You can use the audit log to review actions taken in your enterprise. The audit log includes a record of:
- Changes to your Copilot plan, such as changes to settings and policies or a user losing or receiving a license
- Agent activity on the GitHub website
The audit log does not include client session data, such as the prompts a user sends to Copilot locally. A custom solution is required to access this data: for example, some companies use custom hooks to send Copilot CLI events to their own logging service.
Viewing your enterprise's audit logs
- Navigate to your enterprise. For example, from the Enterprises page on GitHub.com.
- At the top of the page, click Settings.
- Under "Settings", click Audit log.
Searching audit log events
Use the action:copilot search term to view all events related to your Copilot plan.
You can also filter by a specific event. For example, action:copilot.cfb_seat_assignment_created returns events related to a license being assigned to a new user. For a full list of Copilot events, see Audit log events for your enterprise or Audit log events for your organization.
To view a record of agent activity, use the actor:Copilot search term. See Audit log events for agents.
Retaining audit log history
The audit log retains events for the last 180 days. We recommend streaming the audit log to a Security Information and Event Management (SIEM) platform, where you can view long-term history and set up alerts for anomalous activity. See Streaming the audit log for your enterprise.