Skip to main content
REST API 现已经过版本控制。 有关详细信息,请参阅“关于 API 版本控制”。

适用于企业审核日志的 REST API 终结点

使用 REST API 检索企业的审核日志。

这些终结点仅支持使用 personal access token (classic) 进行身份验证。 有关详细信息,请参阅“管理个人访问令牌”。

Get the audit log for an enterprise

Gets the audit log for an enterprise.

This endpoint has a rate limit of 1,750 queries per hour per user and IP address. If your integration receives a rate limit error (typically a 403 or 429 response), it should wait before making another request to the GitHub API. For more information, see "Rate limits for the REST API" and "Best practices for integrators."

The authenticated user must be an enterprise admin to use this endpoint.

OAuth app tokens and personal access tokens (classic) need the read:audit_log scope to use this endpoint.

“Get the audit log for an enterprise”的细粒度访问令牌

此端点支持以下精细令牌类型:

精细令牌必须具有以下权限集:

  • "Enterprise administration" business permissions (read)

“Get the audit log for an enterprise”的参数

标头
名称, 类型, 说明
accept string

Setting to application/vnd.github+json is recommended.

路径参数
名称, 类型, 说明
enterprise string 必须

The slug version of the enterprise name. You can also substitute this value with the enterprise id.

查询参数
名称, 类型, 说明
phrase string

A search phrase. For more information, see Searching the audit log.

include string

The event types to include:

  • web - returns web (non-Git) events.
  • git - returns Git events.
  • all - returns both web and Git events.

The default is web.

可以是以下选项之一: web, git, all

after string

A cursor, as given in the Link header. If specified, the query only searches for events after this cursor.

before string

A cursor, as given in the Link header. If specified, the query only searches for events before this cursor.

order string

The order of audit log events. To list newest events first, specify desc. To list oldest events first, specify asc.

The default is desc.

可以是以下选项之一: desc, asc

page integer

The page number of the results to fetch. For more information, see "Using pagination in the REST API."

默认: 1

per_page integer

The number of results per page (max 100). For more information, see "Using pagination in the REST API."

默认: 30

“Get the audit log for an enterprise”的 HTTP 响应状态代码

状态代码说明
200

OK

“Get the audit log for an enterprise”的示例代码

如果你通过 GHE.com 访问 GitHub,请将 api.github.com 替换为你的企业在 api.SUBDOMAIN.ghe.com 上的专用子域。

请求示例

get/enterprises/{enterprise}/audit-log
curl -L \ -H "Accept: application/vnd.github+json" \ -H "Authorization: Bearer <YOUR-TOKEN>" \ -H "X-GitHub-Api-Version: 2022-11-28" \ https://api.github.com/enterprises/ENTERPRISE/audit-log

Response

Status: 200
[ { "@timestamp": 1606929874512, "action": "team.add_member", "actor": "octocat", "created_at": 1606929874512, "_document_id": "xJJFlFOhQ6b-5vaAFy9Rjw", "org": "octo-corp", "team": "octo-corp/example-team", "user": "monalisa" }, { "@timestamp": 1606507117008, "action": "org.create", "actor": "octocat", "created_at": 1606507117008, "_document_id": "Vqvg6kZ4MYqwWRKFDzlMoQ", "org": "octocat-test-org" }, { "@timestamp": 1605719148837, "action": "repo.destroy", "actor": "monalisa", "created_at": 1605719148837, "_document_id": "LwW2vpJZCDS-WUmo9Z-ifw", "org": "mona-org", "repo": "mona-org/mona-test-repo", "visibility": "private" } ]

Get the audit log stream key for encrypting secrets

Retrieves the audit log streaming public key for encrypting secrets.

When using this endpoint, you must encrypt the credentials following the same encryption steps as outlined in the guide on encrypting secrets. See "Encrypting secrets for the REST API."

“Get the audit log stream key for encrypting secrets”的细粒度访问令牌

此终结点不适用于 GitHub 应用程序用户访问令牌、GitHub 应用程序安装访问令牌或细粒度个人访问令牌。

“Get the audit log stream key for encrypting secrets”的参数

标头
名称, 类型, 说明
accept string

Setting to application/vnd.github+json is recommended.

路径参数
名称, 类型, 说明
enterprise string 必须

The slug version of the enterprise name. You can also substitute this value with the enterprise id.

“Get the audit log stream key for encrypting secrets”的 HTTP 响应状态代码

状态代码说明
200

The stream key for the audit log streaming configuration was retrieved successfully.

“Get the audit log stream key for encrypting secrets”的示例代码

如果你通过 GHE.com 访问 GitHub,请将 api.github.com 替换为你的企业在 api.SUBDOMAIN.ghe.com 上的专用子域。

请求示例

get/enterprises/{enterprise}/audit-log/stream-key
curl -L \ -H "Accept: application/vnd.github+json" \ -H "Authorization: Bearer <YOUR-TOKEN>" \ -H "X-GitHub-Api-Version: 2022-11-28" \ https://api.github.com/enterprises/ENTERPRISE/audit-log/stream-key

The stream key for the audit log streaming configuration was retrieved successfully.

Status: 200
{ "key_id": "123", "key": "actual-public-key-value" }

List audit log stream configurations for an enterprise

Lists the configured audit log streaming configurations for an enterprise. This only lists configured streams for supported providers.

When using this endpoint, you must encrypt the credentials following the same encryption steps as outlined in the guide on encrypting secrets. See "Encrypting secrets for the REST API."

“List audit log stream configurations for an enterprise”的细粒度访问令牌

此终结点不适用于 GitHub 应用程序用户访问令牌、GitHub 应用程序安装访问令牌或细粒度个人访问令牌。

“List audit log stream configurations for an enterprise”的参数

标头
名称, 类型, 说明
accept string

Setting to application/vnd.github+json is recommended.

路径参数
名称, 类型, 说明
enterprise string 必须

The slug version of the enterprise name. You can also substitute this value with the enterprise id.

“List audit log stream configurations for an enterprise”的 HTTP 响应状态代码

状态代码说明
200

OK

“List audit log stream configurations for an enterprise”的示例代码

如果你通过 GHE.com 访问 GitHub,请将 api.github.com 替换为你的企业在 api.SUBDOMAIN.ghe.com 上的专用子域。

请求示例

get/enterprises/{enterprise}/audit-log/streams
curl -L \ -H "Accept: application/vnd.github+json" \ -H "Authorization: Bearer <YOUR-TOKEN>" \ -H "X-GitHub-Api-Version: 2022-11-28" \ https://api.github.com/enterprises/ENTERPRISE/audit-log/streams

OK

Status: 200
[ { "id": 1, "stream_type": "Splunk", "stream_details": "US", "enabled": true, "created_at": "2024-06-06T08:00:00Z", "updated_at": "2024-06-06T08:00:00Z", "paused_at": null } ]

Create an audit log streaming configuration for an enterprise

Creates an audit log streaming configuration for any of the supported streaming endpoints: Azure Blob Storage, Azure Event Hubs, Amazon S3, Splunk, Google Cloud Storage, Datadog.

When using this endpoint, you must encrypt the credentials following the same encryption steps as outlined in the guide on encrypting secrets. See "Encrypting secrets for the REST API."

“Create an audit log streaming configuration for an enterprise”的细粒度访问令牌

此终结点不适用于 GitHub 应用程序用户访问令牌、GitHub 应用程序安装访问令牌或细粒度个人访问令牌。

“Create an audit log streaming configuration for an enterprise”的参数

标头
名称, 类型, 说明
accept string

Setting to application/vnd.github+json is recommended.

路径参数
名称, 类型, 说明
enterprise string 必须

The slug version of the enterprise name. You can also substitute this value with the enterprise id.

正文参数
名称, 类型, 说明
enabled boolean 必须

This setting pauses or resumes a stream.

stream_type string 必须

The audit log streaming provider. The name is case sensitive.

可以是以下选项之一: Azure Blob Storage, Azure Event Hubs, Amazon S3, Splunk, HTTPS Event Collector, Google Cloud Storage, Datadog

vendor_specific object 必须
名称, 类型, 说明
AzureBlobConfig object 必须

Azure Blob Config for audit log streaming configuration.

名称, 类型, 说明
key_id string 必须

Key ID obtained from the audit log stream key endpoint used to encrypt secrets.

encrypted_sas_url string 必须
AzureHubConfig object 必须

Azure Event Hubs Config for audit log streaming configuration.

名称, 类型, 说明
name string 必须

Instance name of Azure Event Hubs

encrypted_connstring string 必须

Encrypted Connection String for Azure Event Hubs

key_id string 必须

Key ID obtained from the audit log stream key endpoint used to encrypt secrets.

AmazonS3OIDCConfig object 必须

Amazon S3 OIDC Config for audit log streaming configuration.

名称, 类型, 说明
bucket string 必须

Amazon S3 Bucket Name.

region string 必须

AWS S3 Bucket Region.

key_id string 必须

Key ID obtained from the audit log stream key endpoint used to encrypt secrets.

authentication_type string 必须

Authentication Type for Amazon S3.

: oidc

arn_role string 必须
AmazonS3AccessKeysConfig object 必须

Amazon S3 Access Keys Config for audit log streaming configuration.

名称, 类型, 说明
bucket string 必须

Amazon S3 Bucket Name.

region string 必须

Amazon S3 Bucket Name.

key_id string 必须

Key ID obtained from the audit log stream key endpoint used to encrypt secrets.

authentication_type string 必须

Authentication Type for Amazon S3.

: access_keys

encrypted_secret_key string 必须

Encrypted AWS Secret Key.

encrypted_access_key_id string 必须

Encrypted AWS Access Key ID.

SplunkConfig object 必须

Splunk Config for Audit Log Stream Configuration

名称, 类型, 说明
domain string 必须

Domain of Splunk instance.

port integer 必须

The port number for connecting to Splunk.

key_id string 必须

Key ID obtained from the audit log stream key endpoint used to encrypt secrets.

encrypted_token string 必须

Encrypted Token.

ssl_verify boolean 必须

SSL verification helps ensure your events are sent to your Splunk endpoint securely.

GoogleCloudConfig object 必须

Google Cloud Config for audit log streaming configuration.

名称, 类型, 说明
bucket string 必须

Google Cloud Bucket Name

key_id string 必须

Key ID obtained from the audit log stream key endpoint used to encrypt secrets.

encrypted_json_credentials string 必须
DatadogConfig object 必须

Datadog Config for audit log streaming configuration.

名称, 类型, 说明
encrypted_token string 必须

Encrypted Splunk token.

site string 必须

Datadog Site to use.

可以是以下选项之一: US, US3, US5, EU1, US1-FED, AP1

key_id string 必须

Key ID obtained from the audit log stream key endpoint used to encrypt secrets.

“Create an audit log streaming configuration for an enterprise”的 HTTP 响应状态代码

状态代码说明
200

The audit log stream configuration was created successfully.

“Create an audit log streaming configuration for an enterprise”的示例代码

如果你通过 GHE.com 访问 GitHub,请将 api.github.com 替换为你的企业在 api.SUBDOMAIN.ghe.com 上的专用子域。

请求示例

post/enterprises/{enterprise}/audit-log/streams
curl -L \ -X POST \ -H "Accept: application/vnd.github+json" \ -H "Authorization: Bearer <YOUR-TOKEN>" \ -H "X-GitHub-Api-Version: 2022-11-28" \ https://api.github.com/enterprises/ENTERPRISE/audit-log/streams \ -d '{"enabled":false,"stream_type":"Azure Event Hubs","vendor_specific":{"namespace":"newnamespace","shared_access_key_name":"newaccesskeyname","shared_access_key":"newaccesskey","event_hub_name":"neweventhub"}}'

The audit log stream configuration was created successfully.

Status: 200
{ "id": 1, "stream_type": "Splunk", "stream_details": "US", "enabled": true, "created_at": "2024-06-06T08:00:00Z", "updated_at": "2024-06-06T08:00:00Z", "paused_at": null }

List one audit log streaming configuration via a stream ID

Lists one audit log stream configuration via a stream ID.

When using this endpoint, you must encrypt the credentials following the same encryption steps as outlined in the guide on encrypting secrets. See "Encrypting secrets for the REST API."

“List one audit log streaming configuration via a stream ID”的细粒度访问令牌

此终结点不适用于 GitHub 应用程序用户访问令牌、GitHub 应用程序安装访问令牌或细粒度个人访问令牌。

“List one audit log streaming configuration via a stream ID”的参数

标头
名称, 类型, 说明
accept string

Setting to application/vnd.github+json is recommended.

路径参数
名称, 类型, 说明
enterprise string 必须

The slug version of the enterprise name. You can also substitute this value with the enterprise id.

stream_id integer 必须

The ID of the audit log stream configuration.

“List one audit log streaming configuration via a stream ID”的 HTTP 响应状态代码

状态代码说明
200

Lists one audit log stream configuration via stream ID.

“List one audit log streaming configuration via a stream ID”的示例代码

如果你通过 GHE.com 访问 GitHub,请将 api.github.com 替换为你的企业在 api.SUBDOMAIN.ghe.com 上的专用子域。

请求示例

get/enterprises/{enterprise}/audit-log/streams/{stream_id}
curl -L \ -H "Accept: application/vnd.github+json" \ -H "Authorization: Bearer <YOUR-TOKEN>" \ -H "X-GitHub-Api-Version: 2022-11-28" \ https://api.github.com/enterprises/ENTERPRISE/audit-log/streams/STREAM_ID

Lists one audit log stream configuration via stream ID.

Status: 200
{ "id": 1, "stream_type": "Splunk", "stream_details": "US", "enabled": true, "created_at": "2024-06-06T08:00:00Z", "updated_at": "2024-06-06T08:00:00Z", "paused_at": null }

Update an existing audit log stream configuration

Updates an existing audit log stream configuration for an enterprise.

When using this endpoint, you must encrypt the credentials following the same encryption steps as outlined in the guide on encrypting secrets. See "Encrypting secrets for the REST API."

“Update an existing audit log stream configuration”的细粒度访问令牌

此终结点不适用于 GitHub 应用程序用户访问令牌、GitHub 应用程序安装访问令牌或细粒度个人访问令牌。

“Update an existing audit log stream configuration”的参数

标头
名称, 类型, 说明
accept string

Setting to application/vnd.github+json is recommended.

路径参数
名称, 类型, 说明
enterprise string 必须

The slug version of the enterprise name. You can also substitute this value with the enterprise id.

stream_id integer 必须

The ID of the audit log stream configuration.

正文参数
名称, 类型, 说明
enabled boolean 必须

This setting pauses or resumes a stream.

stream_type string 必须

The audit log streaming provider. The name is case sensitive.

可以是以下选项之一: Azure Blob Storage, Azure Event Hubs, Amazon S3, Splunk, HTTPS Event Collector, Google Cloud Storage, Datadog

vendor_specific object 必须
名称, 类型, 说明
AzureBlobConfig object 必须

Azure Blob Config for audit log streaming configuration.

名称, 类型, 说明
key_id string 必须

Key ID obtained from the audit log stream key endpoint used to encrypt secrets.

encrypted_sas_url string 必须
AzureHubConfig object 必须

Azure Event Hubs Config for audit log streaming configuration.

名称, 类型, 说明
name string 必须

Instance name of Azure Event Hubs

encrypted_connstring string 必须

Encrypted Connection String for Azure Event Hubs

key_id string 必须

Key ID obtained from the audit log stream key endpoint used to encrypt secrets.

AmazonS3OIDCConfig object 必须

Amazon S3 OIDC Config for audit log streaming configuration.

名称, 类型, 说明
bucket string 必须

Amazon S3 Bucket Name.

region string 必须

AWS S3 Bucket Region.

key_id string 必须

Key ID obtained from the audit log stream key endpoint used to encrypt secrets.

authentication_type string 必须

Authentication Type for Amazon S3.

: oidc

arn_role string 必须
AmazonS3AccessKeysConfig object 必须

Amazon S3 Access Keys Config for audit log streaming configuration.

名称, 类型, 说明
bucket string 必须

Amazon S3 Bucket Name.

region string 必须

Amazon S3 Bucket Name.

key_id string 必须

Key ID obtained from the audit log stream key endpoint used to encrypt secrets.

authentication_type string 必须

Authentication Type for Amazon S3.

: access_keys

encrypted_secret_key string 必须

Encrypted AWS Secret Key.

encrypted_access_key_id string 必须

Encrypted AWS Access Key ID.

SplunkConfig object 必须

Splunk Config for Audit Log Stream Configuration

名称, 类型, 说明
domain string 必须

Domain of Splunk instance.

port integer 必须

The port number for connecting to Splunk.

key_id string 必须

Key ID obtained from the audit log stream key endpoint used to encrypt secrets.

encrypted_token string 必须

Encrypted Token.

ssl_verify boolean 必须

SSL verification helps ensure your events are sent to your Splunk endpoint securely.

GoogleCloudConfig object 必须

Google Cloud Config for audit log streaming configuration.

名称, 类型, 说明
bucket string 必须

Google Cloud Bucket Name

key_id string 必须

Key ID obtained from the audit log stream key endpoint used to encrypt secrets.

encrypted_json_credentials string 必须
DatadogConfig object 必须

Datadog Config for audit log streaming configuration.

名称, 类型, 说明
encrypted_token string 必须

Encrypted Splunk token.

site string 必须

Datadog Site to use.

可以是以下选项之一: US, US3, US5, EU1, US1-FED, AP1

key_id string 必须

Key ID obtained from the audit log stream key endpoint used to encrypt secrets.

“Update an existing audit log stream configuration”的 HTTP 响应状态代码

状态代码说明
200

Successful update

422

Validation error

“Update an existing audit log stream configuration”的示例代码

如果你通过 GHE.com 访问 GitHub,请将 api.github.com 替换为你的企业在 api.SUBDOMAIN.ghe.com 上的专用子域。

请求示例

put/enterprises/{enterprise}/audit-log/streams/{stream_id}
curl -L \ -X PUT \ -H "Accept: application/vnd.github+json" \ -H "Authorization: Bearer <YOUR-TOKEN>" \ -H "X-GitHub-Api-Version: 2022-11-28" \ https://api.github.com/enterprises/ENTERPRISE/audit-log/streams/STREAM_ID \ -d '{"enabled":false,"stream_type":"Azure Event Hubs","vendor_specific":{"namespace":"newnamespace","shared_access_key_name":"newaccesskeyname","shared_access_key":"newaccesskey","event_hub_name":"neweventhub"}}'

Successful update

Status: 200
{ "id": 1, "stream_type": "Splunk", "stream_details": "US", "enabled": true, "created_at": "2024-06-06T08:00:00Z", "updated_at": "2024-06-06T08:00:00Z", "paused_at": null }

Delete an audit log streaming configuration for an enterprise

Deletes an existing audit log stream configuration for an enterprise.

When using this endpoint, you must encrypt the credentials following the same encryption steps as outlined in the guide on encrypting secrets. See "Encrypting secrets for the REST API."

“Delete an audit log streaming configuration for an enterprise”的细粒度访问令牌

此终结点不适用于 GitHub 应用程序用户访问令牌、GitHub 应用程序安装访问令牌或细粒度个人访问令牌。

“Delete an audit log streaming configuration for an enterprise”的参数

标头
名称, 类型, 说明
accept string

Setting to application/vnd.github+json is recommended.

路径参数
名称, 类型, 说明
enterprise string 必须

The slug version of the enterprise name. You can also substitute this value with the enterprise id.

stream_id integer 必须

The ID of the audit log stream configuration.

“Delete an audit log streaming configuration for an enterprise”的 HTTP 响应状态代码

状态代码说明
204

The audit log stream configuration was deleted successfully.

“Delete an audit log streaming configuration for an enterprise”的示例代码

如果你通过 GHE.com 访问 GitHub,请将 api.github.com 替换为你的企业在 api.SUBDOMAIN.ghe.com 上的专用子域。

请求示例

delete/enterprises/{enterprise}/audit-log/streams/{stream_id}
curl -L \ -X DELETE \ -H "Accept: application/vnd.github+json" \ -H "Authorization: Bearer <YOUR-TOKEN>" \ -H "X-GitHub-Api-Version: 2022-11-28" \ https://api.github.com/enterprises/ENTERPRISE/audit-log/streams/STREAM_ID

The audit log stream configuration was deleted successfully.

Status: 204