GitHub
Overview
GitHub collects audit logs from a specified GitHub organization using the GitHub API. It periodically polls the GitHub API to retrieve organization audit log events.
Supported platforms
- Linux:
Logs - Windows:
Logs - macOS:
Logs
Authentication
GitHub supports authentication to securely access the organization audit logs.
Authentication is configured using the Credential Type field.
| Parameter | Type | Description |
|---|---|---|
| Credential Type | string | Specifies the authentication mechanism |
| BearerTokenAuth | option | Enables bearer token authentication. |
Note: When BearerTokenAuth is selected, a valid GitHub Personal Access Token (PAT) must be provided. The token must have sufficient permissions to access the organization audit logs.
Basic Configuration
| Parameter | Type | Required | Default | Description |
|---|---|---|---|---|
| org | string | Yes | none | Name of the GitHub organization from which audit logs will be retrieved. |
| interval | duration | No | 1m | Polling interval used to periodically fetch audit logs from the GitHub API. |
| apiurl | string | No | https://api.github.com | Base URL of the GitHub API. This value can be changed when using GitHub Enterprise. |
| perpage | integer | No | 100 | Number of audit log records retrieved per API request. |
| logtype | string | Yes | web | Specifies the type of logs to retrieve from GitHub. Supported Values:web git all |
| maxpages | integer | No | 10 | Maximum number of pages to retrieve during each polling cycle. |
| phrase | string | No | none | Optional search phrase used to filter the audit logs returned by the GitHub API. |
| startfrom | datetime (RFC3339) | No | none | Specifies the starting timestamp from which audit logs should be fetched. |
| insecureskipverify | bool | No | false | Whether to skip verification of the server's certificate |
Example Configuration
{
"org": "", // required, default: none
"interval": "1m", // default: "1m"
"apiurl": "https://api.github.com", // default: "https://api.github.com"
"perpage": 100, // default: 100
"logtype": "web", // default: "web"
"maxpages": 10, // default: 10
"phrase": "", // default: none
"startfrom": "", // default: none
"tls": {
"insecureskipverify": false, // default: false
},
}
Metrics Covered
| Metric Name | Description |
|---|---|
collector_source_records_received_total | Total number of log records successfully received |
collector_source_received_bytes_total | Total number of bytes received while fetching audit log events. |
collector_source_errors_total | Counts operational errors encountered by the source. Possible reasons include auth_failed auth permission_denied timeout io rate_limit throttle and pagination |
collector_source_parse_errors_total | Counts errors that occur while parsing API responses. Possible reason: json |