How to find out IP address of a given push event

It’s quite easy to impersonate another user in Gitlab. See this topic for more details.

It’s possible to find out which user performed a push by examining “Activity” log of a repository. But for audit purposes I’d also like to know the IP address from which the push was done. Is it possible in Gitlab CE/EE?

Pushes done through HTTP(S)

You can examine access logs of nginx (nginx/gitlab_access.log): - johndoe [19/Dec/2016:08:05:58 +0100] “POST /TEST/test.git/git-receive-pack HTTP/1.1” 200 52 “-” "git/

Pushes done through SSH

You can examine gitlab-shell logs (gitlab-shell/gitlab-shell.log). That way you can find the time of a push:

I, [2016-12-19T07:34:08.173561 #3560] INFO – : gitlab-shell: executing git command <git-receive-pack /var/opt/gitlab/git-data/repositories/test2/test2.git> for user with key key-417.

Then you can examine standard SSH logs to find the IP address: /var/log/auth.log or /var/log/secure:

Dec 19 07:34:08 gitlab-hostname sshd[3563]: Accepted publickey for git from port 40864 ssh2: RSA 32:ea:2d:e2:47:ac:fc:50:84:16:e2:16:57:b0:5c:2d