Coder maintains records of all user actions on system resources for auditing purposes.
Any user who is a Site Manager or an Auditor can log into Coder, go to Manage > Audit, and view the Audit Logs.
By default, this page displays a chronological list of all actions taken on the system.
You can filter the logs displayed using the search filters available at the top:
- Resource Type: The resource on which the action is taken (e.g., image, workspace, user)
- Action: The action that the user took against a resource (e.g., read, write, create)
- Resource Target: The friendly name for the resource (e.g., the user with the email address [email protected])
- User: The user who performs the action
Actions
The audit logs capture information about the following actions (those who
export Coder logs will see this information under
message.fields.audit_log.action
):
When reviewing Coder's audit logs, specifically, you will see the following actions included:
auto_off
: Coder automatically turned off a workspace due to inactivityauto_start
: Coder automatically turned on a workspace at the time preset by its ownerconnect
: a user connected to an existing workspace via a local VS Code instance, a JetBrains IDE via JetBrains Gateway, a local terminalssh
connection, or a local terminal connection via the Coder CLI'scoder ssh
commandcordon
: a workspace provider became unavailable for new workspace creation requestscreate
: the user created a Coder entity (e.g., dev URL, image/image tag, workspace, etc.)delete
: a user deleted a Coder entity (e.g., workspace or image)enqueue
: a user added a new job to the queue (e.g., workspace build, user deletion, workspace deletion)login
: a user logs in via basic authentication or OIDC, with Coder exchanging a token as a resultopen
: a user opened a workspace using the Code Web IDE through the browser (please note that this action is not yet logged for JetBrains IDEs)ssh
: a user opened a web terminal to access Coderstop
: a user manually stopped a workspaceuncordon
: a workspace provider became available for new workspace creation requestsview
: the Coder CLI used a secretwrite
: the user made a change to a Coder entity (e.g., workspace, user, resource pool, etc.)
See an opportunity to improve our docs? Make an edit.