The audit log dashboard gives you a visual display of audit data across your enterprise.
Navigate to your enterprise account by visiting
HOSTNAMEwith your instance's hostname and
ENTERPRISE-NAMEwith your enterprise account's name.
In the enterprise account sidebar, click Settings.
Under " Settings", click Audit log.
Within the map, you can pan and zoom to see events around the world. Hover over a country to see a quick count of events from that country.
The audit log lists the following information about actions made within your enterprise:
- The repository an action was performed in
- The user who performed the action
- Which organization an action pertained to
- The action that was performed
- Which country the action took place in
- The date and time the action occurred
- While you can't use text to search for audit entries, you can construct search queries using a variety of filters. GitHub Enterprise Server supports many operators for searching across GitHub Enterprise Server. For more information, see "About searching on GitHub."
- To search for events older than 90 days, use the
repo qualifier limits actions to a specific repository owned by your organization. For example:
repo:my-org/our-repofinds all events that occurred for the
our-reporepository in the
repo:my-org/our-repo repo:my-org/another-repofinds all events that occurred for both the
another-reporepositories in the
-repo:my-org/not-this-repoexcludes all events that occurred for the
not-this-reporepository in the
You must include your organization's name within the
repo qualifier; searching for just
repo:our-repo will not work.
actor qualifier scopes events based on the member of your organization that performed the action. For example:
actor:octocatfinds all events performed by
actor:octocat actor:hubotfinds all events performed by both
-actor:hubotexcludes all events performed by
You can only use a GitHub Enterprise Server username, not an individual's real name.
org qualifier limits actions to a specific organization. For example:
org:my-orgfinds all events that occurred for the
org:my-org action:teamfinds all team events performed within the
-org:my-orgexcludes all events that occurred for the
action qualifier searches for specific events, grouped within categories. For information on the events associated with these categories, see "Audited actions".
|Contains all activities related to webhooks.|
|Contains all activities related organization membership|
|Contains all activities related to the repositories owned by your organization.|
|Contains all activities related to teams in your organization.|
You can search for specific sets of actions using these terms. For example:
action:teamfinds all events grouped within the team category.
-action:billingexcludes all events in the billing category.
Each category has a set of associated events that you can filter on. For example:
action:team.createfinds all events where a team was created.
-action:billing.change_emailexcludes all events where the billing email was changed.
country qualifier filters actions by the originating country.
- You can use a country's two-letter short code or its full name.
- Countries with spaces in their name must be wrapped in quotation marks. For example:
country:definds all events that occurred in Germany.
country:Mexicofinds all events that occurred in Mexico.
country:"United States"all finds events that occurred in the United States.
created qualifier filters actions by the time they occurred.
- Define dates using the format of
YYYY-MM-DD--that's year, followed by month, followed by day.
- Dates support greater than, less than, and range qualifiers. For example:
created:2014-07-08finds all events that occurred on July 8th, 2014.
created:>=2014-07-01finds all events that occurred on or after July 8th, 2014.
created:<=2014-07-01finds all events that occurred on or before July 8th, 2014.
created:2014-07-01..2014-07-31finds all events that occurred in the month of July 2014.