|
1 | 1 | # Audit Logs |
2 | 2 |
|
3 | | -Audit Logs allows **Auditors** to monitor user operations in their deployment. |
| 3 | +**Audit Logs** allows Auditors to monitor user operations in their deployment. |
| 4 | + |
| 5 | +> [!NOTE] |
| 6 | +> Audit logs require a |
| 7 | +> [Premium license](https://coder.com/pricing#compare-plans). |
| 8 | +> For more details, [contact your account team](https://coder.com/contact). |
4 | 9 |
|
5 | 10 | ## Tracked Events |
6 | 11 |
|
@@ -35,47 +40,44 @@ We track the following resources: |
35 | 40 |
|
36 | 41 | <!-- End generated by 'make docs/admin/security/audit-logs.md'. --> |
37 | 42 |
|
38 | | -## Filtering logs |
39 | | - |
40 | | -In the Coder UI you can filter your audit logs using the pre-defined filter or |
41 | | -by using the Coder's filter query like the examples below: |
| 43 | +## How to Filter Audit Logs |
42 | 44 |
|
43 | | -- `resource_type:workspace action:delete` to find deleted workspaces |
44 | | -- `resource_type:template action:create` to find created templates |
| 45 | +You can filter audit logs by the following parameters: |
45 | 46 |
|
46 | | -The supported filters are: |
47 | | - |
48 | | -- `resource_type` - The type of the resource. It can be a workspace, template, |
49 | | - user, etc. You can |
50 | | - [find here](https://pkg.go.dev/github.com/coder/coder/v2/codersdk#ResourceType) |
51 | | - all the resource types that are supported. |
| 47 | +- `resource_type` - The type of the resource, such as a workspace, template, |
| 48 | +or user. For more resource types, refer to the |
| 49 | +[CoderSDK package documentation](https://pkg.go.dev/github.com/coder/coder/v2/codersdk#ResourceType). |
52 | 50 | - `resource_id` - The ID of the resource. |
53 | 51 | - `resource_target` - The name of the resource. Can be used instead of |
54 | 52 | `resource_id`. |
55 | | -- `action`- The action applied to a resource. You can |
56 | | - [find here](https://pkg.go.dev/github.com/coder/coder/v2/codersdk#AuditAction) |
57 | | - all the actions that are supported. |
| 53 | +- `action`- The action applied to a resource, such as `create` or `delete`. |
| 54 | + For more actions, refer to the |
| 55 | + [CoderSDK package documentation](https://pkg.go.dev/github.com/coder/coder/v2/codersdk#AuditAction). |
58 | 56 | - `username` - The username of the user who triggered the action. You can also |
59 | 57 | use `me` as a convenient alias for the logged-in user. |
60 | 58 | - `email` - The email of the user who triggered the action. |
61 | 59 | - `date_from` - The inclusive start date with format `YYYY-MM-DD`. |
62 | 60 | - `date_to` - The inclusive end date with format `YYYY-MM-DD`. |
63 | | -- `build_reason` - To be used with `resource_type:workspace_build`, the |
64 | | - [initiator](https://pkg.go.dev/github.com/coder/coder/v2/codersdk#BuildReason) |
65 | | - behind the build start or stop. |
| 61 | +- `build_reason` - The reason for the workspace build, if `resource_type` is |
| 62 | + `workspace_build`. |
| 63 | + Refer to the |
| 64 | + [CoderSDK package documentation](https://pkg.go.dev/github.com/coder/coder/v2/codersdk#BuildReason) |
| 65 | + for a list of valid build reasons. |
66 | 66 |
|
67 | 67 | ## Capturing/Exporting Audit Logs |
68 | 68 |
|
69 | | -In addition to the user interface, there are multiple ways to consume or query |
| 69 | +In addition to the Coder dashboard, there are multiple ways to consume or query |
70 | 70 | audit trails. |
71 | 71 |
|
72 | | -## REST API |
| 72 | +### REST API |
| 73 | + |
| 74 | +You can retrieve audit logs via the Coder API. |
73 | 75 |
|
74 | | -Audit logs can be accessed through our REST API. You can find detailed |
75 | | -information about this in our |
76 | | -[endpoint documentation](../../reference/api/audit.md#get-audit-logs). |
| 76 | +Visit the |
| 77 | +[`get-audit-logs` endpoint documentation](../../reference/api/audit.md#get-audit-logs) |
| 78 | +for details. |
77 | 79 |
|
78 | | -## Service Logs |
| 80 | +### Service Logs |
79 | 81 |
|
80 | 82 | Audit trails are also dispatched as service logs and can be captured and |
81 | 83 | categorized using any log management tool such as [Splunk](https://splunk.com). |
@@ -123,7 +125,6 @@ log entry: |
123 | 125 | 2023-06-13 03:43:29.233 [info] coderd: audit_log ID=95f7c392-da3e-480c-a579-8909f145fbe2 Time="2023-06-13T03:43:29.230422Z" UserID=6c405053-27e3-484a-9ad7-bcb64e7bfde6 OrganizationID=00000000-0000-0000-0000-000000000000 Ip=<nil> UserAgent=<nil> ResourceType=workspace_build ResourceID=988ae133-5b73-41e3-a55e-e1e9d3ef0b66 ResourceTarget="" Action=start Diff="{}" StatusCode=200 AdditionalFields="{\"workspace_name\":\"linux-container\",\"build_number\":\"7\",\"build_reason\":\"initiator\",\"workspace_owner\":\"\"}" RequestID=9682b1b5-7b9f-4bf2-9a39-9463f8e41cd6 ResourceIcon="" |
124 | 126 | ``` |
125 | 127 |
|
126 | | -## Enabling this feature |
| 128 | +## How to Enable Audit Logs |
127 | 129 |
|
128 | | -This feature is only available with a premium license. |
129 | | -[Learn more](../licensing/index.md) |
| 130 | +This feature is only available with a [Premium license](../licensing/index.md). |
0 commit comments