Audit Events

GitLab Enterprise Edition offers a way to view the changes made within the GitLab server as a help to system administrators.

GitLab system administrators can also take advantage of the logs located on the filesystem, see the logs system documentation for more details.

Overview

Audit Events is a tool for GitLab Enterprise Edition administrators to be able to track important events such as user access level, target user, and user addition or removal.

Use-cases

  • You can use it to check who was the person who changed the permission level of a particular user for a project in your GitLab EE instance.
  • You can use it to track which users have access to certain group of projects in your GitLab instance, and who gave them that permission level.

Security events

Security Event Description
User added to group or project Notes the author of the change, target user
User permission changed Notes the author of the change, original permission and new permission, target user
User login failed Notes the target username and IP address

Audit events in project

To view the Audit Events user needs to have enough permissions to view the project Settings page.

Navigate to Project->Settings->Audit Events to view the Audit Events:

audit events project

Audit events in group

To view the Audit Events user needs to have enough permissions to view the group Settings page.

Navigate to Group->Settings->Audit Events to view the Audit Events:

audit events group

Audit Log (Admin only)

Notes: Introduced in GitLab 9.3.

Server-wide audit logging, available in GitLab Enterprise Edition Premium since 9.3, introduces the ability to observe user actions across the entire instance of your GitLab Server, making it easy to understand who changed what and when for audit purposes.

To view the server-wide admin log, visit the Admin Area, select Monitoring and choose Audit Log.

It is possible to filter particular actions by choosing an audit data type from the filter drop-down. You can further filter by specific group, project or user (for authentication events).

audit log