Skip to main content

About system logs

GitHub Enterprise Server keeps error and message logs for system events. Logs are useful for identifying user, application and system-level actions and exceptions.

System logs

By default, system logs for GitHub Enterprise Server are automatically rotated every 24 hours and are retained for seven days. System logs include system-level events, application logs, and Git events data. As log files are often being written to and can be large in size, it may be beneficial to extract and parse relevant log entries on a host separate to your GitHub Enterprise Server instance.

You can forward system logs to a third-party system or server for longer retention. 詳しい情報については、「ログの転送」を参照してください。

In addition to reviewing your system logs, you can monitor activity in your enterprise in other ways, such as viewing audit logs, push logs and managing global webhooks. For more information, see "Monitoring activity in your enterprise."

Types of logs

Listed below are the main logs used by the GitHub Enterprise Server appliance and their functions:

パスDescription​
/var/log/github/audit.logAudited user, repository and system events.
/var/log/github/unicorn.logAPI and web interface traffic.
/var/log/github/exceptions.logApplication-level errors.
/var/log/haproxy.logAll IP traffic reaching the appliance.
/var/log/hookshot/resqued.logWebhook delivery and failures.
/var/log/github/auth.logAuthentication requests, whether through built in, LDAP, CAS or SAML methods.
/var/log/github/gitauth.logAll Git authentication requests.

Git activity and authentication requests are processed by the babeld service.

Several GitHub Enterprise Server services, such as the babeld service, are containerized. Containerized logs are written to the systemd journal, and can be queried at any time using the journalctl command.

Audited system events

All entries from the audit.log file use and can be filtered with the github_audit keyword.

たとえば、次のエントリは新規リポジトリが作成されたことを示しています。

Oct 26 01:42:08 github-ent github_audit: {:created_at=>1351215728326, :actor_ip=>"10.0.0.51", :data=>{}, :user=>"some-user", :repo=>"some-user/some-repository", :actor=>"some-user", :actor_id=>2, :user_id=>2, :action=>"repo.create", :repo_id=>1, :from=>"repositories#create"}

次の例は、コミットがリポジトリにプッシュされたことを示しています。

Oct 26 02:19:31 github-ent github_audit: { "pid":22860, "ppid":22859, "program":"receive-pack", "git_dir":"/data/repositories/some-user/some-repository.git", "hostname":"github-ent", "pusher":"some-user", "real_ip":"10.0.0.51", "user_agent":"git/1.7.10.4", "repo_id":1, "repo_name":"some-user/some-repository", "transaction_id":"b031b7dc7043c87323a75f7a92092ef1456e5fbaef995c68", "frontend_ppid":1, "repo_public":true, "user_name":"some-user", "user_login":"some-user", "frontend_pid":18238, "frontend":"github-ent", "user_email":"some-user@github.example.com", "user_id":2, "pgroup":"github-ent_22860", "status":"post_receive_hook", "features":" report-status side-band-64k", "received_objects":3, "receive_pack_size":243, "non_fast_forward":false, "current_ref":"refs/heads/main" }

Support Bundle

The support bundle includes system logs and all audit information is logged to the audit.log file in the github-logs directory. For more information, see "Providing data to GitHub Support."

参考リンク