Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Enterprise Audit Log create for Splunk #401

New issue
New issue
Closed
Closed
Enterprise Audit Log create for Splunk#401
@gm3dmo

Description

@gm3dmo
gm3dmo
opened on May 24, 2025
time ./create-splunk-audit-log-stream-for-an-enterprise.sh

{
  "stream_type": "Splunk",
  "enabled": true,
  "vendor_specific": {
    "domain": "audit.seyosh.org",
    "port": 443,
    "key_id": "v1",
    "encrypted_token": "ZeieNZxY6y0Xs/OvbPHmz/KpXPdlTQNmkLugjKPhsWvuPgtBtrJDFCs3Rc5oDVEfrrKaIPELsw==",
    "ssl_verify": false
  }
}

+ curl -v -L -H 'Accept: application/vnd.github+json' -H 'Authorization: Bearer ghp_***Jp2AnYOW' -H 'X-GitHub-Api-Version: 2022-11-28' https://api.github.com/enterprises/gm3dmo-enterprise-cloud-testing/audit-log/streams --data @tmp/create-an-audit-log-streaming-configuration-for-an-enterprise.json
* Host api.github.com:443 was resolved.
* IPv6: (none)
* IPv4: 20.26.156.210
*   Trying 20.26.156.210:443...
* Connected to api.github.com (20.26.156.210) port 443
* ALPN: curl offers h2,http/1.1
* (304) (OUT), TLS handshake, Client hello (1):
*  CAfile: /etc/ssl/cert.pem
*  CApath: none
* (304) (IN), TLS handshake, Server hello (2):
* (304) (IN), TLS handshake, Unknown (8):
* (304) (IN), TLS handshake, Certificate (11):
* (304) (IN), TLS handshake, CERT verify (15):
* (304) (IN), TLS handshake, Finished (20):
* (304) (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / AEAD-CHACHA20-POLY1305-SHA256 / [blank] / UNDEF
* ALPN: server accepted h2
* Server certificate:
*  subject: CN=*.github.com
*  start date: Feb  5 00:00:00 2025 GMT
*  expire date: Feb  5 23:59:59 2026 GMT
*  subjectAltName: host "api.github.com" matched cert's "*.github.com"
*  issuer: C=GB; ST=Greater Manchester; L=Salford; O=Sectigo Limited; CN=Sectigo ECC Domain Validation Secure Server CA
*  SSL certificate verify ok.
* using HTTP/2
* [HTTP/2] [1] OPENED stream for https://api.github.com/enterprises/gm3dmo-enterprise-cloud-testing/audit-log/streams
* [HTTP/2] [1] [:method: POST]
* [HTTP/2] [1] [:scheme: https]
* [HTTP/2] [1] [:authority: api.github.com]
* [HTTP/2] [1] [:path: /enterprises/gm3dmo-enterprise-cloud-testing/audit-log/streams]
* [HTTP/2] [1] [user-agent: curl/8.7.1]
* [HTTP/2] [1] [accept: application/vnd.github+json]
* [HTTP/2] [1] [authorization: Bearer ghp_***Jp2AnYOW]
* [HTTP/2] [1] [x-github-api-version: 2022-11-28]
* [HTTP/2] [1] [content-length: 264]
* [HTTP/2] [1] [content-type: application/x-www-form-urlencoded]
> POST /enterprises/gm3dmo-enterprise-cloud-testing/audit-log/streams HTTP/2
> Host: api.github.com
> User-Agent: curl/8.7.1
> Accept: application/vnd.github+json
> Authorization: Bearer ghp_***Jp2AnYOW
> X-GitHub-Api-Version: 2022-11-28
> Content-Length: 264
> Content-Type: application/x-www-form-urlencoded
>
* upload completely sent off: 264 bytes
< HTTP/2 200
< date: Sat, 24 May 2025 14:10:44 GMT
< content-type: application/json; charset=utf-8
< content-length: 226
< cache-control: private, max-age=60, s-maxage=60
< vary: Accept, Authorization, Cookie, X-GitHub-OTP,Accept-Encoding, Accept, X-Requested-With
< etag: "cce1371146cb446f6983e3823e06920094e214438864ec565c449f6a5c4083aa"
< x-oauth-scopes: admin:enterprise, admin:gpg_key, admin:org, admin:org_hook, admin:public_key, admin:repo_hook, admin:ssh_signing_key, audit_log, codespace, copilot, delete:packages, delete_repo, gist, notifications, project, repo, user, workflow, write:discussion, write:packages
< x-accepted-oauth-scopes: admin:enterprise
< github-authentication-token-expiration: 2025-06-11 10:05:59 UTC
< x-github-media-type: github.v3; format=json
< x-github-api-version-selected: 2022-11-28
< x-ratelimit-limit: 15
< x-ratelimit-remaining: 5
< x-ratelimit-reset: 1748098564
< x-ratelimit-used: 10
< x-ratelimit-resource: audit_log_streaming
< access-control-expose-headers: ETag, Link, Location, Retry-After, X-GitHub-OTP, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Used, X-RateLimit-Resource, X-RateLimit-Reset, X-OAuth-Scopes, X-Accepted-OAuth-Scopes, X-Poll-Interval, X-GitHub-Media-Type, X-GitHub-SSO, X-GitHub-Request-Id, Deprecation, Sunset
< access-control-allow-origin: *
< strict-transport-security: max-age=31536000; includeSubdomains; preload
< x-frame-options: deny
< x-content-type-options: nosniff
< x-xss-protection: 0
< referrer-policy: origin-when-cross-origin, strict-origin-when-cross-origin
< content-security-policy: default-src 'none'
< server: github.com
< x-github-request-id: D226:236DAC:1C372D:23E83D:6831D364
<
{
  "id": 4326,
  "enabled": true,
  "created_at": "2025-05-24T15:10:44.901+01:00",
  "updated_at": "2025-05-24T15:10:44.901+01:00",
  "paused_at": null,
  "stream_type": "Splunk",
  "stream_details": "audit.seyosh.org:443"
}
* Connection #0 to host api.github.com left intact

./create-splunk-audit-log-stream-for-an-enterprise.sh  0.09s user 0.06s system 14% cpu 1.016 total

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions