Skip to main content
Die REST-API verfügt jetzt über eine Versionskontrolle. Weitere Informationen findest du unter Informationen zur API-Versionsverwaltung.

REST-API-Endpunkte für Enterprise-Überwachungsprotokolle

Verwende die REST-API, um Überwachungsprotokolle für ein Unternehmen abzurufen.

Diese Endpunkte unterstützen nur die Authentifizierung über ein personal access token (classic). Weitere Informationen findest du unter Verwalten deiner persönlichen Zugriffstoken.

Get the audit log for an enterprise

Gets the audit log for an enterprise.

This endpoint has a rate limit of 1,750 queries per hour per user and IP address. If your integration receives a rate limit error (typically a 403 or 429 response), it should wait before making another request to the GitHub API. For more information, see "Rate limits for the REST API" and "Best practices for integrators."

The authenticated user must be an enterprise admin to use this endpoint.

OAuth app tokens and personal access tokens (classic) need the read:audit_log scope to use this endpoint.

Differenzierte Zugriffstoken für "Get the audit log for an enterprise"

Dieser Endpunkt funktioniert mit den folgenden differenzierten Tokentypen.:

Das differenzierte Token muss einen der folgenden Berechtigungssätze aufweisen.:

  • "Enterprise administration" business permissions (read)

Parameter für „Get the audit log for an enterprise“

Header
Name, type, BESCHREIBUNG
accept string

Setting to application/vnd.github+json is recommended.

Pfadparameter
Name, type, BESCHREIBUNG
enterprise string Erforderlich

The slug version of the enterprise name. You can also substitute this value with the enterprise id.

Abfrageparameter
Name, type, BESCHREIBUNG
phrase string

A search phrase. For more information, see Searching the audit log.

include string

The event types to include:

  • web - returns web (non-Git) events.
  • git - returns Git events.
  • all - returns both web and Git events.

The default is web.

Kann eine der Folgenden sein: web, git, all

after string

A cursor, as given in the Link header. If specified, the query only searches for events after this cursor.

before string

A cursor, as given in the Link header. If specified, the query only searches for events before this cursor.

order string

The order of audit log events. To list newest events first, specify desc. To list oldest events first, specify asc.

The default is desc.

Kann eine der Folgenden sein: desc, asc

page integer

The page number of the results to fetch. For more information, see "Using pagination in the REST API."

Standard: 1

per_page integer

The number of results per page (max 100). For more information, see "Using pagination in the REST API."

Standard: 30

HTTP-Antwortstatuscodes für „Get the audit log for an enterprise“

StatuscodeBESCHREIBUNG
200

OK

Codebeispiele für „Get the audit log for an enterprise“

Wenn du unter GHE.com auf GitHub zugreifst, ersetze api.github.com unter api.SUBDOMAIN.ghe.com mit der dedizierten Unterdomäne deines Unternehmens.

Anforderungsbeispiel

get/enterprises/{enterprise}/audit-log
curl -L \ -H "Accept: application/vnd.github+json" \ -H "Authorization: Bearer <YOUR-TOKEN>" \ -H "X-GitHub-Api-Version: 2022-11-28" \ https://api.github.com/enterprises/ENTERPRISE/audit-log

Response

Status: 200
[ { "@timestamp": 1606929874512, "action": "team.add_member", "actor": "octocat", "created_at": 1606929874512, "_document_id": "xJJFlFOhQ6b-5vaAFy9Rjw", "org": "octo-corp", "team": "octo-corp/example-team", "user": "monalisa" }, { "@timestamp": 1606507117008, "action": "org.create", "actor": "octocat", "created_at": 1606507117008, "_document_id": "Vqvg6kZ4MYqwWRKFDzlMoQ", "org": "octocat-test-org" }, { "@timestamp": 1605719148837, "action": "repo.destroy", "actor": "monalisa", "created_at": 1605719148837, "_document_id": "LwW2vpJZCDS-WUmo9Z-ifw", "org": "mona-org", "repo": "mona-org/mona-test-repo", "visibility": "private" } ]

Get the audit log stream key for encrypting secrets

Retrieves the audit log streaming public key for encrypting secrets.

When using this endpoint, you must encrypt the credentials following the same encryption steps as outlined in the guide on encrypting secrets. See "Encrypting secrets for the REST API."

Differenzierte Zugriffstoken für "Get the audit log stream key for encrypting secrets"

Dieser Endpunkt funktioniert nicht mit GitHub-App-Benutzerzugriffstoken, GitHub-App-Installationszugriffstoken oder differenzierten persönlichen Zugriffstoken.

Parameter für „Get the audit log stream key for encrypting secrets“

Header
Name, type, BESCHREIBUNG
accept string

Setting to application/vnd.github+json is recommended.

Pfadparameter
Name, type, BESCHREIBUNG
enterprise string Erforderlich

The slug version of the enterprise name. You can also substitute this value with the enterprise id.

HTTP-Antwortstatuscodes für „Get the audit log stream key for encrypting secrets“

StatuscodeBESCHREIBUNG
200

The stream key for the audit log streaming configuration was retrieved successfully.

Codebeispiele für „Get the audit log stream key for encrypting secrets“

Wenn du unter GHE.com auf GitHub zugreifst, ersetze api.github.com unter api.SUBDOMAIN.ghe.com mit der dedizierten Unterdomäne deines Unternehmens.

Anforderungsbeispiel

get/enterprises/{enterprise}/audit-log/stream-key
curl -L \ -H "Accept: application/vnd.github+json" \ -H "Authorization: Bearer <YOUR-TOKEN>" \ -H "X-GitHub-Api-Version: 2022-11-28" \ https://api.github.com/enterprises/ENTERPRISE/audit-log/stream-key

The stream key for the audit log streaming configuration was retrieved successfully.

Status: 200
{ "key_id": "123", "key": "actual-public-key-value" }

List audit log stream configurations for an enterprise

Lists the configured audit log streaming configurations for an enterprise. This only lists configured streams for supported providers.

When using this endpoint, you must encrypt the credentials following the same encryption steps as outlined in the guide on encrypting secrets. See "Encrypting secrets for the REST API."

Differenzierte Zugriffstoken für "List audit log stream configurations for an enterprise"

Dieser Endpunkt funktioniert nicht mit GitHub-App-Benutzerzugriffstoken, GitHub-App-Installationszugriffstoken oder differenzierten persönlichen Zugriffstoken.

Parameter für „List audit log stream configurations for an enterprise“

Header
Name, type, BESCHREIBUNG
accept string

Setting to application/vnd.github+json is recommended.

Pfadparameter
Name, type, BESCHREIBUNG
enterprise string Erforderlich

The slug version of the enterprise name. You can also substitute this value with the enterprise id.

HTTP-Antwortstatuscodes für „List audit log stream configurations for an enterprise“

StatuscodeBESCHREIBUNG
200

OK

Codebeispiele für „List audit log stream configurations for an enterprise“

Wenn du unter GHE.com auf GitHub zugreifst, ersetze api.github.com unter api.SUBDOMAIN.ghe.com mit der dedizierten Unterdomäne deines Unternehmens.

Anforderungsbeispiel

get/enterprises/{enterprise}/audit-log/streams
curl -L \ -H "Accept: application/vnd.github+json" \ -H "Authorization: Bearer <YOUR-TOKEN>" \ -H "X-GitHub-Api-Version: 2022-11-28" \ https://api.github.com/enterprises/ENTERPRISE/audit-log/streams

OK

Status: 200
[ { "id": 1, "stream_type": "Splunk", "stream_details": "US", "enabled": true, "created_at": "2024-06-06T08:00:00Z", "updated_at": "2024-06-06T08:00:00Z", "paused_at": null } ]

Create an audit log streaming configuration for an enterprise

Creates an audit log streaming configuration for any of the supported streaming endpoints: Azure Blob Storage, Azure Event Hubs, Amazon S3, Splunk, Google Cloud Storage, Datadog.

When using this endpoint, you must encrypt the credentials following the same encryption steps as outlined in the guide on encrypting secrets. See "Encrypting secrets for the REST API."

Differenzierte Zugriffstoken für "Create an audit log streaming configuration for an enterprise"

Dieser Endpunkt funktioniert nicht mit GitHub-App-Benutzerzugriffstoken, GitHub-App-Installationszugriffstoken oder differenzierten persönlichen Zugriffstoken.

Parameter für „Create an audit log streaming configuration for an enterprise“

Header
Name, type, BESCHREIBUNG
accept string

Setting to application/vnd.github+json is recommended.

Pfadparameter
Name, type, BESCHREIBUNG
enterprise string Erforderlich

The slug version of the enterprise name. You can also substitute this value with the enterprise id.

Textparameter
Name, type, BESCHREIBUNG
enabled boolean Erforderlich

This setting pauses or resumes a stream.

stream_type string Erforderlich

The audit log streaming provider. The name is case sensitive.

Kann eine der Folgenden sein: Azure Blob Storage, Azure Event Hubs, Amazon S3, Splunk, HTTPS Event Collector, Google Cloud Storage, Datadog

vendor_specific object Erforderlich
Name, type, BESCHREIBUNG
AzureBlobConfig object Erforderlich

Azure Blob Config for audit log streaming configuration.

Name, type, BESCHREIBUNG
key_id string Erforderlich

Key ID obtained from the audit log stream key endpoint used to encrypt secrets.

encrypted_sas_url string Erforderlich
AzureHubConfig object Erforderlich

Azure Event Hubs Config for audit log streaming configuration.

Name, type, BESCHREIBUNG
name string Erforderlich

Instance name of Azure Event Hubs

encrypted_connstring string Erforderlich

Encrypted Connection String for Azure Event Hubs

key_id string Erforderlich

Key ID obtained from the audit log stream key endpoint used to encrypt secrets.

AmazonS3OIDCConfig object Erforderlich

Amazon S3 OIDC Config for audit log streaming configuration.

Name, type, BESCHREIBUNG
bucket string Erforderlich

Amazon S3 Bucket Name.

region string Erforderlich

AWS S3 Bucket Region.

key_id string Erforderlich

Key ID obtained from the audit log stream key endpoint used to encrypt secrets.

authentication_type string Erforderlich

Authentication Type for Amazon S3.

Wert: oidc

arn_role string Erforderlich
AmazonS3AccessKeysConfig object Erforderlich

Amazon S3 Access Keys Config for audit log streaming configuration.

Name, type, BESCHREIBUNG
bucket string Erforderlich

Amazon S3 Bucket Name.

region string Erforderlich

Amazon S3 Bucket Name.

key_id string Erforderlich

Key ID obtained from the audit log stream key endpoint used to encrypt secrets.

authentication_type string Erforderlich

Authentication Type for Amazon S3.

Wert: access_keys

encrypted_secret_key string Erforderlich

Encrypted AWS Secret Key.

encrypted_access_key_id string Erforderlich

Encrypted AWS Access Key ID.

SplunkConfig object Erforderlich

Splunk Config for Audit Log Stream Configuration

Name, type, BESCHREIBUNG
domain string Erforderlich

Domain of Splunk instance.

port integer Erforderlich

The port number for connecting to Splunk.

key_id string Erforderlich

Key ID obtained from the audit log stream key endpoint used to encrypt secrets.

encrypted_token string Erforderlich

Encrypted Token.

ssl_verify boolean Erforderlich

SSL verification helps ensure your events are sent to your Splunk endpoint securely.

GoogleCloudConfig object Erforderlich

Google Cloud Config for audit log streaming configuration.

Name, type, BESCHREIBUNG
bucket string Erforderlich

Google Cloud Bucket Name

key_id string Erforderlich

Key ID obtained from the audit log stream key endpoint used to encrypt secrets.

encrypted_json_credentials string Erforderlich
DatadogConfig object Erforderlich

Datadog Config for audit log streaming configuration.

Name, type, BESCHREIBUNG
encrypted_token string Erforderlich

Encrypted Splunk token.

site string Erforderlich

Datadog Site to use.

Kann eine der Folgenden sein: US, US3, US5, EU1, US1-FED, AP1

key_id string Erforderlich

Key ID obtained from the audit log stream key endpoint used to encrypt secrets.

HTTP-Antwortstatuscodes für „Create an audit log streaming configuration for an enterprise“

StatuscodeBESCHREIBUNG
200

The audit log stream configuration was created successfully.

Codebeispiele für „Create an audit log streaming configuration for an enterprise“

Wenn du unter GHE.com auf GitHub zugreifst, ersetze api.github.com unter api.SUBDOMAIN.ghe.com mit der dedizierten Unterdomäne deines Unternehmens.

Anforderungsbeispiel

post/enterprises/{enterprise}/audit-log/streams
curl -L \ -X POST \ -H "Accept: application/vnd.github+json" \ -H "Authorization: Bearer <YOUR-TOKEN>" \ -H "X-GitHub-Api-Version: 2022-11-28" \ https://api.github.com/enterprises/ENTERPRISE/audit-log/streams \ -d '{"enabled":false,"stream_type":"Azure Event Hubs","vendor_specific":{"namespace":"newnamespace","shared_access_key_name":"newaccesskeyname","shared_access_key":"newaccesskey","event_hub_name":"neweventhub"}}'

The audit log stream configuration was created successfully.

Status: 200
{ "id": 1, "stream_type": "Splunk", "stream_details": "US", "enabled": true, "created_at": "2024-06-06T08:00:00Z", "updated_at": "2024-06-06T08:00:00Z", "paused_at": null }

List one audit log streaming configuration via a stream ID

Lists one audit log stream configuration via a stream ID.

When using this endpoint, you must encrypt the credentials following the same encryption steps as outlined in the guide on encrypting secrets. See "Encrypting secrets for the REST API."

Differenzierte Zugriffstoken für "List one audit log streaming configuration via a stream ID"

Dieser Endpunkt funktioniert nicht mit GitHub-App-Benutzerzugriffstoken, GitHub-App-Installationszugriffstoken oder differenzierten persönlichen Zugriffstoken.

Parameter für „List one audit log streaming configuration via a stream ID“

Header
Name, type, BESCHREIBUNG
accept string

Setting to application/vnd.github+json is recommended.

Pfadparameter
Name, type, BESCHREIBUNG
enterprise string Erforderlich

The slug version of the enterprise name. You can also substitute this value with the enterprise id.

stream_id integer Erforderlich

The ID of the audit log stream configuration.

HTTP-Antwortstatuscodes für „List one audit log streaming configuration via a stream ID“

StatuscodeBESCHREIBUNG
200

Lists one audit log stream configuration via stream ID.

Codebeispiele für „List one audit log streaming configuration via a stream ID“

Wenn du unter GHE.com auf GitHub zugreifst, ersetze api.github.com unter api.SUBDOMAIN.ghe.com mit der dedizierten Unterdomäne deines Unternehmens.

Anforderungsbeispiel

get/enterprises/{enterprise}/audit-log/streams/{stream_id}
curl -L \ -H "Accept: application/vnd.github+json" \ -H "Authorization: Bearer <YOUR-TOKEN>" \ -H "X-GitHub-Api-Version: 2022-11-28" \ https://api.github.com/enterprises/ENTERPRISE/audit-log/streams/STREAM_ID

Lists one audit log stream configuration via stream ID.

Status: 200
{ "id": 1, "stream_type": "Splunk", "stream_details": "US", "enabled": true, "created_at": "2024-06-06T08:00:00Z", "updated_at": "2024-06-06T08:00:00Z", "paused_at": null }

Update an existing audit log stream configuration

Updates an existing audit log stream configuration for an enterprise.

When using this endpoint, you must encrypt the credentials following the same encryption steps as outlined in the guide on encrypting secrets. See "Encrypting secrets for the REST API."

Differenzierte Zugriffstoken für "Update an existing audit log stream configuration"

Dieser Endpunkt funktioniert nicht mit GitHub-App-Benutzerzugriffstoken, GitHub-App-Installationszugriffstoken oder differenzierten persönlichen Zugriffstoken.

Parameter für „Update an existing audit log stream configuration“

Header
Name, type, BESCHREIBUNG
accept string

Setting to application/vnd.github+json is recommended.

Pfadparameter
Name, type, BESCHREIBUNG
enterprise string Erforderlich

The slug version of the enterprise name. You can also substitute this value with the enterprise id.

stream_id integer Erforderlich

The ID of the audit log stream configuration.

Textparameter
Name, type, BESCHREIBUNG
enabled boolean Erforderlich

This setting pauses or resumes a stream.

stream_type string Erforderlich

The audit log streaming provider. The name is case sensitive.

Kann eine der Folgenden sein: Azure Blob Storage, Azure Event Hubs, Amazon S3, Splunk, HTTPS Event Collector, Google Cloud Storage, Datadog

vendor_specific object Erforderlich
Name, type, BESCHREIBUNG
AzureBlobConfig object Erforderlich

Azure Blob Config for audit log streaming configuration.

Name, type, BESCHREIBUNG
key_id string Erforderlich

Key ID obtained from the audit log stream key endpoint used to encrypt secrets.

encrypted_sas_url string Erforderlich
AzureHubConfig object Erforderlich

Azure Event Hubs Config for audit log streaming configuration.

Name, type, BESCHREIBUNG
name string Erforderlich

Instance name of Azure Event Hubs

encrypted_connstring string Erforderlich

Encrypted Connection String for Azure Event Hubs

key_id string Erforderlich

Key ID obtained from the audit log stream key endpoint used to encrypt secrets.

AmazonS3OIDCConfig object Erforderlich

Amazon S3 OIDC Config for audit log streaming configuration.

Name, type, BESCHREIBUNG
bucket string Erforderlich

Amazon S3 Bucket Name.

region string Erforderlich

AWS S3 Bucket Region.

key_id string Erforderlich

Key ID obtained from the audit log stream key endpoint used to encrypt secrets.

authentication_type string Erforderlich

Authentication Type for Amazon S3.

Wert: oidc

arn_role string Erforderlich
AmazonS3AccessKeysConfig object Erforderlich

Amazon S3 Access Keys Config for audit log streaming configuration.

Name, type, BESCHREIBUNG
bucket string Erforderlich

Amazon S3 Bucket Name.

region string Erforderlich

Amazon S3 Bucket Name.

key_id string Erforderlich

Key ID obtained from the audit log stream key endpoint used to encrypt secrets.

authentication_type string Erforderlich

Authentication Type for Amazon S3.

Wert: access_keys

encrypted_secret_key string Erforderlich

Encrypted AWS Secret Key.

encrypted_access_key_id string Erforderlich

Encrypted AWS Access Key ID.

SplunkConfig object Erforderlich

Splunk Config for Audit Log Stream Configuration

Name, type, BESCHREIBUNG
domain string Erforderlich

Domain of Splunk instance.

port integer Erforderlich

The port number for connecting to Splunk.

key_id string Erforderlich

Key ID obtained from the audit log stream key endpoint used to encrypt secrets.

encrypted_token string Erforderlich

Encrypted Token.

ssl_verify boolean Erforderlich

SSL verification helps ensure your events are sent to your Splunk endpoint securely.

GoogleCloudConfig object Erforderlich

Google Cloud Config for audit log streaming configuration.

Name, type, BESCHREIBUNG
bucket string Erforderlich

Google Cloud Bucket Name

key_id string Erforderlich

Key ID obtained from the audit log stream key endpoint used to encrypt secrets.

encrypted_json_credentials string Erforderlich
DatadogConfig object Erforderlich

Datadog Config for audit log streaming configuration.

Name, type, BESCHREIBUNG
encrypted_token string Erforderlich

Encrypted Splunk token.

site string Erforderlich

Datadog Site to use.

Kann eine der Folgenden sein: US, US3, US5, EU1, US1-FED, AP1

key_id string Erforderlich

Key ID obtained from the audit log stream key endpoint used to encrypt secrets.

HTTP-Antwortstatuscodes für „Update an existing audit log stream configuration“

StatuscodeBESCHREIBUNG
200

Successful update

422

Validation error

Codebeispiele für „Update an existing audit log stream configuration“

Wenn du unter GHE.com auf GitHub zugreifst, ersetze api.github.com unter api.SUBDOMAIN.ghe.com mit der dedizierten Unterdomäne deines Unternehmens.

Anforderungsbeispiel

put/enterprises/{enterprise}/audit-log/streams/{stream_id}
curl -L \ -X PUT \ -H "Accept: application/vnd.github+json" \ -H "Authorization: Bearer <YOUR-TOKEN>" \ -H "X-GitHub-Api-Version: 2022-11-28" \ https://api.github.com/enterprises/ENTERPRISE/audit-log/streams/STREAM_ID \ -d '{"enabled":false,"stream_type":"Azure Event Hubs","vendor_specific":{"namespace":"newnamespace","shared_access_key_name":"newaccesskeyname","shared_access_key":"newaccesskey","event_hub_name":"neweventhub"}}'

Successful update

Status: 200
{ "id": 1, "stream_type": "Splunk", "stream_details": "US", "enabled": true, "created_at": "2024-06-06T08:00:00Z", "updated_at": "2024-06-06T08:00:00Z", "paused_at": null }

Delete an audit log streaming configuration for an enterprise

Deletes an existing audit log stream configuration for an enterprise.

When using this endpoint, you must encrypt the credentials following the same encryption steps as outlined in the guide on encrypting secrets. See "Encrypting secrets for the REST API."

Differenzierte Zugriffstoken für "Delete an audit log streaming configuration for an enterprise"

Dieser Endpunkt funktioniert nicht mit GitHub-App-Benutzerzugriffstoken, GitHub-App-Installationszugriffstoken oder differenzierten persönlichen Zugriffstoken.

Parameter für „Delete an audit log streaming configuration for an enterprise“

Header
Name, type, BESCHREIBUNG
accept string

Setting to application/vnd.github+json is recommended.

Pfadparameter
Name, type, BESCHREIBUNG
enterprise string Erforderlich

The slug version of the enterprise name. You can also substitute this value with the enterprise id.

stream_id integer Erforderlich

The ID of the audit log stream configuration.

HTTP-Antwortstatuscodes für „Delete an audit log streaming configuration for an enterprise“

StatuscodeBESCHREIBUNG
204

The audit log stream configuration was deleted successfully.

Codebeispiele für „Delete an audit log streaming configuration for an enterprise“

Wenn du unter GHE.com auf GitHub zugreifst, ersetze api.github.com unter api.SUBDOMAIN.ghe.com mit der dedizierten Unterdomäne deines Unternehmens.

Anforderungsbeispiel

delete/enterprises/{enterprise}/audit-log/streams/{stream_id}
curl -L \ -X DELETE \ -H "Accept: application/vnd.github+json" \ -H "Authorization: Bearer <YOUR-TOKEN>" \ -H "X-GitHub-Api-Version: 2022-11-28" \ https://api.github.com/enterprises/ENTERPRISE/audit-log/streams/STREAM_ID

The audit log stream configuration was deleted successfully.

Status: 204