From 31f2282e23f70904add716c4fcbc83ded6789b7b Mon Sep 17 00:00:00 2001 From: Dan Nelson Date: Tue, 12 Dec 2023 12:46:25 -0600 Subject: [PATCH 1/3] Add audit log troubleshooting note --- .../streaming-the-audit-log-for-your-enterprise.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/content/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/streaming-the-audit-log-for-your-enterprise.md b/content/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/streaming-the-audit-log-for-your-enterprise.md index e611eace62da..f6a3d124e882 100644 --- a/content/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/streaming-the-audit-log-for-your-enterprise.md +++ b/content/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/streaming-the-audit-log-for-your-enterprise.md @@ -275,6 +275,13 @@ To get a list of IP address ranges that {% data variables.product.prodname_dotco {% ifversion pause-audit-log-stream %} +{% note %} + +**Note**: {% data variables.product.prodname_dotcom %} validates the HEC endpoint via `:port/services/collector`. If self-hosting the HEC endpoint (e.g. with [Splunk HEC Receiver +](https://github.com/open-telemetry/opentelemetry-collector-contrib/tree/main/receiver/splunkhecreceiver) via OpenTelemetry), ensure this is reachable. + +{% endnote %} + ## Pausing audit log streaming Pausing the stream allows you to perform maintenance on the receiving application without losing audit data. Audit logs are stored for up to seven days on {% data variables.location.product_location %} and are then exported when you unpause the stream. From 65567827c6e56eb7660ee7cdb2985075c94d6449 Mon Sep 17 00:00:00 2001 From: Dan Nelson Date: Wed, 13 Dec 2023 14:37:00 -0600 Subject: [PATCH 2/3] Move note --- .../streaming-the-audit-log-for-your-enterprise.md | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/content/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/streaming-the-audit-log-for-your-enterprise.md b/content/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/streaming-the-audit-log-for-your-enterprise.md index f6a3d124e882..be0b1e3fe4e9 100644 --- a/content/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/streaming-the-audit-log-for-your-enterprise.md +++ b/content/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/streaming-the-audit-log-for-your-enterprise.md @@ -245,6 +245,13 @@ To set up streaming to Google Cloud Storage, you must create a service account i To stream audit logs to Splunk's HTTP Event Collector (HEC) endpoint you must make sure that the endpoint is configured to accept HTTPS connections. For more information, see [Set up and use HTTP Event Collector in Splunk Web](https://docs.splunk.com/Documentation/Splunk/latest/Data/UsetheHTTPEventCollector) in the Splunk documentation. +{% note %} + +**Note**: {% data variables.product.prodname_dotcom %} validates the HEC endpoint via `:port/services/collector`. If self-hosting the HEC endpoint (e.g. with [Splunk HEC Receiver +](https://github.com/open-telemetry/opentelemetry-collector-contrib/tree/main/receiver/splunkhecreceiver) via OpenTelemetry), ensure this is reachable. + +{% endnote %} + {% ifversion ghec %} To get a list of IP address ranges that {% data variables.product.prodname_dotcom %} uses for connections to the HEC endpoint, you can use the REST API. The `meta` endpoint for {% data variables.product.product_name %} includes a `hooks` key with a list of the IP addresses. For more information, see "[Meta](/rest/meta/meta#get-github-enterprise-cloud-meta-information)" in the REST API documentation. {% endif %} @@ -275,13 +282,6 @@ To get a list of IP address ranges that {% data variables.product.prodname_dotco {% ifversion pause-audit-log-stream %} -{% note %} - -**Note**: {% data variables.product.prodname_dotcom %} validates the HEC endpoint via `:port/services/collector`. If self-hosting the HEC endpoint (e.g. with [Splunk HEC Receiver -](https://github.com/open-telemetry/opentelemetry-collector-contrib/tree/main/receiver/splunkhecreceiver) via OpenTelemetry), ensure this is reachable. - -{% endnote %} - ## Pausing audit log streaming Pausing the stream allows you to perform maintenance on the receiving application without losing audit data. Audit logs are stored for up to seven days on {% data variables.location.product_location %} and are then exported when you unpause the stream. From 93ce2992f66570c860d80b2bdaeefed67855a5b7 Mon Sep 17 00:00:00 2001 From: Laura Coursen Date: Thu, 14 Dec 2023 08:42:49 -0600 Subject: [PATCH 3/3] Add :nail_care: --- .../streaming-the-audit-log-for-your-enterprise.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/content/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/streaming-the-audit-log-for-your-enterprise.md b/content/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/streaming-the-audit-log-for-your-enterprise.md index be0b1e3fe4e9..17402c9cb2e6 100644 --- a/content/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/streaming-the-audit-log-for-your-enterprise.md +++ b/content/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/streaming-the-audit-log-for-your-enterprise.md @@ -247,8 +247,7 @@ To stream audit logs to Splunk's HTTP Event Collector (HEC) endpoint you must ma {% note %} -**Note**: {% data variables.product.prodname_dotcom %} validates the HEC endpoint via `:port/services/collector`. If self-hosting the HEC endpoint (e.g. with [Splunk HEC Receiver -](https://github.com/open-telemetry/opentelemetry-collector-contrib/tree/main/receiver/splunkhecreceiver) via OpenTelemetry), ensure this is reachable. +**Note**: {% data variables.product.prodname_dotcom %} validates the HEC endpoint via `:port/services/collector`. If self-hosting the HEC endpoint (such as with [Splunk HEC Receiver](https://github.com/open-telemetry/opentelemetry-collector-contrib/tree/main/receiver/splunkhecreceiver) via OpenTelemetry), ensure the endpoint is reachable at this destination. {% endnote %}