New
Boost Developer Productivity & Streamline Onboarding with CDE's

Download the Whitepaper

Get a Demo
Home
About
Comparison
Feedback
Getting started
Coder for Docker
Administrators
Data scientists
Developers
IntelliJ
PyCharm
Workspaces
Create a workspace
Lifecycle
Auto-start
Dev URLs
Docker in workspaces
Editors and IDEs
Environment variables
Personalization
Preferences
Progressive web apps
SSH access
VS Code extensions
Workspace applications
Workspace parameters
Workspace templates
Workspace templates
Workspace template code completion
Images
Configure script
Custom image creation
Deprecate and Decommission
Embeddable button
Import
Structure
Tags
TLS certificates
Command line
Installation and setup
Remote terminal
File sync
Workspace management
Reference
coder completion
coder config-ssh
coder images
coder images ls
coder login
coder logout
coder satellites
coder satellites create
coder satellites ls
coder satellites rm
coder ssh
coder sync
coder tokens
coder tokens create
coder tokens ls
coder tokens regen
coder tokens rm
coder tunnel
coder update
coder urls
coder urls create
coder urls ls
coder urls rm
coder users
coder users ls
coder workspaces
coder workspaces create-from-config
coder workspaces create
coder workspaces edit-from-config
coder workspaces edit
coder workspaces ls
coder workspaces ping
coder workspaces policy-template
coder workspaces rebuild
coder workspaces rm
coder workspaces stop
coder workspaces watch-build
Setup
Architecture
System Requirements
Kubernetes
K3s
Amazon Elastic Kubernetes Service
Azure Kubernetes Service
Google Kubernetes Engine
Red Hat OpenShift
Rancher Kubernetes Engine
Installation
Configuration
Scaling Coder
Air-gapped deployment
Network setup
Offline documentation
Coder for Docker
Local deployment
External database setup
Upgrade
Upgrade
Update considerations
Admin
Access control
Authentication management
Organization roles
User management
User roles
Password reset
Organizations
Org management
Registries
Default registry
Amazon Elastic Container Registry
Azure Container Registry
Google Container Registry
Satellites
Manage satellites
Migrate to satellite deployments
Global access URL configuration
Workspace management
Docker in workspaces
Cluster setup
Images
Management
Extensions
GPU acceleration
IDE installation
Memory provisioning
CPU provisioning
Self-contained workspace builds
Shutdown
SSH configuration
Workspace limits
Workspace process logging
Workspace providers
Deployment
Docker
EC2
Kubernetes
Workspace provider management
Access URL
Account dormancy
Appearance
Audit
Security
Dev URLs
Direct workspace connections
Fallback shell
Git integration
Prometheus integration
Licensing
Telemetry
Templates
Usage metrics
Guides
Admin
Compute resources
Database migration
AWS RDS with IAM credentials
File download disabling
Helm charts
Image tag names
Logging
NFS file mounting
OpenID Connect with Azure AD
OpenID Connect with Active Directory Federation Services (ADFS)
OpenID Connect with Google
OpenID Connect with Okta
Shared security responsibility
Storage
Usage monitoring
Workspace provider provisioning via CLI
Customization
Git configuration
GPG forwarding
macOS keybindings
Multiple JetBrains instances configuration
Node.js Projects
Tailscale
VNC
Deployment
Coder installation from an archive
JFrog Artifactory
Managed code-server Workspaces
Podman
PostgreSQL
Proxies
SAML 2.0 identity brokering
Teardown
Terraform
TLS certificates
Azure DNS
Google Cloud DNS
Cloudflare
Route 53
Configure TLS on Coder for Docker
Mobile development
Public API
Troubleshooting
Activate JetBrains license in a browser
Admin password reset
Docker
GitHub OAuth integration
Image registry
inotify watcher limit problems
TypeError: Failed to fetch
Vite and HMR
SSH no mutual signature supported
Workspace organization
Moving to Coder v2
Sunsetting Coder v1 and v2 Migration FAQ
Changelog
1.44.0
1.44.1
1.43.0
1.43.1
1.42.0
1.42.1
1.41.0
1.41.1
1.40.0
1.39.0
1.39.2
1.39.1
1.38.0
1.38.3
1.38.2
1.38.1
1.37.0
1.37.1
1.36.0
1.36.2
1.36.1
1.35.0
1.35.4
1.35.3
1.35.2
1.35.1
1.34.0
1.34.3
1.34.2
1.34.1
Home
/
Admin
/
Audit

Audit

Audit

Coder maintains records of all user actions on system resources for auditing purposes.

Any user who is a Site Manager or an Auditor can log into Coder, go to Manage > Audit, and view the Audit Logs.

By default, this page displays a chronological list of all actions taken on the system.

Audit logs

You can filter the logs displayed using the search filters available at the top:

  • Resource Type: The resource on which the action is taken (e.g., image, workspace, user)
  • Action: The action that the user took against a resource (e.g., read, write, create)
  • Resource Target: The friendly name for the resource (e.g., the user with the email address [email protected])
  • User: The user who performs the action

Actions

The audit logs capture information about the following actions (those who export Coder logs will see this information under message.fields.audit_log.action):

When reviewing Coder's audit logs, specifically, you will see the following actions included:

  • auto_off: Coder automatically turned off a workspace due to inactivity
  • auto_start: Coder automatically turned on a workspace at the time preset by its owner
  • connect: a user connected to an existing workspace via a local VS Code instance, a JetBrains IDE via JetBrains Gateway, a local terminal ssh connection, or a local terminal connection via the Coder CLI's coder ssh command
  • cordon: a workspace provider became unavailable for new workspace creation requests
  • create: the user created a Coder entity (e.g., dev URL, image/image tag, workspace, etc.)
  • delete: a user deleted a Coder entity (e.g., workspace or image)
  • enqueue: a user added a new job to the queue (e.g., workspace build, user deletion, workspace deletion)
  • login: a user logs in via basic authentication or OIDC, with Coder exchanging a token as a result
  • open: a user opened a workspace using the Code Web IDE through the browser (please note that this action is not yet logged for JetBrains IDEs)
  • ssh: a user opened a web terminal to access Coder
  • stop: a user manually stopped a workspace
  • uncordon: a workspace provider became available for new workspace creation requests
  • view: the Coder CLI used a secret
  • write: the user made a change to a Coder entity (e.g., workspace, user, resource pool, etc.)

Admin logged events

With the exception of a few, logged events made by Admin panel changes will output the changed field(s) and the new, corresponding value. Below is the expected (example) output for each Admin panel change.

The Admin fields not documented below currently do not output a field/diff.

Infrastructure

Admin SettingActionTargetFieldDiff
Access URLWriteinfrastructureaccess URLcoder.com
GPU VendorWriteinfrastructuregpu vendoramd/nvidia/none
Enable container-based virtual machinesWriteinfrastructureenable container vmstrue/false
Enable cachingWriteinfrastructureenabled cached container vmstrue/false
Enable auto loading of shiftfs kernel moduleWriteinfrastructureenable load shiftfstrue/false
Default to container-based virtual machinesWriteinfrastructuredefault container vmstrue/false
Enable self-contained workspace buildsWritefeaturescoder agent pull assetsenabled/disabled
Enable workspace process loggingWritefeaturesexectraceenabled/disabled
Enable TUN deviceWritefeaturesfuse deviceenabled/disabled
Enable FUSE deviceWritefeaturestun deviceenabled/disabled
Enable default registryWriteinfrastructuredefault registry enabledtrue/false
Enable ECR IAM role authenticationWritefeaturesecr auth irsaenabled/disabled
Enable AAD authentication for ACRWritefeaturesazure auth aadenabled/disabled
Enable fallback shell support for K8sWritefeatures
Extension marketplace typeWrite*ext marketplace typepublic/custom
Dev URL access permissionsWritedevurl accesspublic/org/authed/true/false
Enable memory overprovisioningWriteinfrastructurememory overprovisioning enabledtrue/false

Git OAuth

Admin SettingActionTargetFieldDiff
Client IDWriteoauth configsclient id0fb2...7a4a
Client SecretWriteoauth configsclient secret******
DescriptionWriteoauth configsdescriptionexample
NameWriteoauth configsnameGitHub
ProviderWriteoauth configsservice typegithub/gitlab
URLWriteoauth configsURL hosthost.com

Appearance

Admin SettingActionTargetFieldDiff
System BannerWritesystem bannerenabledtrue/false
Background colorWritesystem bannercolor bg#9A4967
FooterWritesystem bannertext footerUNCLASSIFIED
HeaderWritesystem bannertext headerUNCLASSIFIED
Service BannerWriteappearancesvc banner enabledtrue/false
Background colorWriteappearancesvc banner color bg#18382D
MessageWriteappearancesvc banner bodyMaintenance 9:01PM
Terms of ServiceWriteappearancetos bodyAccept Terms & Conditions
Text fieldWriteappearancetos enabledtrue/false

Telemetry

Admin SettingActionTargetFieldDiff
Send crash reportsWritetelemetrycrash reports enabledtrue/false
Send usage telemetryWritetelemetryenhanced telemetry enabledtrue/false
Send enhanced usage telemetryWritetelemetrytelemetry enabledtrue/false

Templates

The template policy dropdown will provide a unique commit/hash for the uploaded file. If file is uploaded from disk, then file path/git ref will be local.

Admin SettingActionTargetFieldDiff
Enable workspace templatesWriteinfrastructureenable workspaces as codetrue/false
Template policyWritelocalcommit/file hash/filepath/git ref/From0000...0000/ed19...843b/local/local/User
See an opportunity to improve our docs? Make an edit.
On this page