10

I found nothing in the API docs, only the enterprise version mentions that you can retrieve the audit-logs using the staff-tools.

Any idea? I'd love to periodically check the audit log and send the new entries to our IM channel (ChatOps).

Thanks in advance,

osowskit
  • 5,904
  • 2
  • 29
  • 38
Adam Papai
  • 256
  • 2
  • 9

2 Answers2

3

Update Dec. 2020, 5 years later:

Audit Log Git events and REST API now available

(in limited public beta)

In GitHub Enterprise Cloud, the Audit Log now includes Git events and has a new REST API.
Both are available as a limited public beta.

The new Git events will allow you as an administrator to review activities for users interacting with your Git repositories.
You can view events for git.clone, git.fetch, and git.push.

Additionally, the new REST API provides you with another option to interface with your Audit Log events. During the limited public beta, Git events can only be viewed via the REST API and can be exported.

How can you get access to this limited public beta? To be added to the limited public beta, please contact Sales or Support.

Feb. 2021, still for GHE (GitHub for Enterprise):

GitHub Actions: Workflow run events are now included in the Audit Log

The Audit Log now includes events associated with GitHub Actions workflow runs.
This data provides enterprise customers with a greatly expanded data set for security and compliance audits.

New events will be incorporated into the audit log when:

  • A workflow run is created, completed, deleted, or re-run
  • A workflow job is prepared. Importantly, this job will include the list of secrets that were provided to the runner
  • A self-hosted runner's version is updated Screenshot of audit log UI with new events

These new events are only available to customers on the Enterprise plan. All events are available in the REST API, and all events except for workflow run created, workflow run completed, and workflow job prepared are available in the UI and exports.

Learn more about Audit Log events

2015: Not yet possible through the GitHub API.

But at least, it is possible to export it (since May, 5th 2015) in either JSON or CSV format.

https://cloud.githubusercontent.com/assets/79995/7376703/66f8b8d2-ed96-11e4-9258-9caacdb60b7c.png

See "Exporting the audit log".

VonC
  • 1,262,500
  • 529
  • 4,410
  • 5,250
3

As VonC points out, there is no API (as of October 2017).

Unfortunately the "Export" function in the GitHub audit logs produces JSON or CSV of the audit events but the data is missing the payload with the details.

For example the export would show that an issue_comment.update had been made but the web UI gives a link to the comment itself. The export would show that one user executed org.update_member on another user but the web UI would show what role change was made for that user.

To get the details of each event, at the moment (October 2017), the only way is via the web UI.

Here is a ruby tool which scrapes the web UI, fetching the audit log entries with details.

gene_wood
  • 1,960
  • 4
  • 26
  • 39