Audit Logs allows Auditors to monitor user operations in
their deployment.
Tracked Events
We track the following resources:
| Resource | |
|---|
| AuditableGroup | | Field | Tracked |
|---|
| avatar_url | true | | quota_allowance | true | | members | true | | id | true | | name | true | | organization_id | false |
|
| Organization | | Field | Tracked |
|---|
| id | true | | name | true | | description | true | | created_at | false | | updated_at | false |
|
| OrganizationMember | | Field | Tracked |
|---|
| updated_at | false | | roles | true | | user_id | true | | organization_id | true | | created_at | false |
|
| User | | Field | Tracked |
|---|
| deleted | true | | id | true | | username | true | | rbac_roles | true | | login_type | false | | updated_at | false | | hashed_password | true | | status | true | | last_seen_at | false | | email | true | | created_at | false | | avatar_url | false |
|
| Workspace | | Field | Tracked |
|---|
| id | true | | template_id | true | | deleted | false | | name | true | | organization_id | false | | owner_id | true | | autostart_schedule | true | | ttl | true | | last_used_at | false | | created_at | false | | updated_at | false |
|
| WorkspaceBuild | | Field | Tracked |
|---|
| created_at | false | | job_id | false | | id | false | | updated_at | false | | template_version_id | true | | initiator_id | false | | deadline | false | | daily_cost | false | | build_number | false | | provisioner_state | false | | reason | false | | workspace_id | false | | transition | false |
|
| GitSSHKey | | Field | Tracked |
|---|
| created_at | false | | updated_at | false | | private_key | true | | public_key | true | | user_id | true |
|
| Template | | Field | Tracked |
|---|
| updated_at | false | | provisioner | true | | id | true | | default_ttl | true | | organization_id | false | | icon | true | | min_autostart_interval | true | | deleted | false | | display_name | true | | group_acl | true | | name | true | | created_at | false | | created_by | true | | user_acl | true | | is_private | true | | active_version_id | true | | allow_user_cancel_workspace_jobs | true | | description | true |
|
| TemplateVersion | | Field | Tracked |
|---|
| id | true | | template_id | true | | name | true | | created_at | false | | updated_at | false | | readme | true | | job_id | false | | created_by | true | | organization_id | false |
|
Filtering logs
In the Coder UI you can filter your audit logs using the pre-defined filter or by using the Coder's filter query like the examples below:
resource_type:workspace action:delete to find deleted workspacesresource_type:template action:create to find created templates
The supported filters are:
resource_type - The type of the resource. It can be a workspace, template, user, etc. You can find here all the resource types that are supported.resource_id - The ID of the resource.resource_target - The name of the resource. Can be used instead of resource_id.action- The action applied to a resource. You can find here all the actions that are supported.username - The username of the user who triggered the action.email - The email of the user who triggered the action.date_from - The inclusive start date with format YYYY-MM-DD.date_to - the inclusive end date with format YYYY-MM-DD.
Enabling this feature
This feature is only available with an enterprise license. Learn more
