Hi all,
Where can I find details on how to analyze my GitLab server to determine what kind of cyber attacks been done on my server?
API requests, analyzing log files, … perform some periodic scanning?
Are there already some tools/script available to automate these checks?
Regards,
Peter
The GitLab logging system is documented in Log system | GitLab Docs Log formats include JSON, which makes it easier to do log ingestion into Elastic(search) for example, which provides analytics capabilities.
For specific audit questions, you’ll need Audit events | GitLab Docs Premium/Ultimate customers can access more compliance features, Audit events administration | GitLab Docs
Since GitLab is a service running on your (Linux) host, I’d also recommend the OS analysis methods (syslog, auth.log, access.log, etc.).