Know who cloned the project to their local system in Gitlab


Could someone help me here to figure out Know who cloned/downloaded the project to their local system in Gitlab. we are using an GitLab Enterprise Edition 14.7.0-ee

if anyone response asap it would be much appreciated.

I don’t think you can.

1 Like

I guess the only possible option might be if you are self-hosting and have your web server access logs available?

1 Like

Audit events do not support logging git pull/clone actions yet, suggest reviewing this epic Comprehensive audit log: actions (&640) · Epics · · GitLab and commenting on Real-time monitoring of current git clone/pull activity (#2494) · Issues · / GitLab · GitLab with your use case.

1 Like

As the OP said they were using a specific version (and EE) I assumed they were self-hosting.

That might work if the cloning/download happened over HTTP(S), but if it happened over SSH, you’d need gitaly to have logged it.
It seems that gitaly on (one of) our GitLab servers has actually logged a “clone”, so maybe someting is possible, but maybe it’s because that line has ‘“level”: “error”’. I can see that the relevant line (that I found in /var/log/gitlab/gitaly/@4000000062a1a9ac228bdd4c.s which is gzipped) is a json object. I’ve never looked at that before, but it seems easy to understand.

When you rely on log files you can only find events that happened in the period you still have log files for. I think the standard settings for gitaly keeps those around for 30 days. At least on my server(s), most clonings happened (way) more than 30 days ago.

1 Like

Yes , I have web server access logs. I’ve already analyzed those events but I couldn’t able to figure out the exact details. could you pls help me to decode the content from the access logs.

@tmsd-personal dnsmichi wrote that the audit events are not there, therefore you can vote on the issues/epics in the hope it will be added in the future. Although expect such functionality to exist only in paid versions of Gitlab.