diff options
Diffstat (limited to 'doc/administration/audit_event_streaming/index.md')
| -rw-r--r-- | doc/administration/audit_event_streaming/index.md | 397 |
1 files changed, 222 insertions, 175 deletions
diff --git a/doc/administration/audit_event_streaming/index.md b/doc/administration/audit_event_streaming/index.md index 622d29fa9a7..ae566891ac7 100644 --- a/doc/administration/audit_event_streaming/index.md +++ b/doc/administration/audit_event_streaming/index.md @@ -4,33 +4,41 @@ group: Compliance info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments --- -# Audit event streaming **(ULTIMATE)** +# Audit event streaming **(ULTIMATE ALL)** > - UI [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/336411) in GitLab 14.9. > - [Subgroup events recording](https://gitlab.com/gitlab-org/gitlab/-/issues/366878) fixed in GitLab 15.2. > - Custom HTTP headers UI [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/361630) in GitLab 15.2 [with a flag](../feature_flags.md) named `custom_headers_streaming_audit_events_ui`. Disabled by default. > - Custom HTTP headers UI [made generally available](https://gitlab.com/gitlab-org/gitlab/-/issues/365259) in GitLab 15.3. [Feature flag `custom_headers_streaming_audit_events_ui`](https://gitlab.com/gitlab-org/gitlab/-/issues/365259) removed. > - [Improved user experience](https://gitlab.com/gitlab-org/gitlab/-/issues/367963) in GitLab 15.3. +> - [HTTP destination **Name*** field](https://gitlab.com/gitlab-org/gitlab/-/issues/411357) added in GitLab 16.3. -Users can set a streaming destination for a top-level group or instance to receive all audit events about the group, subgroups, and -projects as structured JSON. +Users can set a streaming destination for a top-level group or instance to receive all audit events about the group, +subgroups, and projects, as structured JSON. -Top-level group owners and instance administrators can manage their audit logs in third-party systems. Any service that can receive -structured JSON data can be used as the streaming destination. +Top-level group owners and instance administrators can manage their audit logs in third-party systems. Any service that +can receive structured JSON data can be used as the streaming destination. Each streaming destination can have up to 20 custom HTTP headers included with each streamed event. -NOTE: -GitLab can stream a single event more than once to the same destination. Use the `id` key in the payload to deduplicate incoming data. +GitLab can stream a single event more than once to the same destination. Use the `id` key in the payload to deduplicate +incoming data. -## Add a new streaming destination +WARNING: +Streaming destinations receive **all** audit event data, which could include sensitive information. Make sure you trust +the streaming destination. -Add a new streaming destination to top-level groups or an entire instance. +## Top-level group streaming destinations -WARNING: -Streaming destinations receive **all** audit event data, which could include sensitive information. Make sure you trust the streaming destination. +Manage streaming destinations for top-level groups. + +### HTTP destinations + +Manage HTTP streaming destinations for top-level groups. + +#### Add a new HTTP destination -### Top-level group streaming destinations +Add a new HTTP streaming destination to a top-level group. Prerequisites: @@ -42,7 +50,7 @@ To add streaming destinations to a top-level group: 1. Select **Secure > Audit events**. 1. On the main area, select **Streams** tab. 1. Select **Add streaming destination** and select **HTTP endpoint** to show the section for adding destinations. -1. Enter the destination URL to add. +1. In the **Name** and **Destination URL** fields, add a destination name and URL. 1. Optional. Locate the **Custom HTTP headers** table. 1. Ignore the **Active** checkbox because it isn't functional. To track progress on adding functionality to the **Active** checkbox, see [issue 367509](https://gitlab.com/gitlab-org/gitlab/-/issues/367509). @@ -50,157 +58,172 @@ To add streaming destinations to a top-level group: 20 headers per streaming destination. 1. After all headers have been filled out, select **Add** to add the new streaming destination. -### Instance streaming destinations **(ULTIMATE SELF)** +#### List HTTP destinations -> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/398107) in GitLab 16.1 [with a flag](../feature_flags.md) named `ff_external_audit_events`. Disabled by default. -> - [Feature flag `ff_external_audit_events`](https://gitlab.com/gitlab-org/gitlab/-/issues/393772) enabled by default in GitLab 16.2. +Prerequisites: -FLAG: -On self-managed GitLab, by default this feature is enabled. To disable it, an administrator can [disable the feature flag](../feature_flags.md) named -`ff_external_audit_events`. On GitLab.com, this feature is available but can be configured by GitLab.com administrators only. The feature is ready for production use. +- Owner role for a group. + +To list the streaming destinations for a top-level group: + +1. On the left sidebar, at the top, select **Search GitLab** (**{search}**) to find your group. +1. Select **Secure > Audit events**. +1. On the main area, select **Streams** tab. +1. Select the stream to expand it and see all the custom HTTP headers. + +#### Update an HTTP destination Prerequisites: -- Administrator access on the instance. +- Owner role for a group. -To add a streaming destination for an instance: +To update a streaming destination's name: -1. On the left sidebar, expand the top-most chevron (**{chevron-down}**). -1. Select **Admin Area**. -1. On the left sidebar, select **Monitoring > Audit Events**. +1. On the left sidebar, at the top, select **Search GitLab** (**{search}**) to find your group. +1. Select **Secure > Audit events**. 1. On the main area, select **Streams** tab. -1. Select **Add streaming destination** and select **HTTP endpoint** to show the section for adding destinations. -1. Enter the destination URL to add. -1. Optional. To add custom HTTP headers, select **Add header** to create a new name and value pair, and input their values. Repeat this step for as many name and value pairs are required. You can add up to 20 headers per streaming destination. +1. Select the stream to expand. +1. In the **Name** fields, add a destination name to update. +1. Select **Save** to update the streaming destination. + +To update a streaming destination's custom HTTP headers: + +1. On the left sidebar, at the top, select **Search GitLab** (**{search}**) to find your group. +1. Select **Secure > Audit events**. +1. On the main area, select **Streams** tab. +1. Select the stream to expand. +1. Locate the **Custom HTTP headers** table. +1. Locate the header that you wish to update. 1. Ignore the **Active** checkbox because it isn't functional. To track progress on adding functionality to the **Active** checkbox, see [issue 367509](https://gitlab.com/gitlab-org/gitlab/-/issues/367509). -1. Select **Add header** to create a new name and value pair. Repeat this step for as many name and value pairs are required. You can add up to +1. Select **Add header** to create a new name and value pair. Enter as many name and value pairs as required. You can add up to 20 headers per streaming destination. -1. After all headers have been filled out, select **Add** to add the new streaming destination. +1. Select **Save** to update the streaming destination. -### Google Cloud Logging streaming +#### Delete an HTTP destination -> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/124384) in GitLab 16.2. +Delete streaming destinations for a top-level group. When the last destination is successfully deleted, streaming is +disabled for the top-level group. Prerequisites: -- Owner role for a top-level group. +- Owner role for a group. -To add Google Cloud Logging streaming destinations to a top-level group: +To delete a streaming destination: 1. On the left sidebar, at the top, select **Search GitLab** (**{search}**) to find your group. 1. Select **Secure > Audit events**. -1. On the main area, select **Streams** tab. -1. Select **Add streaming destination** and select **Google Cloud Logging** to show the section for adding destinations. -1. Enter the Google Project ID, Google Client Email, Log ID, and Google Private Key to add. -1. Select **Add** to add the new streaming destination. +1. On the main area, select the **Streams** tab. +1. Select the stream to expand. +1. Select **Delete destination**. +1. Confirm by selecting **Delete destination** in the dialog. + +To delete only the custom HTTP headers for a streaming destination: + +1. On the left sidebar, at the top, select **Search GitLab** (**{search}**) to find your group. +1. Select **Secure > Audit events**. +1. On the main area, select the **Streams** tab. +1. Select the stream to expand. +1. Locate the **Custom HTTP headers** table. +1. Locate the header that you wish to remove. +1. To the right of the header, select **Delete** (**{remove}**). +1. Select **Save** to update the streaming destination. -## List streaming destinations +#### Verify event authenticity -List new streaming destinations for top-level groups or an entire instance. +> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/360814) in GitLab 15.2. -### For top-level group streaming destinations +Each streaming destination has a unique verification token (`verificationToken`) that can be used to verify the authenticity of the event. This +token is either specified by the Owner or generated automatically when the event destination is created and cannot be changed. + +Each streamed event contains the verification token in the `X-Gitlab-Event-Streaming-Token` HTTP header that can be verified against +the destination's value when listing streaming destinations. Prerequisites: - Owner role for a group. -To list the streaming destinations for a top-level group: +To list streaming destinations and see the verification tokens: 1. On the left sidebar, at the top, select **Search GitLab** (**{search}**) to find your group. 1. Select **Secure > Audit events**. -1. On the main area, select **Streams** tab. -1. Select the stream URL to expand it and see all the custom HTTP headers. +1. On the main area, select the **Streams**. +1. Select the stream to expand. +1. Locate the **Verification token** input. -### For instance streaming destinations +#### Update event filters -> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/398107) in GitLab 16.1 [with a flag](../feature_flags.md) named `ff_external_audit_events`. Disabled by default. -> - [Feature flag `ff_external_audit_events`](https://gitlab.com/gitlab-org/gitlab/-/issues/393772) enabled by default in GitLab 16.2. +> Event type filtering in the UI with a defined list of audit event types [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/413581) in GitLab 16.1. -FLAG: -On self-managed GitLab, by default this feature is enabled. To disable it, an administrator can [disable the feature flag](../feature_flags.md) named -`ff_external_audit_events`. On GitLab.com, this feature is available but can be configured by GitLab.com administrators only. The feature is ready for production use. +When this feature is enabled for a group, you can permit users to filter streamed audit events per destination. +If the feature is enabled with no filters, the destination receives all audit events. -Prerequisites: +A streaming destination that has an event type filter set has a **filtered** (**{filter}**) label. -- Administrator access on the instance. +To update a streaming destination's event filters: -To list the streaming destinations for an instance: +1. On the left sidebar, at the top, select **Search GitLab** (**{search}**) to find your group. +1. Select **Secure > Audit events**. +1. On the main area, select the **Streams** tab. +1. Select the stream to expand. +1. Locate the **Filter by audit event type** dropdown list. +1. Select the dropdown list and select or clear the required event types. +1. Select **Save** to update the event filters. -1. On the left sidebar, expand the top-most chevron (**{chevron-down}**). -1. Select **Admin Area**. -1. On the left sidebar, select **Monitoring > Audit Events**. -1. On the main area, select **Streams** tab. +#### Override default content type header -### Google Cloud Logging streaming +By default, streaming destinations use a `content-type` header of `application/x-www-form-urlencoded`. However, you +might want to set the `content-type` header to something else. For example ,`application/json`. -> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/124384) in GitLab 16.2. +To override the `content-type` header default value for a top-level group streaming destination, use either: -Prerequisites: +- The [GitLab UI](#update-an-http-destination). +- The [GraphQL API](graphql_api.md#update-streaming-destinations). -- Owner role for a top-level group. +### Google Cloud Logging destinations -To list Google Cloud Logging streaming destinations for a top-level group: +> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/124384) in GitLab 16.2. -1. On the left sidebar, at the top, select **Search GitLab** (**{search}**) to find your group. -1. Select **Secure > Audit events**. -1. On the main area, select **Streams** tab. -1. Select the Google Cloud Logging stream to expand and see all the fields. +Manage Google Cloud Logging destinations for top-level groups. + +#### Prerequisites -## Update streaming destinations +Before setting up Google Cloud Logging streaming audit events, you must: -Update streaming destinations for a top-level group or an entire instance. +1. Create a service account for Google Cloud with the appropriate credentials and permissions. This account is used to configure audit log streaming authentication. + For more information, see [Creating and managing service accounts in the Google Cloud documentation](https://cloud.google.com/iam/docs/service-accounts-create#creating). +1. Enable the **Logs Writer** role for the service account to enable logging on Google Cloud. For more information, see [Access control with IAM](https://cloud.google.com/logging/docs/access-control#logging.logWriter). +1. Create a JSON key for the service account. For more information, see [Creating a service account key](https://cloud.google.com/iam/docs/keys-create-delete#creating). -### Top-level group streaming destinations +#### Add a new Google Cloud Logging destination Prerequisites: -- Owner role for a group. +- Owner role for a top-level group. -To update a streaming destination's custom HTTP headers: +To add Google Cloud Logging streaming destinations to a top-level group: 1. On the left sidebar, at the top, select **Search GitLab** (**{search}**) to find your group. 1. Select **Secure > Audit events**. 1. On the main area, select **Streams** tab. -1. Select the stream URL to expand. -1. Locate the **Custom HTTP headers** table. -1. Locate the header that you wish to update. -1. Ignore the **Active** checkbox because it isn't functional. To track progress on adding functionality to the - **Active** checkbox, see [issue 367509](https://gitlab.com/gitlab-org/gitlab/-/issues/367509). -1. Select **Add header** to create a new name and value pair. Enter as many name and value pairs as required. You can add up to - 20 headers per streaming destination. -1. Select **Save** to update the streaming destination. - -### Instance streaming destinations **(ULTIMATE SELF)** - -> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/398107) in GitLab 16.1 [with a flag](../feature_flags.md) named `ff_external_audit_events`. Disabled by default. -> - [Feature flag `ff_external_audit_events`](https://gitlab.com/gitlab-org/gitlab/-/issues/393772) enabled by default in GitLab 16.2. +1. Select **Add streaming destination** and select **Google Cloud Logging** to show the section for adding destinations. +1. Enter the Google Project ID, Google Client Email, Log ID, and Google Private Key to add. +1. Select **Add** to add the new streaming destination. -FLAG: -On self-managed GitLab, by default this feature is enabled. To disable it, an administrator can [disable the feature flag](../feature_flags.md) named -`ff_external_audit_events`. On GitLab.com, this feature is available but can be configured by GitLab.com administrators only. The feature is ready for production use. +#### List Google Cloud Logging destinations Prerequisites: -- Administrator access on the instance. +- Owner role for a top-level group. -To update the streaming destinations for an instance: +To list Google Cloud Logging streaming destinations for a top-level group: -1. On the left sidebar, expand the top-most chevron (**{chevron-down}**). +1. On the left sidebar, at the top, select **Search GitLab** (**{search}**) to find your group. 1. Select **Secure > Audit events**. -1. On the main area, select the **Streams** tab. -1. To the right of the item, select **Edit** (**{pencil}**). -1. Locate the **Custom HTTP headers** table. -1. Locate the header that you wish to update. -1. Ignore the **Active** checkbox because it isn't functional. To track progress on adding functionality to the - **Active** checkbox, see [issue 367509](https://gitlab.com/gitlab-org/gitlab/-/issues/367509). -1. Select **Add header** to create a new name and value pair. Enter as many name and value pairs as required. You can add up to - 20 headers per streaming destination. -1. Select **Save** to update the streaming destination. - -### Google Cloud Logging streaming +1. On the main area, select **Streams** tab. +1. Select the Google Cloud Logging stream to expand and see all the fields. -> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/124384) in GitLab 16.2. +#### Update a Google Cloud Logging destination Prerequisites: @@ -215,38 +238,22 @@ To update Google Cloud Logging streaming destinations to a top-level group: 1. Enter the Google Project ID, Google Client Email, Log ID, and Google Private Key to update. 1. Select **Save** to update the streaming destination. -## Delete streaming destinations - -Delete streaming destinations for a top-level group or an entire instance. When the last destination is successfully -deleted, streaming is disabled for the group or the instance. - -### Top-level group streaming destinations +#### Delete a Google Cloud Logging streaming destination Prerequisites: -- Owner role for a group. +- Owner role for a top-level group. -To delete a streaming destination: +To delete Google Cloud Logging streaming destinations to a top-level group: 1. On the left sidebar, at the top, select **Search GitLab** (**{search}**) to find your group. 1. Select **Secure > Audit events**. 1. On the main area, select the **Streams** tab. -1. Select the stream URL to expand. +1. Select the Google Cloud Logging stream to expand. 1. Select **Delete destination**. -1. Confirm by selecting **Delete destination** in the modal. - -To delete only the custom HTTP headers for a streaming destination: - -1. On the left sidebar, at the top, select **Search GitLab** (**{search}**) to find your group. -1. Select **Secure > Audit events**. -1. On the main area, select the **Streams** tab. -1. Select the stream URL to expand. -1. Locate the **Custom HTTP headers** table. -1. Locate the header that you wish to remove. -1. To the right of the header, select **Delete** (**{remove}**). -1. Select **Save** to update the streaming destination. +1. Confirm by selecting **Delete destination** in the dialog. -### Instance streaming destinations +## Instance streaming destinations **(ULTIMATE SELF)** > - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/398107) in GitLab 16.1 [with a flag](../feature_flags.md) named `ff_external_audit_events`. Disabled by default. > - [Feature flag `ff_external_audit_events`](https://gitlab.com/gitlab-org/gitlab/-/issues/393772) enabled by default in GitLab 16.2. @@ -255,76 +262,108 @@ FLAG: On self-managed GitLab, by default this feature is enabled. To disable it, an administrator can [disable the feature flag](../feature_flags.md) named `ff_external_audit_events`. On GitLab.com, this feature is available but can be configured by GitLab.com administrators only. The feature is ready for production use. +Manage HTTP streaming destinations for an entire instance. + +### Add a new HTTP destination + +Add a new HTTP streaming destination to an instance. + Prerequisites: - Administrator access on the instance. -To delete the streaming destinations for an instance: +To add a streaming destination for an instance: 1. On the left sidebar, expand the top-most chevron (**{chevron-down}**). 1. Select **Admin Area**. 1. On the left sidebar, select **Monitoring > Audit Events**. -1. On the main area, select the **Streams** tab. -1. Select the stream URL to expand. -1. Select **Delete destination**. -1. Confirm by selecting **Delete destination** in the modal. +1. On the main area, select **Streams** tab. +1. Select **Add streaming destination** and select **HTTP endpoint** to show the section for adding destinations. +1. In the **Name** and **Destination URL** fields, add a destination name and URL. +1. Optional. To add custom HTTP headers, select **Add header** to create a new name and value pair, and input their values. Repeat this step for as many name and value pairs are required. You can add up to 20 headers per streaming destination. +1. Ignore the **Active** checkbox because it isn't functional. To track progress on adding functionality to the + **Active** checkbox, see [issue 367509](https://gitlab.com/gitlab-org/gitlab/-/issues/367509). +1. Select **Add header** to create a new name and value pair. Repeat this step for as many name and value pairs are required. You can add up to + 20 headers per streaming destination. +1. After all headers have been filled out, select **Add** to add the new streaming destination. -To delete only the custom HTTP headers for a streaming destination: +### List HTTP destinations + +Prerequisites: + +- Administrator access on the instance. + +To list the streaming destinations for an instance: 1. On the left sidebar, expand the top-most chevron (**{chevron-down}**). 1. Select **Admin Area**. 1. On the left sidebar, select **Monitoring > Audit Events**. -1. On the main area, select the **Streams** tab. -1. To the right of the item, **Edit** (**{pencil}**). -1. Locate the **Custom HTTP headers** table. -1. Locate the header that you wish to remove. -1. To the right of the header, select **Delete** (**{remove}**). -1. Select **Save** to update the streaming destination. - -### Google Cloud Logging streaming +1. On the main area, select **Streams** tab. +1. Select the stream to expand it and see all the custom HTTP headers. -> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/124384) in GitLab 16.2. +### Update an HTTP destination Prerequisites: -- Owner role for a top-level group. +- Administrator access on the instance. -To delete Google Cloud Logging streaming destinations to a top-level group: +To update a instance streaming destination's name: -1. On the left sidebar, at the top, select **Search GitLab** (**{search}**) to find your group. -1. Select **Secure > Audit events**. -1. On the main area, select the **Streams** tab. -1. Select the Google Cloud Logging stream to expand. -1. Select **Delete destination**. -1. Confirm by selecting **Delete destination** in the modal. +1. On the left sidebar, expand the top-most chevron (**{chevron-down}**). +1. Select **Admin Area**. +1. On the left sidebar, select **Monitoring > Audit Events**. +1. On the main area, select **Streams** tab. +1. Select the stream to expand. +1. In the **Name** fields, add a destination name to update. +1. Select **Save** to update the streaming destination. -## Verify event authenticity +To update a instance streaming destination's custom HTTP headers: -> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/345424) in GitLab 14.8. +1. On the left sidebar, expand the top-most chevron (**{chevron-down}**). +1. Select **Admin Area**. +1. On the left sidebar, select **Monitoring > Audit Events**. +1. On the main area, select **Streams** tab. +1. Select the stream to expand. +1. Locate the **Custom HTTP headers** table. +1. Locate the header that you wish to update. +1. Ignore the **Active** checkbox because it isn't functional. To track progress on adding functionality to the + **Active** checkbox, see [issue 367509](https://gitlab.com/gitlab-org/gitlab/-/issues/367509). +1. Select **Add header** to create a new name and value pair. Enter as many name and value pairs as required. You can add up to + 20 headers per streaming destination. +1. Select **Save** to update the streaming destination. -Each streaming destination has a unique verification token (`verificationToken`) that can be used to verify the authenticity of the event. This -token is either specified by the Owner or generated automatically when the event destination is created and cannot be changed. +### Delete an HTTP destination -Each streamed event contains the verification token in the `X-Gitlab-Event-Streaming-Token` HTTP header that can be verified against -the destination's value when [listing streaming destinations](#list-streaming-destinations). +Delete streaming destinations for an entire instance. When the last destination is successfully deleted, streaming is +disabled for the instance. -### Top-level group streaming destinations +Prerequisites: -> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/360814) in GitLab 15.2. +- Administrator access on the instance. -Prerequisites: +To delete the streaming destinations for an instance: -- Owner role for a group. +1. On the left sidebar, expand the top-most chevron (**{chevron-down}**). +1. Select **Admin Area**. +1. On the left sidebar, select **Monitoring > Audit Events**. +1. On the main area, select the **Streams** tab. +1. Select the stream to expand. +1. Select **Delete destination**. +1. Confirm by selecting **Delete destination** in the dialog. -To list streaming destinations and see the verification tokens: +To delete only the custom HTTP headers for a streaming destination: -1. On the left sidebar, at the top, select **Search GitLab** (**{search}**) to find your group. -1. Select **Secure > Audit events**. -1. On the main area, select the **Streams**. -1. Select the stream URL to expand. -1. Locate the **Verification token** input. +1. On the left sidebar, expand the top-most chevron (**{chevron-down}**). +1. Select **Admin Area**. +1. On the left sidebar, select **Monitoring > Audit Events**. +1. On the main area, select the **Streams** tab. +1. To the right of the item, **Edit** (**{pencil}**). +1. Locate the **Custom HTTP headers** table. +1. Locate the header that you wish to remove. +1. To the right of the header, select **Delete** (**{remove}**). +1. Select **Save** to update the streaming destination. -### Instance streaming destinations +### Verify event authenticity > - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/398107) in GitLab 16.1 [with a flag](../feature_flags.md) named `ff_external_audit_events`. Disabled by default. > - [Feature flag `ff_external_audit_events`](https://gitlab.com/gitlab-org/gitlab/-/issues/393772) enabled by default in GitLab 16.2. @@ -333,6 +372,12 @@ FLAG: On self-managed GitLab, by default this feature is enabled. To disable it, an administrator can [disable the feature flag](../feature_flags.md) named `ff_external_audit_events`. On GitLab.com, this feature is available but can be configured by GitLab.com administrators only. The feature is ready for production use. +Each streaming destination has a unique verification token (`verificationToken`) that can be used to verify the authenticity of the event. This +token is either specified by the Owner or generated automatically when the event destination is created and cannot be changed. + +Each streamed event contains the verification token in the `X-Gitlab-Event-Streaming-Token` HTTP header that can be verified against +the destination's value when listing streaming destinations. + Prerequisites: - Administrator access on the instance. @@ -342,36 +387,38 @@ To list streaming destinations for an instance and see the verification tokens: 1. On the left sidebar, expand the top-most chevron (**{chevron-down}**). 1. Select **Admin Area**. 1. On the left sidebar, select **Monitoring > Audit Events**. -1. On the main area, select the **Streams**. +1. On the main area, select the **Streams** tab. 1. View the verification token on the right side of each item. -## Event type filters +### Update event filters -> Event type filtering in the UI with a defined list of audit event types [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/413581) in GitLab 16.1. +> Event type filtering in the UI with a defined list of audit event types [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/415013) in GitLab 16.3. -When this feature is enabled for a group, you can permit users to filter streamed audit events per destination. +When this feature is enabled, you can permit users to filter streamed audit events per destination. If the feature is enabled with no filters, the destination receives all audit events. A streaming destination that has an event type filter set has a **filtered** (**{filter}**) label. To update a streaming destination's event filters: -1. On the left sidebar, at the top, select **Search GitLab** (**{search}**) to find your group. -1. Select **Secure > Audit events**. +1. On the left sidebar, expand the top-most chevron (**{chevron-down}**). +1. Select **Admin Area**. +1. On the left sidebar, select **Monitoring > Audit Events**. 1. On the main area, select the **Streams** tab. -1. Select the stream URL to expand. -1. Locate the **Filter by audit event type** dropdown. +1. Select the stream to expand. +1. Locate the **Filter by audit event type** dropdown list. 1. Select the dropdown list and select or clear the required event types. 1. Select **Save** to update the event filters. -## Override default content type header +### Override default content type header By default, streaming destinations use a `content-type` header of `application/x-www-form-urlencoded`. However, you might want to set the `content-type` header to something else. For example ,`application/json`. -To override the `content-type` header default value for either a top-level group streaming destination or an instance -streaming destination, use either the [GitLab UI](#update-streaming-destinations) or using the -[GraphQL API](graphql_api.md#update-streaming-destinations). +To override the `content-type` header default value for an instance streaming destination, use either: + +- The [GitLab UI](#update-an-http-destination-1). +- The [GraphQL API](graphql_api.md#update-streaming-destinations). ## Payload schema |