Obtaining AuditLog Events not associated with an Organisation

Hi all,
I need to generate a report of all auditable events in github enterprise server, including events such as user.login and user.failed_login.
I am unable to find how to query these events with rest or graphql.

I’d appreciate any assistance anyone can provide.

thanks,
Aaron Duncan

Hi @aaronduncan73,

There are limitations with these things, some previous posts cover most of this, you could take a look at
[ What is the best way to acquire AuditLog in organization?](What is the best way to acquire AuditLog in organization?)

I have separately put in a feature request for a GraphQL API feature for ‘aggregated’ actions from all of the organizations owned by an enterprise account available through API, it is possible in the enterprise account GUI aggregated audit log, as the GraphQL Audit Organization seems limited to a organization scope currently.

hi @byrneh, thanks so much for your reply.

It’s a pity that the GraphQL AuditLog API seems limited to the organization scope.

In particular, I was looking for finding the “user” actions, which don’t seem to be linked with an Organization, such as “user.create”, “user.login”, “user.rename”, etc.

If GraphQL can’t provide this information, what would be the best alternative?

thanks again for your time and assistance,
Aaron