The audit events page of gitlab says that I can find “Project repository was downloaded” action in Project > Settings > Audit Events.
So I tried running git clone http://gitlab.example.com/testauditlog.git
to download one of my projects. But then I can’t find anything related to the download in the audit events. Why does this happen?
The only logs belonging to git clone
I found is in /var/log/gitlab/nginx/gitlab_access.log
172.17.0.1 - - [03/Jan/2020:03:28:56 +0000] "GET /testauditlog.git/info/refs?service=git-upload-pack HTTP/1.1" 200 254 "" "git/2.21.0 (Apple Git-122.2)"
172.17.0.1 - - [03/Jan/2020:03:28:56 +0000] "POST /testauditlog.git/git-upload-pack HTTP/1.1" 200 949 "" "git/2.21.0 (Apple Git-122.2)"
But this log doesn’t say which account cloned the repository. So it is not that useful for the compliance team in my company.
I used gitlab/gitlab-ee at dockerhub with a 30-day evaluation license to try the audit events feature of gitlab.