About the audit log for your enterprise

Learn how to use the audit log to monitor activity in your enterprise.

本文内容

About audit logs

每个审核日志条目的名称由事件类型组成,后跟操作类型。 例如,repo.create 条目是指对 repo 类别的 create 操作。

每个审核日志条目都显示有关事件的适用信息,例如:

  • 执行操作的企业或组织
  • 执行操作的用户(参与者)
  • 受操作影响的用户
  • 执行操作的仓库
  • 执行的操作
  • 发生操作的国家/地区
  • 发生操作的日期和时间
  • 执行操作的用户(操作者)的 SAML SSO 标识和 SCIM 标识
  • 对于 Web UI 之外的操作,用户(操作者)如何进行身份验证
  • (可选)执行了操作的用户(执行者)的源 IP 地址

审核日志列出了由影响企业的活动触发的事件过去 180 天内的审核日志。 审核日志将 Git 事件保留七天。

默认情况下,仅显示过去三个月的事件。 若要查看较旧的事件,必须使用 created 参数指定日期范围。 请参阅“了解搜索语法”。

In addition to viewing your audit log, you can monitor activity in your enterprise in other ways, such as managing global webhooks. Webhooks provide a way for GitHub to notify your server when specific events occur for a repository, organization, or enterprise. Compared to the API or searching the audit log, webhooks can be more efficient if you just want to learn and possibly log when certain events occur on your enterprise, organization, or repository. See 管理全局 web 挂钩.

You can also use the audit log, and other tools, to monitor the actions taken in response to security alerts. For more information, see 审核安全警报.

Using your audit logs

As an enterprise owner, you can interact with the audit log data for your enterprise in several ways:

For a full list of audit log actions that may appear in your enterprise audit log, see 企业的审核日志事件.

Next steps

Next, learn how to control who has access to your enterprise's resources using roles. See About access permissions on GitHub.