github-audit-logs
Get audit logs from GitHub.
github-audit-logs [duration=NUM{mon|w|d|h|m|s}] [from=yyyyMMddHHmmss] [to=yyyyMMddHHmmss] [event-type=EVENT-TYPE] [filter=FILTER]
- duration=NUM{mon|w|d|h|m|s}
- Scan only recent data. You should use s(second), m(minute), h(hour), d(day), mon(month) time unit. For example,
10smeans data from 10 seconds earlier. - from=yyyyMMddHHmmss
- Start time of range. yyyyMMddHHmmss format. If you omit time part, it will be padded by zero.
- to=yyyyMMddHHmmss
- End time of range. yyyyMMddHHmmss format. If you omit time part, it will be padded by zero.
- event-type=EVENT-TYPE
- all, git, or web. all by default.
- filter=FILTER
- e.g. actor:logpresso
Output Fields
| Field | Type | Name | Description |
|---|---|---|---|
| _time | Date | Time | |
| profile | String | Connect profile | The identifier of GitHub connect profile |
| actor | String | Actor account | e.g. xeraph |
| actor_ip | IP address | Actor IP address | |
| operation_type | String | Operation type | e.g. create, modify |
| action | String | Action | e.g. git.clone, git.fetch, git.push |
| business_id | Integer | Business ID | |
| business | String | Business | e.g. logpresso |
| org_id | Integer | Organization ID | |
| org | String | Organization name | |
| repo | String | Repository name | e.g. logpresso/community |
| branch | String | Branch name | e.g. refs/heads/main |
| team | String | Team | |
| user_id | Integer | User ID | |
| user | String | User | |
| user_agent | String | User agent | e.g. git/2.39.2 |
| public_repo | Bool | Public repository | |
| transport_protocol_name | String | Transport protocol | e.g. ssh, http |
| pull_request_id | Integer | Pull request ID | |
| pull_request_title | String | Pull request title | |
| pull_request_url | String | Pull request URL | |
| reasons | List | Reasons | Elements with code, message properties |