Audit log

Use the REST API to retrieve audit logs for an enterprise.

Get the audit log for an enterprise

Gets the audit log for an enterprise. To use this endpoint, you must be an enterprise admin, and you must use an access token with the admin:enterprise scope.

Parameters for "Get the audit log for an enterprise"

Headers
Name, Type, Description
`accept` string Setting to `application/vnd.github+json` is recommended.

Path parameters
Name, Type, Description
`enterprise` string Required The slug version of the enterprise name. You can also substitute this value with the enterprise id.

Query parameters
Name, Type, Description
`phrase` string A search phrase. For more information, see Searching the audit log.
`after` string A cursor, as given in the Link header. If specified, the query only searches for events after this cursor.
`before` string A cursor, as given in the Link header. If specified, the query only searches for events before this cursor.
`order` string The order of audit log events. To list newest events first, specify `desc`. To list oldest events first, specify `asc`. The default is `desc`. Can be one of: `desc`, `asc`
`page` integer Page number of the results to fetch. Default: `1`
`per_page` integer The number of results per page (max 100). Default: `30`

HTTP response status codes for "Get the audit log for an enterprise"

Status code	Description
`200`	OK

Code samples for "Get the audit log for an enterprise"

get/enterprises/{enterprise}/audit-log

curl -L \
  -H "Accept: application/vnd.github+json" \
  -H "Authorization: Bearer <YOUR-TOKEN>" \
  https://HOSTNAME/api/v3/enterprises/ENTERPRISE/audit-log

Response

Status: 200

[
  {
    "actor_ip": "88.123.45.123",
    "from": "pull_requests#merge",
    "device_cookie": null,
    "actor": "mona-admin",
    "actor_id": 7,
    "repo": "octo-org/octo-repo",
    "repo_id": 17,
    "business": "github",
    "business_id": 1,
    "org": "octo-org",
    "org_id": 8,
    "action": "pull_request.merge",
    "@timestamp": 1635940599755,
    "created_at": 1635940599755,
    "operation_type": "modify",
    "actor_location": {
      "country_code": "GB",
      "country_name": "United Kingdom",
      "region": "ENG",
      "region_name": "England",
      "city": "Louth",
      "postal_code": "LN11",
      "location": {
        "lat": 53.4457,
        "lon": 0.141
      }
    },
    "data": {
      "user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) ...",
      "method": "POST",
      "request_id": "e4dabc4d-ba16-4bca-1234-649be7ae1188",
      "server_id": "5d17aab5-fd9f-abcd-a820-16bed246441b",
      "request_category": "other",
      "controller_action": "merge",
      "url": "https://example.com/octo-org/octo-repo/pull/1/merge",
      "client_id": 322299977.1635936,
      "referrer": "https://example.com/octo-org/octo-repo/pull/1",
      "actor_session": 1,
      "pull_request_id": 1,
      "category_type": "Resource Management"
    }
  },
  {
    "actor_ip": "88.123.45.123",
    "from": "pull_request_review_events#create",
    "device_cookie": null,
    "actor": "mona-admin",
    "actor_id": 7,
    "business_id": 1,
    "org_id": 8,
    "action": "pull_request_review.submit",
    "@timestamp": 1635940593079,
    "created_at": 1635940593079,
    "operation_type": "modify",
    "actor_location": {
      "country_code": "GB",
      "country_name": "United Kingdom",
      "region": "ENG",
      "region_name": "England",
      "city": "Louth",
      "postal_code": "LN11",
      "location": {
        "lat": 53.4457,
        "lon": 0.141
      }
    },
    "data": {
      "user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) ...",
      "method": "PUT",
      "request_id": "c0f63bb7-17b6-4796-940c-12345c5a581b",
      "server_id": "2abc1234-f651-43e3-9696-e942ad5f8c89",
      "request_category": "other",
      "controller_action": "create",
      "url": "https://example.com/octo-org/octo-repo/pull/1/reviews",
      "client_id": 322299977.1635936,
      "referrer": "https://example.com/octo-org/octo-repo/pull/1/files",
      "actor_session": 1,
      "spammy": false,
      "pull_request_id": 1,
      "body": null,
      "allowed": true,
      "id": 1,
      "state": 40,
      "issue_id": 1,
      "review_id": 1,
      "category_type": "Resource Management"
    }
  },
  {
    "actor_ip": "88.123.45.123",
    "from": "pull_requests#create",
    "device_cookie": null,
    "actor": "mona",
    "actor_id": 9,
    "user_id": 9,
    "repo": "octo-org/octo-repo",
    "repo_id": 17,
    "business": "github",
    "business_id": 1,
    "org": "octo-org",
    "org_id": 8,
    "action": "pull_request.create",
    "@timestamp": 1635940554161,
    "created_at": 1635940554161,
    "operation_type": "create",
    "actor_location": {
      "country_code": "GB",
      "country_name": "United Kingdom",
      "region": "ENG",
      "region_name": "England",
      "city": "Louth",
      "postal_code": "LN11",
      "location": {
        "lat": 53.4457,
        "lon": 0.141
      }
    },
    "data": {
      "user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) ...",
      "method": "POST",
      "request_id": "2773abeb-477f-4ebf-a017-f8e8a206c305",
      "server_id": "796e3115-4ce8-4606-8fd0-99ea57a2e12b",
      "request_category": "other",
      "controller_action": "create",
      "url": "https://example.com/octo-org/octo-repo/pull/create?base=octo-org%3Amain&head=mona%3Apatch-1",
      "client_id": 386351111.163594,
      "referrer": "https://example.com/octo-org/octo-repo/compare/main...mona:patch-1",
      "actor_session": 2,
      "pull_request_id": 1,
      "category_type": "Resource Management"
    }
  }
]