Welcome to mirror list, hosted at ThFree Co, Russian Federation.

gitlab.com/gitlab-org/gitlab-foss.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/doc/administration/audit_events.md
diff options
context:
space:
mode:
Diffstat (limited to 'doc/administration/audit_events.md')
-rw-r--r--doc/administration/audit_events.md42
1 files changed, 33 insertions, 9 deletions
diff --git a/doc/administration/audit_events.md b/doc/administration/audit_events.md
index 572c341f2b2..2062016ef03 100644
--- a/doc/administration/audit_events.md
+++ b/doc/administration/audit_events.md
@@ -12,7 +12,10 @@ on a [paid plan](https://about.gitlab.com/pricing/).
GitLab system administrators can also take advantage of the logs located on the
file system. See [the logs system documentation](logs.md#audit_jsonlog) for more details.
-You can generate an [Audit report](audit_reports.md) of audit events.
+You can:
+
+- Generate an [audit report](audit_reports.md) of audit events.
+- [Stream audit events](audit_event_streaming.md) to an external endpoint.
## Overview
@@ -70,6 +73,17 @@ From there, you can see the following actions:
- Group changed visibility.
- User was added to group and with which [permissions](../user/permissions.md).
- User sign-in via [Group SAML](../user/group/saml_sso/index.md).
+- [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/8071) in GitLab 14.5, changes to the following
+ [group SAML](../user/group/saml_sso/index.md) configuration:
+ - Enabled status.
+ - Enforcing SSO-only authentication for web activity.
+ - Enforcing SSO-only authentication for Git and Dependency Proxy activity.
+ - Enforcing users to have dedicated group-managed accounts.
+ - Prohibiting outer forks.
+ - Identity provider SSO URL.
+ - Certificate fingerprint.
+ - Default membership role.
+ - SSO-SAML group sync configuration.
- Permissions changes of a user assigned to a group.
- Removed user from group.
- Project repository imported into group.
@@ -83,6 +97,7 @@ From there, you can see the following actions:
- 2FA enforcement or grace period changed.
- Roles allowed to create project changed.
- Group CI/CD variable added, removed, or protected status changed. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/30857) in GitLab 13.3.
+- Compliance framework created, updated, or deleted. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/340649) in GitLab 14.6.
Group events can also be accessed via the [Group Audit Events API](../api/audit_events.md#group-audit-events)
@@ -186,9 +201,16 @@ successful sign-in events:
After upgrading from GitLab Free to a paid tier, successful sign-in events are the only Audit
Events visible in Audit Events views until more events are logged.
+### "Deleted User" events
+
+Audit events can be created for a user after the user is deleted. The user name associated with the event is set to
+"Deleted User" because the actual user name is unknowable. For example, if a deleted user's access to a project is
+removed automatically due to expiration, the audit event is created for "Deleted User". We are [investigating](https://gitlab.com/gitlab-org/gitlab/-/issues/343933)
+whether this is avoidable.
+
### Missing events
-Some events are not tracked in Audit Events. See the following
+Some events are not tracked in audit events. See the following
epics for more detail on which events are not being tracked, and our progress
on adding these events into GitLab:
@@ -196,10 +218,12 @@ on adding these events into GitLab:
- [Group settings and activity](https://gitlab.com/groups/gitlab-org/-/epics/475)
- [Instance-level settings and activity](https://gitlab.com/groups/gitlab-org/-/epics/476)
-Don't see the event you want in any of the epics linked above? You can use the **Audit Event
-Proposal** issue template to
-[create an issue](https://gitlab.com/gitlab-org/gitlab/-/issues/new?issuable_template=Audit%20Event%20Proposal)
-to request it, or you can [add it yourself](../development/audit_event_guide/).
+Don't see the event you want in any of the epics linked above? You can either:
+
+- Use the **Audit Event Proposal** issue template to
+ [create an issue](https://gitlab.com/gitlab-org/gitlab/-/issues/new?issuable_template=Audit%20Event%20Proposal) to
+ request it.
+- [Add it yourself](../development/audit_event_guide/).
### Disabled events
@@ -240,7 +264,7 @@ The search filters you can see depends on which audit level you are at.
| Scope (Instance level) | A specific group, project, or user that the action was scoped to. |
| Date range | Either via the date range buttons or pickers (maximum range of 31 days). Default is from the first day of the month to today's date. |
-![audit events](img/audit_log_v13_6.png)
+![audit events](img/audit_events_v14_5.png)
## Export to CSV **(PREMIUM SELF)**
@@ -251,7 +275,7 @@ Export to CSV allows customers to export the current filter view of your audit e
CSV file, which stores tabular data in plain text. The data provides a comprehensive view with respect to
audit events.
-To export the Audit Events to CSV:
+To export the audit events to CSV:
1. On the top bar, select **Menu > Admin**.
1. On the left sidebar, select **Monitoring > Audit Events**.
@@ -284,5 +308,5 @@ The first row contains the headers, which are listed in the following table alon
### Limitation
-The Audit Events CSV file is limited to a maximum of `100,000` events.
+The audit events CSV file is limited to a maximum of `100,000` events.
The remaining records are truncated when this limit is reached.
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-14 20:37:37 +0300