Article version: Enterprise Server 2.15

This version of GitHub Enterprise will be discontinued on This version of GitHub Enterprise was discontinued on 2019-10-16. No patch releases will be made, even for critical security issues. For better performance, improved security, and new features, upgrade to the latest version of GitHub Enterprise. For help with the upgrade, contact GitHub Enterprise support.

Auditing users across your instance

The GitHub Enterprise Server audit log dashboard shows site administrators the actions performed by all users and organizations across your GitHub Enterprise Server instance within the past 90 days. It includes details such as who performed the action, what the action was, and when it was performed.

Accessing the GitHub Enterprise Server audit log

The audit log dashboard gives you a visual display of audit data across your GitHub Enterprise Server instance.

Instance wide audit log dashboard

  1. In the upper-right corner of any page, click .

    Rocketship icon for accessing site admin settings

  2. In the left sidebar, click Business.

    Business tab in the Site admin settings

  3. Under your business account's name, click Settings.

    Settings tab on the business account profile page

  4. In the Business settings sidebar, click Audit log.

    Audit log tab in the business settings sidebar

Within the map, you can pan and zoom to see events around the world. Hover over a country to see a quick count of events from that country.

Searching for events across your instance

The audit log lists the following information about actions made within your GitHub Enterprise Server instance:

Notes:

  • While you can't use text to search for audit entries, you can construct search queries using a variety of filters. Many operators for searching across GitHub Enterprise Server are supported.
  • To search for events older than 90 days, use the created qualifier.

Search based on the repository

The repo qualifier limits actions to a specific repository owned by your organization. For example:

You must include your organization's name within the repo qualifier; searching for just repo:our-repo will not work.

Search based on the user

The actor qualifier scopes events based on the member of your organization that performed the action. For example:

You can only use a GitHub Enterprise Server username, not an individual's real name.

Search based on the organization

The org qualifier limits actions to a specific organization. For example:

Search based on the action performed

The action qualifier searches for specific events, grouped within categories. For information on the events associated with these categories, see "Audited actions".

Category name Description
hook Contains all activities related to webhooks.
org Contains all activities related organization membership
repo Contains all activities related to the repositories owned by your organization.
team Contains all activities related to teams in your organization.

You can search for specific sets of actions using these terms. For example:

Each category has a set of associated events that you can filter on. For example:

Search based on the location

The country qualifier filters actions by the originating country.

Search based on the time of action

The created qualifier filters actions by the time they occurred.

Ask a human

Can't find what you're looking for?

Contact us