Logpresso Store

Install Guide

Log In With GitHub Enterprise Account

The GitHub Audit Log API is also supported for Organization-level accounts, but in this case the actor IP is not queried. Logpresso recommends using a GitHub Enterprise Cloud account, as audit logs are meaningless if you can't change settings or see the actual IP address from which code was downloaded. GitHub Enterprise Cloud requires annual billing on an invoice basis, so please discuss switching accounts with GitHub Sales.

Your Enterprise Cloud plan is active if Your Enterprises is in the panel menu that appears when you click on your GitHub profile in the top right, as shown below.

GitHub Enterprise Audit Log Settings

In Settings > Audit log > Settings or https://github.com/enterprises/ENTERPRISE_ID/settings/audit-log/event_settings (where ENTERPRISE_ID is your enterprise account ID), you can Enable source IP disclosure as shown below.

Create GitHub Personal Access Token

The GitHub app needs a personal access token to communicate with GitHub.

Click your GitHub profile in the top right corner, and navigate to Settings > Developer Settings > Personal access tokens from the pop-up menu, or by clicking the link.
Click the Generate new token (classic) button.
On the New personal access token (classic) screen, set the permissions you want to grant to the access token. After granting the permissions, click the Generate token button to generate the token.

Scope Permission

repo security_events

admin:org read:org

user read:user

user user:email

audit_log read:audit_log
- Specify the Expiration according to your organization's security policy.
```
If your access token expires, the GitHub app will not work properly, so renew your token before it expires.
```
An access token starting with ghp_ is now generated and displayed on the screen. Copy it to the clipboard and keep the key in a safe place.

Scope	Permission
repo	security_events
admin:org	read:org
user	read:user
user	user:email
audit_log	read:audit_log

Set Up GitHub Connect Profile

Refer to this article to add a connect profile

The following are required fields when setting up a connect profile

Name: A unique name to identify the connection profile
Identifier: A unique identifier for the connect profile to use in logpresso queries, etc.
Type: GitHub
Enterprise ID: Github enterprise account ID
Personal access token: GitHub personal access token

Set up GitHub Logger

Refer to the this article to add a logger.

The following are required fields.

Name: A unique name to identify the collector
Interval: 5 seconds (default). Change it as needed
Storage: Select the appropriate node based on your Logpresso platform configuration
Logger Model**: GitHub audit logs
Table**: Enter GITHUB
Connect profile: The identifier you entered when configuring the connect profile

In addition, you can change the following properties

Event type (default: all)
- all: Collects All audit logs
- git: Collects only Git client audit logs
- web: Collects non-Git client audit logs
Filters: See Searching the audit log for your enterprise.

Now you can activate the logger: go to your dashboard to monitor your GitHub usage.