Skip to main content
이제 REST API의 버전이 지정되었습니다. 자세한 내용은 "API 버전 관리 정보"를 참조하세요.

엔터프라이즈 감사 로그에 대한 REST API 엔드포인트

REST API를 사용하여 엔터프라이즈에 대한 감사 로그를 검색합니다.

Note

이러한 엔드포인트는 personal access token (classic)을(를) 사용하는 인증만 지원합니다. 자세한 내용은 "개인용 액세스 토큰 관리"을(를) 참조하세요.

Get the audit log for an enterprise

Gets the audit log for an enterprise.

This endpoint has a rate limit of 1,750 queries per hour per user and IP address. If your integration receives a rate limit error (typically a 403 or 429 response), it should wait before making another request to the GitHub API. For more information, see "Rate limits for the REST API" and "Best practices for integrators."

The authenticated user must be an enterprise admin to use this endpoint.

OAuth app tokens and personal access tokens (classic) need the read:audit_log scope to use this endpoint.

"Get the audit log for an enterprise"에 대한 세분화된 액세스 토큰

이 엔드포인트는 다음 세분화된 토큰 형식에서 작동합니다.:

세분화된 토큰에는 다음 권한 집합이 있어야 합니다.:

  • "Enterprise administration" business permissions (read)

"Get the audit log for an enterprise"에 대한 매개 변수

머리글
속성, 형식, 설명
accept string

Setting to application/vnd.github+json is recommended.

경로 매개 변수
속성, 형식, 설명
enterprise string Required

The slug version of the enterprise name. You can also substitute this value with the enterprise id.

쿼리 매개 변수
속성, 형식, 설명
phrase string

A search phrase. For more information, see Searching the audit log.

include string

The event types to include:

  • web - returns web (non-Git) events.
  • git - returns Git events.
  • all - returns both web and Git events.

The default is web.

다음 중 하나일 수 있습니다.: web, git, all

after string

A cursor, as given in the Link header. If specified, the query only searches for events after this cursor.

before string

A cursor, as given in the Link header. If specified, the query only searches for events before this cursor.

order string

The order of audit log events. To list newest events first, specify desc. To list oldest events first, specify asc.

The default is desc.

다음 중 하나일 수 있습니다.: desc, asc

page integer

The page number of the results to fetch. For more information, see "Using pagination in the REST API."

기본값: 1

per_page integer

The number of results per page (max 100). For more information, see "Using pagination in the REST API."

기본값: 30

"Get the audit log for an enterprise"에 대한 HTTP 응답 상태 코드

상태 코드설명
200

OK

"Get the audit log for an enterprise"에 대한 코드 샘플

GHE.com에서 GitHub에 액세스하는 경우 api.github.comapi.SUBDOMAIN.ghe.com의 엔터프라이즈 전용 하위 도메인으로 바꾸세요.

요청 예제

get/enterprises/{enterprise}/audit-log
curl -L \ -H "Accept: application/vnd.github+json" \ -H "Authorization: Bearer <YOUR-TOKEN>" \ -H "X-GitHub-Api-Version: 2022-11-28" \ https://api.github.com/enterprises/ENTERPRISE/audit-log

Response

Status: 200
[ { "@timestamp": 1606929874512, "action": "team.add_member", "actor": "octocat", "created_at": 1606929874512, "_document_id": "xJJFlFOhQ6b-5vaAFy9Rjw", "org": "octo-corp", "team": "octo-corp/example-team", "user": "monalisa" }, { "@timestamp": 1606507117008, "action": "org.create", "actor": "octocat", "created_at": 1606507117008, "_document_id": "Vqvg6kZ4MYqwWRKFDzlMoQ", "org": "octocat-test-org" }, { "@timestamp": 1605719148837, "action": "repo.destroy", "actor": "monalisa", "created_at": 1605719148837, "_document_id": "LwW2vpJZCDS-WUmo9Z-ifw", "org": "mona-org", "repo": "mona-org/mona-test-repo", "visibility": "private" } ]

Get the audit log stream key for encrypting secrets

Retrieves the audit log streaming public key for encrypting secrets.

When using this endpoint, you must encrypt the credentials following the same encryption steps as outlined in the guide on encrypting secrets. See "Encrypting secrets for the REST API."

"Get the audit log stream key for encrypting secrets"에 대한 세분화된 액세스 토큰

이 엔드포인트는 GitHub 앱 사용자 액세스 토큰, GitHub 앱 설치 액세스 토큰 또는 세분화된 개인용 액세스 토큰에서 작동하지 않습니다.

"Get the audit log stream key for encrypting secrets"에 대한 매개 변수

머리글
속성, 형식, 설명
accept string

Setting to application/vnd.github+json is recommended.

경로 매개 변수
속성, 형식, 설명
enterprise string Required

The slug version of the enterprise name. You can also substitute this value with the enterprise id.

"Get the audit log stream key for encrypting secrets"에 대한 HTTP 응답 상태 코드

상태 코드설명
200

The stream key for the audit log streaming configuration was retrieved successfully.

"Get the audit log stream key for encrypting secrets"에 대한 코드 샘플

GHE.com에서 GitHub에 액세스하는 경우 api.github.comapi.SUBDOMAIN.ghe.com의 엔터프라이즈 전용 하위 도메인으로 바꾸세요.

요청 예제

get/enterprises/{enterprise}/audit-log/stream-key
curl -L \ -H "Accept: application/vnd.github+json" \ -H "Authorization: Bearer <YOUR-TOKEN>" \ -H "X-GitHub-Api-Version: 2022-11-28" \ https://api.github.com/enterprises/ENTERPRISE/audit-log/stream-key

The stream key for the audit log streaming configuration was retrieved successfully.

Status: 200
{ "key_id": "123", "key": "actual-public-key-value" }

List audit log stream configurations for an enterprise

Lists the configured audit log streaming configurations for an enterprise. This only lists configured streams for supported providers.

When using this endpoint, you must encrypt the credentials following the same encryption steps as outlined in the guide on encrypting secrets. See "Encrypting secrets for the REST API."

"List audit log stream configurations for an enterprise"에 대한 세분화된 액세스 토큰

이 엔드포인트는 GitHub 앱 사용자 액세스 토큰, GitHub 앱 설치 액세스 토큰 또는 세분화된 개인용 액세스 토큰에서 작동하지 않습니다.

"List audit log stream configurations for an enterprise"에 대한 매개 변수

머리글
속성, 형식, 설명
accept string

Setting to application/vnd.github+json is recommended.

경로 매개 변수
속성, 형식, 설명
enterprise string Required

The slug version of the enterprise name. You can also substitute this value with the enterprise id.

"List audit log stream configurations for an enterprise"에 대한 HTTP 응답 상태 코드

상태 코드설명
200

OK

"List audit log stream configurations for an enterprise"에 대한 코드 샘플

GHE.com에서 GitHub에 액세스하는 경우 api.github.comapi.SUBDOMAIN.ghe.com의 엔터프라이즈 전용 하위 도메인으로 바꾸세요.

요청 예제

get/enterprises/{enterprise}/audit-log/streams
curl -L \ -H "Accept: application/vnd.github+json" \ -H "Authorization: Bearer <YOUR-TOKEN>" \ -H "X-GitHub-Api-Version: 2022-11-28" \ https://api.github.com/enterprises/ENTERPRISE/audit-log/streams

OK

Status: 200
[ { "id": 1, "stream_type": "Splunk", "stream_details": "US", "enabled": true, "created_at": "2024-06-06T08:00:00Z", "updated_at": "2024-06-06T08:00:00Z", "paused_at": null } ]

Create an audit log streaming configuration for an enterprise

Creates an audit log streaming configuration for any of the supported streaming endpoints: Azure Blob Storage, Azure Event Hubs, Amazon S3, Splunk, Google Cloud Storage, Datadog.

When using this endpoint, you must encrypt the credentials following the same encryption steps as outlined in the guide on encrypting secrets. See "Encrypting secrets for the REST API."

"Create an audit log streaming configuration for an enterprise"에 대한 세분화된 액세스 토큰

이 엔드포인트는 GitHub 앱 사용자 액세스 토큰, GitHub 앱 설치 액세스 토큰 또는 세분화된 개인용 액세스 토큰에서 작동하지 않습니다.

"Create an audit log streaming configuration for an enterprise"에 대한 매개 변수

머리글
속성, 형식, 설명
accept string

Setting to application/vnd.github+json is recommended.

경로 매개 변수
속성, 형식, 설명
enterprise string Required

The slug version of the enterprise name. You can also substitute this value with the enterprise id.

본문 매개 변수
속성, 형식, 설명
enabled boolean Required

This setting pauses or resumes a stream.

stream_type string Required

The audit log streaming provider. The name is case sensitive.

다음 중 하나일 수 있습니다.: Azure Blob Storage, Azure Event Hubs, Amazon S3, Splunk, HTTPS Event Collector, Google Cloud Storage, Datadog

vendor_specific object Required
속성, 형식, 설명
AzureBlobConfig object Required

Azure Blob Config for audit log streaming configuration.

속성, 형식, 설명
key_id string Required

Key ID obtained from the audit log stream key endpoint used to encrypt secrets.

encrypted_sas_url string Required
AzureHubConfig object Required

Azure Event Hubs Config for audit log streaming configuration.

속성, 형식, 설명
name string Required

Instance name of Azure Event Hubs

encrypted_connstring string Required

Encrypted Connection String for Azure Event Hubs

key_id string Required

Key ID obtained from the audit log stream key endpoint used to encrypt secrets.

AmazonS3OIDCConfig object Required

Amazon S3 OIDC Config for audit log streaming configuration.

속성, 형식, 설명
bucket string Required

Amazon S3 Bucket Name.

region string Required

AWS S3 Bucket Region.

key_id string Required

Key ID obtained from the audit log stream key endpoint used to encrypt secrets.

authentication_type string Required

Authentication Type for Amazon S3.

: oidc

arn_role string Required
AmazonS3AccessKeysConfig object Required

Amazon S3 Access Keys Config for audit log streaming configuration.

속성, 형식, 설명
bucket string Required

Amazon S3 Bucket Name.

region string Required

Amazon S3 Bucket Name.

key_id string Required

Key ID obtained from the audit log stream key endpoint used to encrypt secrets.

authentication_type string Required

Authentication Type for Amazon S3.

: access_keys

encrypted_secret_key string Required

Encrypted AWS Secret Key.

encrypted_access_key_id string Required

Encrypted AWS Access Key ID.

SplunkConfig object Required

Splunk Config for Audit Log Stream Configuration

속성, 형식, 설명
domain string Required

Domain of Splunk instance.

port integer Required

The port number for connecting to Splunk.

key_id string Required

Key ID obtained from the audit log stream key endpoint used to encrypt secrets.

encrypted_token string Required

Encrypted Token.

ssl_verify boolean Required

SSL verification helps ensure your events are sent to your Splunk endpoint securely.

GoogleCloudConfig object Required

Google Cloud Config for audit log streaming configuration.

속성, 형식, 설명
bucket string Required

Google Cloud Bucket Name

key_id string Required

Key ID obtained from the audit log stream key endpoint used to encrypt secrets.

encrypted_json_credentials string Required
DatadogConfig object Required

Datadog Config for audit log streaming configuration.

속성, 형식, 설명
encrypted_token string Required

Encrypted Splunk token.

site string Required

Datadog Site to use.

다음 중 하나일 수 있습니다.: US, US3, US5, EU1, US1-FED, AP1

key_id string Required

Key ID obtained from the audit log stream key endpoint used to encrypt secrets.

"Create an audit log streaming configuration for an enterprise"에 대한 HTTP 응답 상태 코드

상태 코드설명
200

The audit log stream configuration was created successfully.

"Create an audit log streaming configuration for an enterprise"에 대한 코드 샘플

GHE.com에서 GitHub에 액세스하는 경우 api.github.comapi.SUBDOMAIN.ghe.com의 엔터프라이즈 전용 하위 도메인으로 바꾸세요.

요청 예제

post/enterprises/{enterprise}/audit-log/streams
curl -L \ -X POST \ -H "Accept: application/vnd.github+json" \ -H "Authorization: Bearer <YOUR-TOKEN>" \ -H "X-GitHub-Api-Version: 2022-11-28" \ https://api.github.com/enterprises/ENTERPRISE/audit-log/streams \ -d '{"enabled":false,"stream_type":"Azure Event Hubs","vendor_specific":{"namespace":"newnamespace","shared_access_key_name":"newaccesskeyname","shared_access_key":"newaccesskey","event_hub_name":"neweventhub"}}'

The audit log stream configuration was created successfully.

Status: 200
{ "id": 1, "stream_type": "Splunk", "stream_details": "US", "enabled": true, "created_at": "2024-06-06T08:00:00Z", "updated_at": "2024-06-06T08:00:00Z", "paused_at": null }

List one audit log streaming configuration via a stream ID

Lists one audit log stream configuration via a stream ID.

When using this endpoint, you must encrypt the credentials following the same encryption steps as outlined in the guide on encrypting secrets. See "Encrypting secrets for the REST API."

"List one audit log streaming configuration via a stream ID"에 대한 세분화된 액세스 토큰

이 엔드포인트는 GitHub 앱 사용자 액세스 토큰, GitHub 앱 설치 액세스 토큰 또는 세분화된 개인용 액세스 토큰에서 작동하지 않습니다.

"List one audit log streaming configuration via a stream ID"에 대한 매개 변수

머리글
속성, 형식, 설명
accept string

Setting to application/vnd.github+json is recommended.

경로 매개 변수
속성, 형식, 설명
enterprise string Required

The slug version of the enterprise name. You can also substitute this value with the enterprise id.

stream_id integer Required

The ID of the audit log stream configuration.

"List one audit log streaming configuration via a stream ID"에 대한 HTTP 응답 상태 코드

상태 코드설명
200

Lists one audit log stream configuration via stream ID.

"List one audit log streaming configuration via a stream ID"에 대한 코드 샘플

GHE.com에서 GitHub에 액세스하는 경우 api.github.comapi.SUBDOMAIN.ghe.com의 엔터프라이즈 전용 하위 도메인으로 바꾸세요.

요청 예제

get/enterprises/{enterprise}/audit-log/streams/{stream_id}
curl -L \ -H "Accept: application/vnd.github+json" \ -H "Authorization: Bearer <YOUR-TOKEN>" \ -H "X-GitHub-Api-Version: 2022-11-28" \ https://api.github.com/enterprises/ENTERPRISE/audit-log/streams/STREAM_ID

Lists one audit log stream configuration via stream ID.

Status: 200
{ "id": 1, "stream_type": "Splunk", "stream_details": "US", "enabled": true, "created_at": "2024-06-06T08:00:00Z", "updated_at": "2024-06-06T08:00:00Z", "paused_at": null }

Update an existing audit log stream configuration

Updates an existing audit log stream configuration for an enterprise.

When using this endpoint, you must encrypt the credentials following the same encryption steps as outlined in the guide on encrypting secrets. See "Encrypting secrets for the REST API."

"Update an existing audit log stream configuration"에 대한 세분화된 액세스 토큰

이 엔드포인트는 GitHub 앱 사용자 액세스 토큰, GitHub 앱 설치 액세스 토큰 또는 세분화된 개인용 액세스 토큰에서 작동하지 않습니다.

"Update an existing audit log stream configuration"에 대한 매개 변수

머리글
속성, 형식, 설명
accept string

Setting to application/vnd.github+json is recommended.

경로 매개 변수
속성, 형식, 설명
enterprise string Required

The slug version of the enterprise name. You can also substitute this value with the enterprise id.

stream_id integer Required

The ID of the audit log stream configuration.

본문 매개 변수
속성, 형식, 설명
enabled boolean Required

This setting pauses or resumes a stream.

stream_type string Required

The audit log streaming provider. The name is case sensitive.

다음 중 하나일 수 있습니다.: Azure Blob Storage, Azure Event Hubs, Amazon S3, Splunk, HTTPS Event Collector, Google Cloud Storage, Datadog

vendor_specific object Required
속성, 형식, 설명
AzureBlobConfig object Required

Azure Blob Config for audit log streaming configuration.

속성, 형식, 설명
key_id string Required

Key ID obtained from the audit log stream key endpoint used to encrypt secrets.

encrypted_sas_url string Required
AzureHubConfig object Required

Azure Event Hubs Config for audit log streaming configuration.

속성, 형식, 설명
name string Required

Instance name of Azure Event Hubs

encrypted_connstring string Required

Encrypted Connection String for Azure Event Hubs

key_id string Required

Key ID obtained from the audit log stream key endpoint used to encrypt secrets.

AmazonS3OIDCConfig object Required

Amazon S3 OIDC Config for audit log streaming configuration.

속성, 형식, 설명
bucket string Required

Amazon S3 Bucket Name.

region string Required

AWS S3 Bucket Region.

key_id string Required

Key ID obtained from the audit log stream key endpoint used to encrypt secrets.

authentication_type string Required

Authentication Type for Amazon S3.

: oidc

arn_role string Required
AmazonS3AccessKeysConfig object Required

Amazon S3 Access Keys Config for audit log streaming configuration.

속성, 형식, 설명
bucket string Required

Amazon S3 Bucket Name.

region string Required

Amazon S3 Bucket Name.

key_id string Required

Key ID obtained from the audit log stream key endpoint used to encrypt secrets.

authentication_type string Required

Authentication Type for Amazon S3.

: access_keys

encrypted_secret_key string Required

Encrypted AWS Secret Key.

encrypted_access_key_id string Required

Encrypted AWS Access Key ID.

SplunkConfig object Required

Splunk Config for Audit Log Stream Configuration

속성, 형식, 설명
domain string Required

Domain of Splunk instance.

port integer Required

The port number for connecting to Splunk.

key_id string Required

Key ID obtained from the audit log stream key endpoint used to encrypt secrets.

encrypted_token string Required

Encrypted Token.

ssl_verify boolean Required

SSL verification helps ensure your events are sent to your Splunk endpoint securely.

GoogleCloudConfig object Required

Google Cloud Config for audit log streaming configuration.

속성, 형식, 설명
bucket string Required

Google Cloud Bucket Name

key_id string Required

Key ID obtained from the audit log stream key endpoint used to encrypt secrets.

encrypted_json_credentials string Required
DatadogConfig object Required

Datadog Config for audit log streaming configuration.

속성, 형식, 설명
encrypted_token string Required

Encrypted Splunk token.

site string Required

Datadog Site to use.

다음 중 하나일 수 있습니다.: US, US3, US5, EU1, US1-FED, AP1

key_id string Required

Key ID obtained from the audit log stream key endpoint used to encrypt secrets.

"Update an existing audit log stream configuration"에 대한 HTTP 응답 상태 코드

상태 코드설명
200

Successful update

422

Validation error

"Update an existing audit log stream configuration"에 대한 코드 샘플

GHE.com에서 GitHub에 액세스하는 경우 api.github.comapi.SUBDOMAIN.ghe.com의 엔터프라이즈 전용 하위 도메인으로 바꾸세요.

요청 예제

put/enterprises/{enterprise}/audit-log/streams/{stream_id}
curl -L \ -X PUT \ -H "Accept: application/vnd.github+json" \ -H "Authorization: Bearer <YOUR-TOKEN>" \ -H "X-GitHub-Api-Version: 2022-11-28" \ https://api.github.com/enterprises/ENTERPRISE/audit-log/streams/STREAM_ID \ -d '{"enabled":false,"stream_type":"Azure Event Hubs","vendor_specific":{"namespace":"newnamespace","shared_access_key_name":"newaccesskeyname","shared_access_key":"newaccesskey","event_hub_name":"neweventhub"}}'

Successful update

Status: 200
{ "id": 1, "stream_type": "Splunk", "stream_details": "US", "enabled": true, "created_at": "2024-06-06T08:00:00Z", "updated_at": "2024-06-06T08:00:00Z", "paused_at": null }

Delete an audit log streaming configuration for an enterprise

Deletes an existing audit log stream configuration for an enterprise.

When using this endpoint, you must encrypt the credentials following the same encryption steps as outlined in the guide on encrypting secrets. See "Encrypting secrets for the REST API."

"Delete an audit log streaming configuration for an enterprise"에 대한 세분화된 액세스 토큰

이 엔드포인트는 GitHub 앱 사용자 액세스 토큰, GitHub 앱 설치 액세스 토큰 또는 세분화된 개인용 액세스 토큰에서 작동하지 않습니다.

"Delete an audit log streaming configuration for an enterprise"에 대한 매개 변수

머리글
속성, 형식, 설명
accept string

Setting to application/vnd.github+json is recommended.

경로 매개 변수
속성, 형식, 설명
enterprise string Required

The slug version of the enterprise name. You can also substitute this value with the enterprise id.

stream_id integer Required

The ID of the audit log stream configuration.

"Delete an audit log streaming configuration for an enterprise"에 대한 HTTP 응답 상태 코드

상태 코드설명
204

The audit log stream configuration was deleted successfully.

"Delete an audit log streaming configuration for an enterprise"에 대한 코드 샘플

GHE.com에서 GitHub에 액세스하는 경우 api.github.comapi.SUBDOMAIN.ghe.com의 엔터프라이즈 전용 하위 도메인으로 바꾸세요.

요청 예제

delete/enterprises/{enterprise}/audit-log/streams/{stream_id}
curl -L \ -X DELETE \ -H "Accept: application/vnd.github+json" \ -H "Authorization: Bearer <YOUR-TOKEN>" \ -H "X-GitHub-Api-Version: 2022-11-28" \ https://api.github.com/enterprises/ENTERPRISE/audit-log/streams/STREAM_ID

The audit log stream configuration was deleted successfully.

Status: 204