration"
Dieser Endpunkt funktioniert nicht mit GitHub-App-Benutzerzugriffstoken, GitHub-App-Installationszugriffstoken oder differenzierten persönlichen Zugriffstoken.
Parameter für „Update an existing audit log stream configuration“
Name, type, BESCHREIBUNG |
---|
accept string Setting to |
Name, type, BESCHREIBUNG |
---|
enterprise string ErforderlichThe slug version of the enterprise name. You can also substitute this value with the enterprise id. |
stream_id integer ErforderlichThe ID of the audit log stream configuration. |
Name, type, BESCHREIBUNG | |||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
enabled boolean ErforderlichThis setting pauses or resumes a stream. | |||||||||||||||||||||||||||||||||||||||||||||||||
stream_type string ErforderlichThe audit log streaming provider. The name is case sensitive. Kann eine der Folgenden sein: | |||||||||||||||||||||||||||||||||||||||||||||||||
vendor_specific object Erforderlich | |||||||||||||||||||||||||||||||||||||||||||||||||
Can be one of these objects:
AzureHubConfig object ErforderlichAzure Event Hubs Config for audit log streaming configuration. Properties of |
Name, type, BESCHREIBUNG |
---|
name string ErforderlichInstance name of Azure Event Hubs |
encrypted_connstring string ErforderlichEncrypted Connection String for Azure Event Hubs |
key_id string ErforderlichKey ID obtained from the audit log stream key endpoint used to encrypt secrets. |
AmazonS3OIDCConfig
object ErforderlichAmazon S3 OIDC Config for audit log streaming configuration.
Properties of AmazonS3OIDCConfig
Name, type, BESCHREIBUNG |
---|
bucket string ErforderlichAmazon S3 Bucket Name. |
region string ErforderlichAWS S3 Bucket Region. |
key_id string ErforderlichKey ID obtained from the audit log stream key endpoint used to encrypt secrets. |
authentication_type string ErforderlichAuthentication Type for Amazon S3. Wert: |
arn_role string Erforderlich |
AmazonS3AccessKeysConfig
object ErforderlichAmazon S3 Access Keys Config for audit log streaming configuration.
Properties of AmazonS3AccessKeysConfig
Name, type, BESCHREIBUNG |
---|
bucket string ErforderlichAmazon S3 Bucket Name. |
region string ErforderlichAmazon S3 Bucket Name. |
key_id string ErforderlichKey ID obtained from the audit log stream key endpoint used to encrypt secrets. |
authentication_type string ErforderlichAuthentication Type for Amazon S3. Wert: |
encrypted_secret_key string ErforderlichEncrypted AWS Secret Key. |
encrypted_access_key_id string ErforderlichEncrypted AWS Access Key ID. |
SplunkConfig
object ErforderlichSplunk Config for Audit Log Stream Configuration
Properties of SplunkConfig
Name, type, BESCHREIBUNG |
---|
domain string ErforderlichDomain of Splunk instance. |
port integer ErforderlichThe port number for connecting to Splunk. |
key_id string ErforderlichKey ID obtained from the audit log stream key endpoint used to encrypt secrets. |
encrypted_token string ErforderlichEncrypted Token. |
ssl_verify boolean ErforderlichSSL verification helps ensure your events are sent to your Splunk endpoint securely. |
GoogleCloudConfig
object ErforderlichGoogle Cloud Config for audit log streaming configuration.
Properties of GoogleCloudConfig
Name, type, BESCHREIBUNG |
---|
bucket string ErforderlichGoogle Cloud Bucket Name |
key_id string ErforderlichKey ID obtained from the audit log stream key endpoint used to encrypt secrets. |
encrypted_json_credentials string Erforderlich |
DatadogConfig
object ErforderlichDatadog Config for audit log streaming configuration.
Properties of DatadogConfig
Name, type, BESCHREIBUNG |
---|
encrypted_token string ErforderlichEncrypted Splunk token. |
site string ErforderlichDatadog Site to use. Kann eine der Folgenden sein: |
key_id string ErforderlichKey ID obtained from the audit log stream key endpoint used to encrypt secrets. |
HTTP-Antwortstatuscodes für „Update an existing audit log stream configuration“
Statuscode | BESCHREIBUNG |
---|---|
200 | Successful update |
422 | Validation error |
Codebeispiele für „Update an existing audit log stream configuration“
Wenn du unter GHE.com auf GitHub zugreifst, ersetze api.github.com
unter api.SUBDOMAIN.ghe.com
mit der dedizierten Unterdomäne deines Unternehmens.
Anforderungsbeispiel
curl -L \
-X PUT \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer <YOUR-TOKEN>" \
-H "X-GitHub-Api-Version: 2022-11-28" \
https://api.github.com/enterprises/ENTERPRISE/audit-log/streams/STREAM_ID \
-d '{"enabled":false,"stream_type":"Azure Event Hubs","vendor_specific":{"namespace":"newnamespace","shared_access_key_name":"newaccesskeyname","shared_access_key":"newaccesskey","event_hub_name":"neweventhub"}}'
Successful update
Status: 200
{
"id": 1,
"stream_type": "Splunk",
"stream_details": "US",
"enabled": true,
"created_at": "2024-06-06T08:00:00Z",
"updated_at": "2024-06-06T08:00:00Z",
"paused_at": null
}
Delete an audit log streaming configuration for an enterprise
Deletes an existing audit log stream configuration for an enterprise.
When using this endpoint, you must encrypt the credentials following the same encryption steps as outlined in the guide on encrypting secrets. See "Encrypting secrets for the REST API."
Differenzierte Zugriffstoken für "Delete an audit log streaming configuration for an enterprise"
Dieser Endpunkt funktioniert nicht mit GitHub-App-Benutzerzugriffstoken, GitHub-App-Installationszugriffstoken oder differenzierten persönlichen Zugriffstoken.
Parameter für „Delete an audit log streaming configuration for an enterprise“
Name, type, BESCHREIBUNG |
---|
accept string Setting to |
Name, type, BESCHREIBUNG |
---|
enterprise string ErforderlichThe slug version of the enterprise name. You can also substitute this value with the enterprise id. |
stream_id integer ErforderlichThe ID of the audit log stream configuration. |
HTTP-Antwortstatuscodes für „Delete an audit log streaming configuration for an enterprise“
Statuscode | BESCHREIBUNG |
---|---|
204 | The audit log stream configuration was deleted successfully. |
Codebeispiele für „Delete an audit log streaming configuration for an enterprise“
Wenn du unter GHE.com auf GitHub zugreifst, ersetze api.github.com
unter api.SUBDOMAIN.ghe.com
mit der dedizierten Unterdomäne deines Unternehmens.
Anforderungsbeispiel
curl -L \
-X DELETE \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer <YOUR-TOKEN>" \
-H "X-GitHub-Api-Version: 2022-11-28" \
https://api.github.com/enterprises/ENTERPRISE/audit-log/streams/STREAM_ID
The audit log stream configuration was deleted successfully.
Status: 204