diff options
Diffstat (limited to 'doc/administration/audit_events.md')
-rw-r--r-- | doc/administration/audit_events.md | 17 |
1 files changed, 13 insertions, 4 deletions
diff --git a/doc/administration/audit_events.md b/doc/administration/audit_events.md index 2062016ef03..06ad16bbcba 100644 --- a/doc/administration/audit_events.md +++ b/doc/administration/audit_events.md @@ -9,8 +9,7 @@ info: To determine the technical writer assigned to the Stage/Group associated w GitLab offers a way to view the changes made within the GitLab server for owners and administrators on a [paid plan](https://about.gitlab.com/pricing/). -GitLab system administrators can also take advantage of the logs located on the -file system. See [the logs system documentation](logs.md#audit_jsonlog) for more details. +GitLab system administrators can also view all audit events by accessing the [`audit_json.log` file](logs.md#audit_jsonlog). You can: @@ -31,6 +30,11 @@ permission level, who added a new user, or who removed a user. - Track which users have access to a certain group of projects in GitLab, and who gave them that permission level. +## Retention policy + +There is no retention policy in place for audit events. +See the [Specify a retention period for audit events](https://gitlab.com/gitlab-org/gitlab/-/issues/8137) for more information. + ## List of events There are two kinds of events logged: @@ -97,7 +101,8 @@ From there, you can see the following actions: - 2FA enforcement or grace period changed. - Roles allowed to create project changed. - Group CI/CD variable added, removed, or protected status changed. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/30857) in GitLab 13.3. -- Compliance framework created, updated, or deleted. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/340649) in GitLab 14.6. +- Compliance framework created, updated, or deleted. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/340649) in GitLab 14.5. +- Event streaming destination created, updated, or deleted. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/344664) in GitLab 14.6. Group events can also be accessed via the [Group Audit Events API](../api/audit_events.md#group-audit-events) @@ -128,6 +133,10 @@ From there, you can see the following actions: - Release was updated - Release milestone associations changed - Permission to approve merge requests by committers was updated ([introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/7531) in GitLab 12.9) +- Permission to approve merge requests by committers was updated. + - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/7531) in GitLab 12.9. + - Message for event [changed](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/72623/diffs) in GitLab 14.6. + - Permission to approve merge requests by authors was updated ([introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/7531) in GitLab 12.9) - Number of required approvals was updated ([introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/7531) in GitLab 12.9) - Added or removed users and groups from project approval groups ([introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/213603) in GitLab 13.2) @@ -203,7 +212,7 @@ Events visible in Audit Events views until more events are logged. ### "Deleted User" events -Audit events can be created for a user after the user is deleted. The user name associated with the event is set to +Audit events can be created for a user after the user is deleted. The user name associated with the event is set to "Deleted User" because the actual user name is unknowable. For example, if a deleted user's access to a project is removed automatically due to expiration, the audit event is created for "Deleted User". We are [investigating](https://gitlab.com/gitlab-org/gitlab/-/issues/343933) whether this is avoidable. |