Accessing your security log
The security log lists all actions performed within the last 90 days.
-
任意のページで、右上隅にあるプロファイルの画像をクリックし、次に[設定]をクリックします。
![ユーザバーの [Settings(設定)] アイコン](/assets/cb-34573/images/help/settings/userbar-account-settings.png)
-
In the "Archives" section of the sidebar, click Security log.
Searching your security log
各監査ログ エントリの名前は、action オブジェクトまたはカテゴリ修飾子と、その後の操作の種類で構成されます。 たとえば、repo.create エントリは repo カテゴリに対する create 操作を意味します。
各 Audit log エントリには、次のようなイベントに関する適切な情報が表示されます:
- アクションが実行された エンタープライズまたはOrganization
- アクションを実行したユーザー (アクター)
- アクションによって影響を受けたユーザー
- アクションの対象となったリポジトリ
- 実行されたアクションです
- アクションが実行された国
- アクションが発生した日時
- 必要に応じて、アクションを実行したユーザー (アクター) の送信元 IP アドレス
テキストを使用してエントリを検索することはできません。 ただし、さまざまなフィルターを使用すれば検索クエリを作成できます。 ログを検索するときに使用される多くの演算子 (-、>、< など) は、GitHub Enterprise Cloud 全体で検索するものと同じ形式です。 詳細については、「GitHub 上での検索」を参照してください。
操作に基づく検索
operation 修飾子は、アクションを特定の操作の種類に限定するときに使ってください。 たとえば次のような点です。
operation:accessは、リソースがアクセスされたすべてのイベントを検索します。operation:authenticationは、認証イベントが実行されたすべてのイベントを検索します。operation:createは、リソースが作成されたすべてのイベントを検索します。operation:modifyは、既存のリソースが変更されたすべてのイベントを検索します。operation:removeは、既存のリソースが削除されたすべてのイベントを検索します。operation:restoreは、既存のリソースが復元されたすべてのイベントを検索します。operation:transferは、既存のリソースが移動されたすべてのイベントを検索します。
リポジトリに基づく検索
repo 修飾子は、アクションを特定のリポジトリに限定するときに使ってください。 たとえば次のような点です。
repo:my-org/our-repoは、my-org組織内のour-repoリポジトリで発生したすべてのイベントを検索します。repo:my-org/our-repo repo:my-org/another-repoは、my-org組織内のour-repoおよびanother-repoリポジトリで発生したすべてのイベントを検索します。-repo:my-org/not-this-repoは、my-org組織内のnot-this-repoリポジトリで発生したすべてのイベントを除外します。
repo 修飾子内にアカウント名を含める必要があります。repo:our-repo を検索するだけでは機能しません。
ユーザーに基づく検索
actor 修飾子は、アクションを実行した人に基づいてイベントの範囲を指定できます。 たとえば次のような点です。
actor:octocatはoctocatによって実行されたすべてのイベントを検索します。actor:octocat actor:hubotはoctocatおよびhubotによって実行されたすべてのイベントを検索します。-actor:hubotはhubotによって実行されたすべてのイベントを除外します。
使用できるのは GitHub Enterprise Cloud のユーザー名のみであり、個人の実名ではないことに注意してください。
Search based on the action performed
The events listed in your security log are triggered by your actions. Actions are grouped into the following categories:
| Category name | Description |
|---|---|
billing | Contains all activities related to your billing information. |
codespaces | Contains all activities related to GitHub Codespaces. For more information, see "About Codespaces." |
marketplace_agreement_signature | Contains all activities related to signing the GitHub Marketplace Developer Agreement. |
marketplace_listing | Contains all activities related to listing apps in GitHub Marketplace. |
oauth_access | Contains all activities related to OAuth Apps you've connected with. |
payment_method | Contains all activities related to paying for your GitHub subscription. |
personal_access_token | Contains activities related to fine-grained personal access tokens. For more information, see "Creating a personal access token." |
profile_picture | Contains all activities related to your profile picture. |
project | Contains all activities related to project boards. |
public_key | Contains all activities related to your public SSH keys. |
repo | Contains all activities related to the repositories you own. |
sponsors | Contains all events related to GitHub Sponsors and sponsor buttons (see "About GitHub Sponsors" and "Displaying a sponsor button in your repository") |
two_factor_authentication | Contains all activities related to two-factor authentication. |
user | Contains all activities related to your account. |
Exporting your security log
ログは、JSONデータあるいはカンマ区切り(CSV)のファイルとしてエクスポートできます。
![[エクスポート] ボタン](/assets/cb-267063/images/help/organizations/org-audit-log-export.png)
エクスポートの結果をフィルタリングする場合、 [エクスポート] ドロップダウン メニューを使う前に以下のサポートされている 1 つ以上の修飾子で検索してください。
| 修飾子 | 値の例 |
|---|---|
action | team.create |
actor | octocat |
user | codertocat |
org | octo-org |
repo | octo-org/documentation |
created | 2019-06-01 |
エクスポートされたログの出力ファイルには、以下のキーと値があります。
| Key | 値の例 |
|---|---|
action | team.create |
actor | octocat |
user | codertocat |
actor_location.country_code | US |
org | octo-org |
repo | octo-org/documentation |
created_at | 1429548104000 (タイムスタンプは Epoch からの経過時間をミリ秒で示します。) |
data.email | octocat@nowhere.com |
data.hook_id | 245 |
data.events | ["issues", "issue_comment", "pull_request", "pull_request_review_comment"] |
data.events_were | ["push", "pull_request", "issues"] |
data.target_login | octocat |
data.old_user | hubot |
data.team | octo-org/engineering |
Security log actions
An overview of some of the most common actions that are recorded as events in the security log.
billing category actions
| Action | Description |
|---|---|
change_billing_type | Triggered when you change how you pay for GitHub. |
change_email | Triggered when you change your email address. |
codespaces category actions
| Action | Description |
|---|---|
create | Triggered when you create a codespace. |
resume | Triggered when you resume a suspended codespace. |
delete | Triggered when you delete a codespace. |
manage_access_and_security | Triggered when you update the repositories a codespace has access to. |
trusted_repositories_access_update | Triggered when you change your personal account's access and security setting for Codespaces. |
marketplace_agreement_signature category actions
| Action | Description |
|---|---|
create | Triggered when you sign the GitHub Marketplace Developer Agreement. |
marketplace_listing category actions
| Action | Description |
|---|---|
approve | Triggered when your listing is approved for inclusion in GitHub Marketplace. |
create | Triggered when you create a listing for your app in GitHub Marketplace. |
delist | Triggered when your listing is removed from GitHub Marketplace. |
redraft | Triggered when your listing is sent back to draft state. |
reject | Triggered when your listing is not accepted for inclusion in GitHub Marketplace. |
oauth_authorization category actions
| Action | Description |
|---|---|
create | Triggered when you grant access to an OAuth App. |
destroy | Triggered when you revoke an OAuth App's access to your account and when authorizations are revoked or expire. |
payment_method category actions
| Action | Description |
|---|---|
create | Triggered when a new payment method is added, such as a new credit card or PayPal account. |
update | Triggered when an existing payment method is updated. |
personal_access_token category actions
| Action | Description |
|---|---|
access_granted | Triggered when a fine-grained personal access token that you created is granted access to resources. |
access_revoked | Triggered when a fine-grained personal access token that you created is revoked. The token can still read public organization resources. |
create | Triggered when you create a fine-grained personal access token. |
credential_regenerated | Triggered when you regenerate a fine-grained personal access token. |
destroy | Triggered when you delete a fine-grained personal access token. |
request_cancelled | Triggered when you cancel a pending request for your fine-grained personal access token to access organization resources. |
request_created | Triggered when you create a fine-grained personal access token to access organization resources and the organization requires approval before a fine-grained personal access token can access organization resources. |
request_denied | Triggered when your request for a fine-grained personal access token to access organization resources is denied. For more information, see "Managing requests for personal access token in your organization." |
profile_picture category actions
| Action | Description |
|---|---|
update | Triggered when you set or update your profile picture. |
project category actions
| Action | Description |
|---|---|
access | Triggered when a project board's visibility is changed. |
create | Triggered when a project board is created. |
rename | Triggered when a project board is renamed. |
update | Triggered when a project board is updated. |
delete | Triggered when a project board is deleted. |
link | Triggered when a repository is linked to a project board. |
unlink | Triggered when a repository is unlinked from a project board. |
update_user_permission | Triggered when an outside collaborator is added to or removed from a project board or has their permission level changed. |
public_key category actions
| Action | Description |
|---|---|
create | Triggered when you add a new public SSH key to your account on GitHub.com. |
delete | Triggered when you remove a public SSH key to your account on GitHub.com. |
repo category actions
| Action | Description |
|---|---|
access | Triggered when you a repository you own is switched from "private" to "public" (or vice versa). |
add_member | Triggered when a GitHub Enterprise Cloud user is invited to have collaboration access to a repository. |
add_topic | Triggered when a repository owner adds a topic to a repository. |
archived | Triggered when a repository owner archives a repository. |
create | Triggered when a new repository is created. |
destroy | Triggered when a repository is deleted. |
disable | Triggered when a repository is disabled (e.g., for insufficient funds). |
download_zip | Triggered when a ZIP or TAR archive of a repository is downloaded. |
enable | Triggered when a repository is re-enabled. |
remove_member | Triggered when a GitHub Enterprise Cloud user is removed from a repository as a collaborator. |
remove_topic | Triggered when a repository owner removes a topic from a repository. |
rename | Triggered when a repository is renamed. |
staff_unlock | Triggered when an enterprise owner or GitHub Support (with permission from a repository administrator) temporarily unlocked the repository. The visibility of the repository isn't changed. |
transfer | Triggered when a repository is transferred. |
transfer_start | Triggered when a repository transfer is about to occur. |
unarchived | Triggered when a repository owner unarchives a repository. |
sponsors category actions
| Action | Description |
|---|---|
custom_amount_settings_change | Triggered when you enable or disable custom amounts, or when you change the suggested custom amount (see "Managing your sponsorship tiers") |
repo_funding_links_file_action | Triggered when you change the FUNDING file in your repository (see "Displaying a sponsor button in your repository") |
sponsor_sponsorship_cancel | Triggered when you cancel a sponsorship (see "Downgrading a sponsorship") |
sponsor_sponsorship_create | Triggered when you sponsor an account (see "Sponsoring an open source contributor") |
sponsor_sponsorship_payment_complete | Triggered after you sponsor an account and your payment has been processed (see "Sponsoring an open source contributor") |
sponsor_sponsorship_preference_change | Triggered when you change whether you receive email updates from a sponsored developer (see "Managing your sponsorship") |
sponsor_sponsorship_tier_change | Triggered when you upgrade or downgrade your sponsorship (see "Upgrading a sponsorship" and "Downgrading a sponsorship") |
sponsored_developer_approve | Triggered when your GitHub Sponsors account is approved (see "Setting up GitHub Sponsors for your personal account") |
sponsored_developer_create | Triggered when your GitHub Sponsors account is created (see "Setting up GitHub Sponsors for your personal account") |
sponsored_developer_disable | Triggered when your GitHub Sponsors account is disabled |
sponsored_developer_redraft | Triggered when your GitHub Sponsors account is returned to draft state from approved state |
sponsored_developer_profile_update | Triggered when you edit your sponsored developer profile (see "Editing your profile details for GitHub Sponsors") |
sponsored_developer_request_approval | Triggered when you submit your application for GitHub Sponsors for approval (see "Setting up GitHub Sponsors for your personal account") |
sponsored_developer_tier_description_update | Triggered when you change the description for a sponsorship tier (see "Managing your sponsorship tiers") |
sponsored_developer_update_newsletter_send | Triggered when you send an email update to your sponsors (see "Contacting your sponsors") |
waitlist_invite_sponsored_developer | Triggered when you are invited to join GitHub Sponsors from the waitlist (see "Setting up GitHub Sponsors for your personal account") |
waitlist_join | Triggered when you join the waitlist to become a sponsored developer (see "Setting up GitHub Sponsors for your personal account") |
successor_invitation category actions
| Action | Description |
|---|---|
accept | Triggered when you accept a succession invitation (see "Maintaining ownership continuity of your personal account's repositories") |
cancel | Triggered when you cancel a succession invitation (see "Maintaining ownership continuity of your personal account's repositories") |
create | Triggered when you create a succession invitation (see "Maintaining ownership continuity of your personal account's repositories") |
decline | Triggered when you decline a succession invitation (see "Maintaining ownership continuity of your personal account's repositories") |
revoke | Triggered when you revoke a succession invitation (see "Maintaining ownership continuity of your personal account's repositories") |
two_factor_authentication category actions
| Action | Description |
|---|---|
enabled | Triggered when two-factor authentication is enabled. |
disabled | Triggered when two-factor authentication is disabled. |
user category actions
| Action | Description |
|---|---|
add_email | Triggered when you add a new email address. |
codespaces_trusted_repo_access_granted | Triggered when you allow the codespaces you create for a repository to access other repositories owned by your personal account. |
codespaces_trusted_repo_access_revoked | Triggered when you disallow the codespaces you create for a repository to access other repositories owned by your personal account. |
create | Triggered when you create a new personal account. |
change_password | Triggered when you change your password. |
forgot_password | Triggered when you ask for a password reset. |
hide_private_contributions_count | Triggered when you hide private contributions on your profile. |
login | Triggered when you log in to GitHub.com. |
failed_login | Triggered when you failed to log in successfully. |
remove_email | Triggered when you remove an email address. |
rename | Triggered when you rename your account. |
report_content | Triggered when you report an issue or pull request, or a comment on an issue, pull request, or commit. |
show_private_contributions_count | Triggered when you publicize private contributions on your profile. |
two_factor_requested | Triggered when GitHub Enterprise Cloud asks you for your two-factor authentication code. |
user_status category actions
| Action | Description |
|---|---|
update | Triggered when you set or change the status on your profile. For more information, see "Setting a status." |
destroy | Triggered when you clear the status on your profile. |