|
1 | 1 | #Audit Logs |
2 | 2 |
|
3 | | -Audit Logs allows**Auditors** to monitor user operations in their deployment. |
| 3 | +**Audit Logs** allows Auditors to monitor user operations in their deployment. |
| 4 | + |
| 5 | +>[!NOTE] |
| 6 | +>Audit logs require a |
| 7 | +>[Premium license](https://coder.com/pricing#compare-plans). |
| 8 | +>For more details,[contact your account team](https://coder.com/contact). |
4 | 9 |
|
5 | 10 | ##Tracked Events |
6 | 11 |
|
@@ -36,47 +41,43 @@ We track the following resources: |
36 | 41 |
|
37 | 42 | <!-- End generated by 'make docs/admin/security/audit-logs.md'.--> |
38 | 43 |
|
39 | | -##Filtering logs |
40 | | - |
41 | | -In the Coder UI you can filter your audit logs using the pre-defined filter or |
42 | | -by using the Coder's filter query like the examples below: |
| 44 | +##How to Filter Audit Logs |
43 | 45 |
|
44 | | --`resource_type:workspace action:delete` to find deleted workspaces |
45 | | --`resource_type:template action:create` to find created templates |
| 46 | +You can filter audit logs by the following parameters: |
46 | 47 |
|
47 | | -The supported filters are: |
48 | | - |
49 | | --`resource_type` - The type of the resource. It can be a workspace, template, |
50 | | - user, etc. You can |
51 | | -[find here](https://pkg.go.dev/github.com/coder/coder/v2/codersdk#ResourceType) |
52 | | - all the resource types that are supported. |
| 48 | +-`resource_type` - The type of the resource, such as a workspace, template, |
| 49 | + or user. For more resource types, refer to the |
| 50 | +[CoderSDK package documentation](https://pkg.go.dev/github.com/coder/coder/v2/codersdk#ResourceType). |
53 | 51 | -`resource_id` - The ID of the resource. |
54 | 52 | -`resource_target` - The name of the resource. Can be used instead of |
55 | 53 | `resource_id`. |
56 | | --`action`- The action applied to a resource. You can |
57 | | -[find here](https://pkg.go.dev/github.com/coder/coder/v2/codersdk#AuditAction) |
58 | | -all the actions that are supported. |
| 54 | +-`action`- The action applied to a resource, such as`create` or`delete`. |
| 55 | +For more actions, refer to the |
| 56 | +[CoderSDK package documentation](https://pkg.go.dev/github.com/coder/coder/v2/codersdk#AuditAction). |
59 | 57 | -`username` - The username of the user who triggered the action. You can also |
60 | 58 | use`me` as a convenient alias for the logged-in user. |
61 | 59 | -`email` - The email of the user who triggered the action. |
62 | 60 | -`date_from` - The inclusive start date with format`YYYY-MM-DD`. |
63 | 61 | -`date_to` - The inclusive end date with format`YYYY-MM-DD`. |
64 | | --`build_reason` - To be used with`resource_type:workspace_build`, the |
65 | | -[initiator](https://pkg.go.dev/github.com/coder/coder/v2/codersdk#BuildReason) |
66 | | - behind the build start or stop. |
| 62 | +-`build_reason` - The reason for the workspace build, if`resource_type` is |
| 63 | +`workspace_build`. Refer to the |
| 64 | +[CoderSDK package documentation](https://pkg.go.dev/github.com/coder/coder/v2/codersdk#BuildReason) |
| 65 | + for a list of valid build reasons. |
67 | 66 |
|
68 | 67 | ##Capturing/Exporting Audit Logs |
69 | 68 |
|
70 | | -In addition to theuser interface, there are multiple ways to consume or query |
| 69 | +In addition to theCoder dashboard, there are multiple ways to consume or query |
71 | 70 | audit trails. |
72 | 71 |
|
73 | | -##REST API |
| 72 | +###REST API |
| 73 | + |
| 74 | +You can retrieve audit logs via the Coder API. |
74 | 75 |
|
75 | | -Audit logs can be accessed through our REST API. You can find detailed |
76 | | -information about this in our |
77 | | -[endpoint documentation](../../reference/api/audit.md#get-audit-logs). |
| 76 | +Visit the |
| 77 | +[`get-audit-logs` endpoint documentation](../../reference/api/audit.md#get-audit-logs) |
| 78 | +for details. |
78 | 79 |
|
79 | | -##Service Logs |
| 80 | +###Service Logs |
80 | 81 |
|
81 | 82 | Audit trails are also dispatched as service logs and can be captured and |
82 | 83 | categorized using any log management tool such as[Splunk](https://splunk.com). |
@@ -124,7 +125,6 @@ log entry: |
124 | 125 | 2023-06-13 03:43:29.233 [info] coderd: audit_log ID=95f7c392-da3e-480c-a579-8909f145fbe2 Time="2023-06-13T03:43:29.230422Z" UserID=6c405053-27e3-484a-9ad7-bcb64e7bfde6 OrganizationID=00000000-0000-0000-0000-000000000000 Ip=<nil> UserAgent=<nil> ResourceType=workspace_build ResourceID=988ae133-5b73-41e3-a55e-e1e9d3ef0b66 ResourceTarget="" Action=start Diff="{}" StatusCode=200 AdditionalFields="{\"workspace_name\":\"linux-container\",\"build_number\":\"7\",\"build_reason\":\"initiator\",\"workspace_owner\":\"\"}" RequestID=9682b1b5-7b9f-4bf2-9a39-9463f8e41cd6 ResourceIcon="" |
125 | 126 | ``` |
126 | 127 |
|
127 | | -##Enabling this feature |
| 128 | +##How to Enable Audit Logs |
128 | 129 |
|
129 | | -This feature is only available with a premium license. |
130 | | -[Learn more](../licensing/index.md) |
| 130 | +This feature is only available with a[Premium license](../licensing/index.md). |