Audit log
Use the REST API to retrieve audit logs for an enterprise.
These endpoints only support authentication using a personal access token (classic). For more information, see "Creating a personal access token ."
Get the audit log for an enterprise
Gets the audit log for an enterprise. To use this endpoint, you must be an enterprise admin, and you must use an access token with the read:audit_log
scope.
Parameters
Headers |
---|
Name, Type, Description |
accept stringSetting to |
Path parameters |
Name, Type, Description |
enterprise stringRequiredThe slug version of the enterprise name. You can also substitute this value with the enterprise id. |
Query parameters |
Name, Type, Description |
phrase stringA search phrase. For more information, see Searching the audit log. |
include stringThe event types to include:
The default is Can be one of: |
after stringA cursor, as given in the Link header. If specified, the query only searches for events after this cursor. |
before stringA cursor, as given in the Link header. If specified, the query only searches for events before this cursor. |
order stringThe order of audit log events. To list newest events first, specify The default is Can be one of: |
page integerPage number of the results to fetch. Default: |
per_page integerThe number of results per page (max 100). Default: |
HTTP response status codes
Status code | Description |
---|---|
200 | OK |
Code samples
curl \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer <YOUR-TOKEN>"\
-H "X-GitHub-Api-Version: 2022-11-28" \
https://api.github.com/enterprises/ENTERPRISE/audit-log
Response
Status: 200
[
{
"@timestamp": 1606929874512,
"action": "team.add_member",
"actor": "octocat",
"created_at": 1606929874512,
"_document_id": "xJJFlFOhQ6b-5vaAFy9Rjw",
"org": "octo-corp",
"team": "octo-corp/example-team",
"user": "monalisa"
},
{
"@timestamp": 1606507117008,
"action": "org.create",
"actor": "octocat",
"created_at": 1606507117008,
"_document_id": "Vqvg6kZ4MYqwWRKFDzlMoQ",
"org": "octocat-test-org"
},
{
"@timestamp": 1605719148837,
"action": "repo.destroy",
"actor": "monalisa",
"created_at": 1605719148837,
"_document_id": "LwW2vpJZCDS-WUmo9Z-ifw",
"org": "mona-org",
"repo": "mona-org/mona-test-repo",
"visibility": "private"
}
]