To trace, review, and troubleshoot activity and exceptions on your GitHub Enterprise Server instance, you can review system logs. Your instance stores the following two types of system logs.
- Plain text log files on disk, stored by syslog or specific services
- Binary log files, stored by journald
By default, GitHub Enterprise Server rotates system logs automatically every 24 hours and retains rotated logs for seven days. System logs include system-level events, application logs, and data about Git events. Because log files are written often and can be large in size, you may prefer to extract and parse log entries on a host separate from your GitHub Enterprise Server instance.
People with administrative SSH access to a GitHub Enterprise Server instance can access and read system logs. For more information, see "Accessing the administrative shell (SSH)."
In addition to reviewing your system logs, you can monitor activity on your instance in other ways. For example, you can review audit logs and push logs, or configure global webhooks. For more information, see "Monitoring activity in your enterprise."
Note: The following lists of logs are not intended to be comprehensive.
GitHub Enterprise Server writes several categories of system logs to the instance's disk in plain text. People with administrative SSH access to the instance can parse these files using Linux command-line tools such as
- Log files for databases
- Log files for the GitHub application
- Log files for the HTTP server
- Log files for instance configuration
- Log files for the Management Console
- Log files for search
- Log files for system services
The following log files record events from database services on your instance.
|Records events related to the instance's MySQL database.
|Records errors related to the instance's MySQL database.
The following log files record events from the GitHub application on your instance.
|Records user, repository, and system events for activity in the GitHub application on your instance. You can filter entries in the log using the
|Records exceptions that the GitHub application encounters.
|Records Git authentication requests using HTTPS or SSH. The
babeld service processes all Git authentication requests and activity.
|Records internal events for the GitHub application. For requests to the website, includes the controller action that responded. May contain entries with different structures, depending on the origin of the job or request.
The following log files record events from the instance's HTTP server.
|Records errors for web requests.
|Records HTTP requests related to gists. For more information, see "Creating gists."
|Records errors related to HTTP requests for gists.
|Records HTTP requests to the GitHub application.
|Records errors associated with HTTP requests.
|Records HTTP requests associated with GitHub Pages. For more information, see "About GitHub Pages."
|Records errors related to HTTP requests for GitHub Pages.
The following log files contain events from your instance's Management Console. For more information, see "About the Management Console."
|Records activity in the instance's Management Console.
|Records HTTP and HTTPS operations that administrators perform in the Management Console using the web UI or REST API.
The following log files contain events related to the configuration of your instance.
|Records events associated with each configuration run. If a configuration run fails, output to the log stops. This log also records information about migrations that run during the process of upgrading an instance's software. For more information, see "Command-line utilities."
The following log files contain events from services that provide search functionality for your instance.
|Records events associated with the Elasticsearch service, which your instance uses to provide search services.
The following log files contain events related to webhooks that your instance sends.
|Records events for all webhook activity on the instance, including triggered webhooks, deliveries, and failures.
The following logs contain events from system services on your instance.
|Records information about system processes that terminate unexpectedly.
|Records information about the instance's boot process.
|This directory contains logs related to Network Time Protocol (NTP) synchronization and the instance's system clock. For more information, see "Configuring time synchronization."
|Records all web and API requests to the instance. For HTTP connections, entries include the URL that the client requested, as well as the HTTP method for the request.
|Records commands that administrators run using the administrative shell (SSH). For more information, see "Accessing the administrative shell (SSH)."
|Records information about mail that your instance receives. For more information, see "Configuring email for notifications."
Several GitHub Enterprise Server services, such as the
babeld service, are containerized. GitHub Enterprise Server writes system logs for these services to the systemd journal in a binary format.
People with administrative SSH access to the instance can parse these logs using the
journalctl command. For more information, see journalctl(1) in the online Linux manual pages.
To view logs in the systemd journal, run the following command, replacing SERVICE-NAME with a service name from the following list of logs.
journalctl -t SERVICE-NAME
The following logs record events from the GitHub application on your instance.
|Records events related to background jobs. If the job involves built-in or external authentication, this log includes information about the request.
If the instance uses LDAP authentication and LDAP Sync is enabled, events for LDAP Sync appear in this log. For more information, see "Using LDAP."
|Records HTTP and HTTPS operations that users perform in the instance's web UI or via the APIs. If the operation involves built-in or external authentication, this log includes information about the request.
If debug logging is enabled for LDAP or SAML authentication, the debug-level information for authenticated requests appear in this log. For more information, see "Using LDAP" or "Troubleshooting SAML authentication."
The following logs contain events related to Git activity on your instance.
|Records events for all Git activity on the instance, including authentication to access the repository.
|Records events for activity related to the generation or retrieval of code archives for repositories on the instance.
|Records events related to commit signature verification. For more information, see "About commit signature verification."
The following logs contain events from services that store or retrieve data on your instance.
|Records events related to the storage and retrieval of files, such as Git LFS objects, avatar images, file attachments from comments in the web UI, and release archives.
If you generate a support bundle, the file includes system logs. For more information, see "Providing data to GitHub Support."