Skip to main content

This version of GitHub Enterprise will be discontinued on 2022-06-03. No patch releases will be made, even for critical security issues. For better performance, improved security, and new features, upgrade to the latest version of GitHub Enterprise. For help with the upgrade, contact GitHub Enterprise support.

About the audit log for your enterprise

To support debugging and internal and external compliance, GitHub Enterprise Server provides logs of audited system, user, organization, and repository events.

About audit logs

The audit log lists events triggered by activities that affect your enterprise. Audit logs for GitHub Enterprise Server are retained indefinitely.

By default, only events from the past three months are displayed. To view older events, you must specify a date range with the created parameter. For more information, see "Understanding the search syntax."

The name for each audit log entry is composed of the action object or category qualifier, followed by an operation type. For example, the repo.create entry refers to the create operation on the repo category.

Each audit log entry shows applicable information about an event, such as:

  • The enterprise or organization an action was performed in
  • The user (actor) who performed the action
  • The user affected by the action
  • Which repository an action was performed in
  • The action that was performed
  • Which country the action took place in
  • The date and time the action occurred

In addition to viewing your audit log, you can monitor activity in your enterprise in other ways, such as viewing push logs and managing global webhooks. For more information, see "Exploring user activity in your enterprise."

Using your audit logs

As an enterprise owner or site administrator, you can interact with the audit log data for your enterprise in several ways:

For a full list of audit log actions that may appear in your enterprise audit log, see "Audit log actions for your enterprise."

Further reading