Skip to content

chore: add audit log action definitions #696

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 2 commits into from
Nov 1, 2021
Merged

chore: add audit log action definitions #696

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
1372055
add audit log action definitions
Nov 1, 2021
3b94ee7
apply changes based on reviews
Nov 1, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
34 changes: 32 additions & 2 deletions admin/audit.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,6 @@
---
title: "Audit"
description:
Learn how Coder audits user and admin actions for greater traceability.
description: Learn how Coder audits user and admin actions.
---

Coder maintains records of all user actions on system resources for auditing
Expand All @@ -24,3 +23,34 @@ You can filter the logs displayed using the search filters available at the top:
- **Resource Target**: The friendly name for the resource (e.g., the user with
the email address **dev@coder.com**)
- **User**: The user who performs the action

## Actions

The audit logs capture information about the following actions (those who
[export Coder logs](../guides/admin/logging.md) will see this information under
`message.fields.audit_log.action`):

When reviewing Coder's audit logs, specifically, you will see the following
actions included:

- `auto_off`: Coder automatically turned off a workspace due to inactivity
- `auto_start`: Coder automatically turned on a workspace at the time preset by
its owner
- `connect`: a user connected to an existing workspace
- `cordon`: a workspace provider became unavailable for new workspace creation
requests.
- `create`: the user created a Coder entity (e.g., dev URL, image/image tag,
workspace, etc.)
- `delete`: a user deleted a Coder entity (e.g., workspace or image)
- `enqueue`: a user added a new job to the queue (e.g., workspace build, user
deletion, workspace deletion)
- `login`: a user logs in via basic authentication or OIDC, with Coder
exchanging a token as a result
- `open`: a user opened a workspace using an IDE through the browser
- `ssh`: a user opened a web terminal or used SSH to access Coder
- `stop`: a user manually stopped a workspace
- `uncordon`: a workspace provider became available for new workspace creation
requests.
- `view`: the Coder CLI used a secret
- `write`: the user made a change to a Coder entity (e.g., workspace, user,
resource pool, etc.)