Skip to main content
ドキュメントには頻繁に更新が加えられ、その都度公開されています。本ページの翻訳はまだ未完成な部分があることをご了承ください。最新の情報については、英語のドキュメンテーションをご参照ください。本ページの翻訳に問題がある場合はこちらまでご連絡ください。
 

 

Using the audit log API for your enterprise

ここには以下の内容があります:

You can programmatically retrieve enterprise events with the REST or GraphQL API.

Enterprise owners and site administrators can use the audit log API.

Audit log API を使用する

GraphQL API または REST API を使用して Audit log を操作できます。

Timestamps and date fields in the API response are measured in UTC epoch milliseconds.

Querying the audit log GraphQL API

To ensure your intellectual property is secure, and you maintain compliance for your enterprise, you can use the audit log GraphQL API to keep copies of your audit log data and monitor:

  • Organizationもしくはリポジトリ設定へのアクセス
  • 権限の変更
  • Organization、リポジトリ、Teamへのユーザの追加もしくは削除
  • 管理者に昇格したユーザ
  • GitHub Appの権限の変更

Note that you can't retrieve Git events using the audit log API.

GraphQL のレスポンスには、90 日から 120 日までのデータを含めることができます。

Example 1: Members added to or removed from organizations in an enterprise

The query below fetches the audit logs for the avocado-corp enterprise and returns the first 10 organizations in the enterprise, where the only actions performed were adding or removing a member from an organization. The first 20 audit log entries for each organization are returned.

This query uses the auditlog field from the Organization object, and the OrgAddMemberAuditEntry and OrgRemoveMemberAuditEntry objects. The GitHub account querying the enterprise audit log must be an organization owner for each organization within the enterprise.

{
  enterprise(slug: "avocado-corp") {
    organizations(first: 10, orderBy: {field: LOGIN, direction: DESC}) {
      nodes {
        name
        auditLog(first: 20) {
          edges {
            node {
              ... on OrgAddMemberAuditEntry {
                action
                actorLogin
                createdAt
              }
              ... on OrgRemoveMemberAuditEntry {
                action
                actorLogin
                createdAt
              }
            }
          }
        }
      }
      pageInfo {
        hasNextPage
        endCursor
      }
    }
  }
}

The GraphQL API will return at most 100 nodes per query. To retrieve additional results, you'll need to implement pagination. For more information, see "Resource limitations" in the GraphQL API documentation and Pagination in the official GraphQL documentation.

Example 2: Events in an organization, for a specific date and actor

You can specify multiple search phrases, such as created and actor, by separating them in your query string with a space.

The query below fetches all the audit logs for the avocado-corp enterprise that relate to the octo-org organization, where the actions were performed by the octocat user on or after the 1 Jan, 2022. The first 20 audit log entries are returned, with the newest log entry appearing first.

This query uses the AuditEntry interface. The GitHub account querying the enterprise audit log must be an owner of the octo-org organization.

{
  enterprise(slug: "avocado-corp") {
    organizations(first: 1, query: "octo-org") {
      nodes {
        name
        auditLog(first: 20, query: "actor:octocat created:>=2022-01-01T00:00:00.000Z", orderBy: {field: CREATED_AT, direction: DESC}) {
          edges {
            node {
              ... on AuditEntry {
                action
                actorLogin
                createdAt
                user {
                  name
                }
              }
            }
          }
        }
      }
    }
  }
}

For more query examples, see the platform-samples repository.

Querying the audit log REST API

To ensure your intellectual property is secure, and you maintain compliance for your enterprise, you can use the audit log REST API to keep copies of your audit log data and monitor:

  • Organizationもしくはリポジトリ設定へのアクセス
  • 権限の変更
  • Organization、リポジトリ、Teamへのユーザの追加もしくは削除
  • 管理者に昇格したユーザ
  • GitHub Appの権限の変更

Audit logにはEnterpriseに影響するアクティビティによってトリガーされたイベントがリストされます。 Audit logs for GitHub Enterprise Server are retained indefinitely, unless an enterprise owner configured a different retention period. For more information, see "Configuring the audit log for your enterprise."

デフォルトでは、過去3ヶ月のイベントのみが表示されます。 それよりも古いイベントを表示するには、createdパラメータでデータの範囲を指定しなければなりません。 詳しい情報については、「検索構文を理解する」を参照してください。

For more information about the audit log REST API, see "Enterprise administration" and "Organizations."

Example 1: All events in an enterprise, for a specific date, with pagination

The query below searches for audit log events created on Jan 1st, 2022 in the avocado-corp enterprise, and return the first page with a maximum of 100 items per page using REST API pagination:

curl -H "Authorization: token TOKEN" \
--request GET \
"https://api.github.com/enterprises/avocado-corp/audit-log?phrase=created:2022-01-01&page=1&per_page=100"

Example 2: Events for pull requests in an enterprise, for a specific date and actor

You can specify multiple search phrases, such as created and actor, by separating them in your formed URL with the + symbol or ASCII character code %20.

The query below searches for audit log events for pull requests, where the event occurred on or after Jan 1st, 2022 in the avocado-corp enterprise, and the action was performed by the octocat user:

curl -H "Authorization: token TOKEN" \
--request GET \
"https://api.github.com/enterprises/avocado-corp/audit-log?phrase=action:pull_request+created:>=2022-01-01+actor:octocat"