We use cookies to make your experience better.
Coder maintains records of all user actions on system resources for auditing purposes.
Any user who is a Site Manager or an Auditor can log into Coder, go to Manage > Audit, and view the Audit Logs.
By default, this page displays a chronological list of all actions taken on the system.
You can filter the logs displayed using the search filters available at the top:
The audit logs capture information about the following actions (those who
export Coder logs will see this information under
message.fields.audit_log.action
):
When reviewing Coder's audit logs, specifically, you will see the following actions included:
auto_off
: Coder automatically turned off a workspace due to inactivityauto_start
: Coder automatically turned on a workspace at the time preset by
its ownerconnect
: a user connected to an existing workspace via a local VS Code
instance, a JetBrains IDE via JetBrains Gateway, a local terminal ssh
connection, or a local terminal connection via the Coder CLI's coder ssh
commandcordon
: a workspace provider became unavailable for new workspace creation
requests.create
: the user created a Coder entity (e.g., dev URL, image/image tag,
workspace, etc.)delete
: a user deleted a Coder entity (e.g., workspace or image)enqueue
: a user added a new job to the queue (e.g., workspace build, user
deletion, workspace deletion)login
: a user logs in via basic authentication or OIDC, with Coder
exchanging a token as a resultopen
: a user opened a workspace using the Code Web IDE through the browser
(please note that this action is not yet logged for JetBrains IDEs)ssh
: a user opened a web terminal to access Coderstop
: a user manually stopped a workspaceuncordon
: a workspace provider became available for new workspace creation
requests.view
: the Coder CLI used a secretwrite
: the user made a change to a Coder entity (e.g., workspace, user,
resource pool, etc.)See an opportunity to improve our docs? Make an edit.