Audit log
Use the REST API to retrieve audit logs for an enterprise.
These endpoints only support authentication using a personal access token (classic). For more information, see "Managing your personal access tokens."
Get the audit log for an enterprise
Gets the audit log for an enterprise. To use this endpoint, you must
be an enterprise admin, and you must use an access token with the read:audit_log
scope.
This endpoint has a rate limit of 1,750 queries per hour per user and IP address. If your integration receives a rate limit error (typically a 403 or 429 response), it should wait before making another request to the GitHub API. For more information, see "Rate limits for the REST API" and "Best practices for integrators."
Parameters for "Get the audit log for an enterprise"
Name, Type, Description |
---|
accept string Setting to |
Name, Type, Description |
---|
enterprise string RequiredThe slug version of the enterprise name. You can also substitute this value with the enterprise id. |
Name, Type, Description |
---|
phrase string A search phrase. For more information, see Searching the audit log. |
include string The event types to include:
The default is Can be one of: |
after string A cursor, as given in the Link header. If specified, the query only searches for events after this cursor. |
before string A cursor, as given in the Link header. If specified, the query only searches for events before this cursor. |
order string The order of audit log events. To list newest events first, specify The default is Can be one of: |
page integer Page number of the results to fetch. Default: |
per_page integer The number of results per page (max 100). Default: |
HTTP response status codes for "Get the audit log for an enterprise"
Status code | Description |
---|---|
200 | OK |
Code samples for "Get the audit log for an enterprise"
curl -L \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer <YOUR-TOKEN>" \
-H "X-GitHub-Api-Version: 2022-11-28" \
https://api.github.com/enterprises/ENTERPRISE/audit-log
Response
Status: 200
[
{
"@timestamp": 1606929874512,
"action": "team.add_member",
"actor": "octocat",
"created_at": 1606929874512,
"_document_id": "xJJFlFOhQ6b-5vaAFy9Rjw",
"org": "octo-corp",
"team": "octo-corp/example-team",
"user": "monalisa"
},
{
"@timestamp": 1606507117008,
"action": "org.create",
"actor": "octocat",
"created_at": 1606507117008,
"_document_id": "Vqvg6kZ4MYqwWRKFDzlMoQ",
"org": "octocat-test-org"
},
{
"@timestamp": 1605719148837,
"action": "repo.destroy",
"actor": "monalisa",
"created_at": 1605719148837,
"_document_id": "LwW2vpJZCDS-WUmo9Z-ifw",
"org": "mona-org",
"repo": "mona-org/mona-test-repo",
"visibility": "private"
}
]