GetAuditLog response is not fully enriched

[AbbanMustafa]

Many expected fields are omitted from the AuditEntry result of the GetAuditLog request.

For example here are 4 logs for different actions

  actor: ""
  action: "git.clone"
  timestamp:
  org: ""
  transport_protocol_name: ""
  repo: ""

  actor: ""
  action: "git.fetch"
  timestamp:
  org: ""
  transport_protocol_name: ""
  repo: ""

  document_id: ""
  actor: ""
  action: "org.sso_response"
  timestamp:
  org: ""

  document_id: ""
  actor: ""
  action: "pull_request_review_comment.update"
  timestamp:
  org: ""

These are very barebones and the AuditEntry has many fields we think are essential that are just not present. Does the request need an additional parameter to ensure we have more verbose logs?

[gmlewis]

I'm looking through the official GitHub v3 API documentation: https://docs.github.com/en/rest and am no longer finding any endpoints relating to getting the audit logs for an organization.

@AbbanMustafa - could you please contact GitHub Tech Support and ask them where the documentation is now located for these endpoint(s)?

[AbbanMustafa]

@gmlewis The docs are confusing, they need to be specified under Enterprise Cloud https://docs.github.com/en/enterprise-cloud@latest/rest/orgs/orgs#get-the-audit-log-for-an-organization

[gmlewis]

Thank you, @AbbanMustafa !

Have you tried adding Include: github.String("all") in your request?

[AbbanMustafa]

Yes that just includes all log types but doesnt make the logs themselves include more

[gmlewis]

Yes that just includes all log types but doesnt make the logs themselves include more

Thanks, @AbbanMustafa. Can you please try and see if you can get more data from using a direct curl to the API?

If you are unable, then it is time to contact GitHub Tech Support afterall. Would you mind asking them how to get all the data back (and show them the experiments you tried using curl)?