4.2KGet a Demo
About
Architecture
Installation
Install script
System packages
Kubernetes
OpenShift
Docker
Windows
Standalone binaries
Offline deployments
External database
Uninstall
Platforms
AWS
GCP
Azure
Kubernetes
Additional clusters
Docker
Other platforms
Templates
Resource Persistence
Provider Authentication
Change Management
Resource Metadata
Agent Metadata
Parameters
Open in Coder
Docker in Workspaces
Workspaces
IDEs
Web IDEs
JetBrains Gateway
Emacs
Remote Desktops
Networking
Port Forwarding
Dotfiles
Secrets
Administration
Authentication
Users
Groups
RBAC
Configuration
Git Providers
Upgrading
Automation
Scaling Coder
Provisioners
Workspace Proxies
Audit Logs
Quotas
High Availability
Prometheus
Appearance
Telemetry
Enterprise
Contributing
Code of Conduct
Feature stages
Documentation
Security
Frontend
API
General
Agents
Applications
Applications Enterprise
Audit
Authentication
Authorization
Builds
Debug
Enterprise
Files
Insights
Members
Organizations
Schemas
Templates
Users
WorkspaceProxies
Workspaces
Command Line
coder
config-ssh
create
delete
dotfiles
features
features list
groups
groups create
groups delete
groups edit
groups list
licenses
licenses add
licenses delete
licenses list
list
login
logout
ping
port-forward
provisionerd
provisionerd start
publickey
rename
reset-password
restart
scaletest
scaletest cleanup
scaletest create-workspaces
scaletest workspace-traffic
schedule
schedule override-stop
schedule show
schedule start
schedule stop
server
server create-admin-user
server postgres-builtin-serve
server postgres-builtin-url
show
speedtest
ssh
start
state
state pull
state push
stop
templates
templates create
templates delete
templates edit
templates init
templates list
templates plan
templates pull
templates push
templates versions
templates versions list
tokens
tokens create
tokens list
tokens remove
update
users
users activate
users create
users list
users show
users suspend
version
Security
API tokens of deleted users not invalidated
Home
/
Administration
/
Audit Logs

Audit Logs
Enterprise

Audit Logs

Audit Logs allows Auditors to monitor user operations in their deployment.

Tracked Events

We track the following resources:

Resource
APIKey
login, logout, register, create, delete
FieldTracked
created_attrue
expires_attrue
hashed_secretfalse
idfalse
ip_addressfalse
last_usedtrue
lifetime_secondsfalse
login_typefalse
scopefalse
token_namefalse
updated_atfalse
user_idtrue
Group
create, write, delete
FieldTracked
avatar_urltrue
idtrue
memberstrue
nametrue
organization_idfalse
quota_allowancetrue
GitSSHKey
create
FieldTracked
created_atfalse
private_keytrue
public_keytrue
updated_atfalse
user_idtrue
License
create, delete
FieldTracked
exptrue
idfalse
jwtfalse
uploaded_attrue
uuidtrue
Template
write, delete
FieldTracked
active_version_idtrue
allow_user_autostarttrue
allow_user_autostoptrue
allow_user_cancel_workspace_jobstrue
created_atfalse
created_bytrue
default_ttltrue
deletedfalse
descriptiontrue
display_nametrue
failure_ttltrue
group_acltrue
icontrue
idtrue
inactivity_ttltrue
max_ttltrue
nametrue
organization_idfalse
provisionertrue
updated_atfalse
user_acltrue
TemplateVersion
create, write
FieldTracked
created_atfalse
created_bytrue
git_auth_providersfalse
idtrue
job_idfalse
nametrue
organization_idfalse
readmetrue
template_idtrue
updated_atfalse
User
create, write, delete
FieldTracked
avatar_urlfalse
created_atfalse
deletedtrue
emailtrue
hashed_passwordtrue
idtrue
last_seen_atfalse
login_typefalse
rbac_rolestrue
statustrue
updated_atfalse
usernametrue
Workspace
create, write, delete
FieldTracked
autostart_scheduletrue
created_atfalse
deletedfalse
idtrue
last_used_atfalse
nametrue
organization_idfalse
owner_idtrue
template_idtrue
ttltrue
updated_atfalse
WorkspaceBuild
start, stop
FieldTracked
build_numberfalse
created_atfalse
daily_costfalse
deadlinefalse
idfalse
initiator_idfalse
job_idfalse
max_deadlinefalse
provisioner_statefalse
reasonfalse
template_version_idtrue
transitionfalse
updated_atfalse
workspace_idfalse
WorkspaceProxy
FieldTracked
created_attrue
deletedfalse
display_nametrue
icontrue
idtrue
nametrue
token_hashed_secrettrue
updated_atfalse
urltrue
wildcard_hostnametrue

Filtering logs

In the Coder UI you can filter your audit logs using the pre-defined filter or by using the Coder's filter query like the examples below:

  • resource_type:workspace action:delete to find deleted workspaces
  • resource_type:template action:create to find created templates

The supported filters are:

  • resource_type - The type of the resource. It can be a workspace, template, user, etc. You can find here all the resource types that are supported.
  • resource_id - The ID of the resource.
  • resource_target - The name of the resource. Can be used instead of resource_id.
  • action- The action applied to a resource. You can find here all the actions that are supported.
  • username - The username of the user who triggered the action.
  • email - The email of the user who triggered the action.
  • date_from - The inclusive start date with format YYYY-MM-DD.
  • date_to - The inclusive end date with format YYYY-MM-DD.
  • build_reason - To be used with resource_type:workspace_build, the initiator behind the build start or stop.

Enabling this feature

This feature is only available with an enterprise license. Learn more

See an opportunity to improve our docs? Make an edit.
On this page