Skip to content

Server-wide Audit Logging

Resources

FE @alfredo1

Description

As part of https://gitlab.com/gitlab-org/gitlab-ee/issues/579 we are improving our Audit Logging for EE customers.

Currently, in GitLab EES we have Group and Project level audit events, but want to extend the depth of this functionality and create a new unified, powerful audit log for server-wide logging for EEP customers. The existing Group & Project audit event pages should still remain as part of EES and should also continue to be available to EEP customers.

Proposal

  1. EEP customers will have an Audit Log under the Monitoring section of the Admin Area which is only available to EEP customers
  2. The Audit Log should display audit event data for all projects and groups on the repo as Project Events and Group Events
  3. The Audit Log should display user authentication audit data as User Events
  4. The table of audit entries should include an Object column which should be the group or project
  5. The table of audit entries should have a filter dropdown to allow the user to filter by All Events Group Events Project Events and User Events.
  6. When changed to Group Events an additional dropdown should appear with the list of all groups on the server. Selecting a particular group should only display events for that group object.
  7. When changed to Project Events an additional dropdown should appear with the list of all projects.
  8. When changed to User events an additional dropdown should appear with the list of all users.
  9. The audit log should be paginated
  10. The IP Address of the user should be attached to every log event

Below is an example table of audit data

Author Object Action Target IP Address Date
Mike Bartlett gitlab/gitlab-ce Change access level from guest to master Douwe Maan 192.168.0.1 Timestamp
Mike Bartlett secrettestgroup Add user access as guest Douwe Maan 192.168.0.1 Timestamp
Mike Bartlett mydigitalself Signed in with two-factor authentication 192.168.0.1 Timestamp

Links / references

Documentation blurb

Server-wide audit logging, available in GitLab Enterprise Edition Premium since 9.3 introduces the ability to observe user actions across the entire instance of your GitLab Server, making it easy to understand who changed what and when for audit purposes.

To view the server-wide admin log, visit the Admin Area, select the Monitoring and choose Audit Log.

It is possible to filter particular actions by choosing an audit data type from the filter drop-down. You can further filter by specific Group, Project or User (for authentication events).