Audit events in Stash

The auditing component of Stash will log many different events that occur when Stash is being used. The events have been assigned priorities based on how important they are – these priorities can be used to control how much information is added to the audit log file. For example, if you have a server under high load and no need for auditing, you may wish to turn audit logging off by setting it to NONE - see the audit log config properties.

On this page:

Server level events

Event Description Priority
ApplicationConfigurationChangedEvent The server configuration has changed e.g. the display name or the base url.

HIGH

BackupEvent Audited at the beginning and the end of a system backup. HIGH
LicenseChangedEvent The server license has changed. HIGH
MailHostConfigurationChangedEvent The servers mail host has changed (used to send email notifications). HIGH
MigrationEvent Audited at the beginning and the end of a database migration. HIGH
ServerEmailAddressChangedEvent The server email address has changed (used in email notifications). HIGH
TicketRejectedEvent Certain resources (e.g. the Git processes) are throttled, when tickets are rejected (e.g. too many Git processes are in use) this event is fired. LOW

User management events

Event Description Priority
DirectoryCreatedEvent Occurs when a new directory is created. HIGH
DirectoryDeletedEvent Occurs when a new directory is deleted. HIGH
GroupCreatedEvent Occurs when a new groupis created in the internal directory. HIGH
GroupUpdatedEvent Occurs when a new group is updated (not when membership changes) in the internal directory. HIGH
GroupDeletedEvent Occurs when a new group is deleted from the internal directory. HIGH
GroupMembershipCreatedEvent Occurs when a user is added to a group in the internal directory. HIGH
GroupMembershipDeletedEvent Occurs when a user is removed from a group in the internal directory. HIGH
UserAuthenticatedEvent Occurs when a user is successfully authenticated (logged in). LOW
UserAuthenticationFailedInvalidAuthenticationEvent

Occurs whenever a user fails to authenticate.

Note that this can occur frequently in Stash whenever a command line CLI is used as the initial URL provided to Stash contains a username but no password, which is rejected by Crowd.

MEDIUM
UserCreatedEvent Occurs when a user is created in the internal directory. HIGH
UserCredentialUpdatedEvent Occurs when a user changes password in the internal directory. HIGH
UserDeletedEvent Occurs when a user is deleted from the internal directory. HIGH
UserRenamedEvent Occurs when the username of a user is changed in the internal directory. HIGH

Permission events

(info) in the table below indicates that the event is visible in the recent audit log screen for the project or repository.

Event Description Priority
GlobalPermissionGrantedEvent Occurs when a user or group is granted a global permission (e.g. create project). HIGH
GlobalPermissionRevokedEvent Occurs when a user or group has a global permission revoked. HIGH
ProjectPermissionGrantedEvent

Occurs when a user or group is granted a permission for a specific project. (info)

HIGH
ProjectPermissionRevokedEvent

Occurs when a user or group has a permission for a specific project revoked. (info)

HIGH
RepositoryPermissionEvent

Occurs when a user or group has a permission for a specific repository altered. (info)

HIGH
RestrictedRefEvent

Children of this event are fired when a restricted ref is altered. (info)

HIGH

Project events

(info) in the table below indicates that the event is visible in the recent audit log screen for the project.

Event Description Priority
ProjectAvatarUpdatedEvent Raised when a project avatar has been successfully updated. LOW

ProjectCreatedEvent

Raised when a project is created. (info)

HIGH
ProjectCreationRequestedEvent Raised just before a project is created; can be cancelled. LOW
ProjectModifiedEvent

Raised when a project has been successfully updated (e.g. the project name). (info)

HIGH
ProjectModificationRequestedEvent  Raised just before a project is updated; can be cancelled. LOW
ProjectDeletedEvent  Raised when a project is deleted. HIGH
ProjectDeletionRequestedEvent  Raised just before a project is deleted; can be cancelled. LOW

Repository events

(info) in the table below indicates that the event is visible in the recent audit log screen for the project or repository.

Event Description Priority
RepositoryAccessedEvent

Raised when a repository is accessed by a user.
Stash currently only fires this event selectively - when users hit a repository page.

LOW

RepositoryCreatedEvent

Raised when a repository is created. (info)

MEDIUM
RepositoryCreationFailedEvent Raised when an attempt to create a repository fails. LOW
RepositoryCreationRequestedEvent Raised just before a repository is created; can be cancelled. LOW
RepositoryForkedEvent

Raised when a repository is forked successfully. (info)

MEDIUM
RepositoryForkFailedEvent Raised when an attempt to fork a repository fails. LOW
RepositoryForkRequestedEvent Raised just before a repository is forked; can be cancelled. LOW
RepositoryDefaultBranchModifiedEvent Raised when the default branch of a repository is reconfigured (typically through repository settings). LOW
RepositoryDeletedEvent

Raised when a repository is deleted. (info)

HIGH
RepositoryDeletionRequestedEvent Raised just before a repository is deleted; can be cancelled. LOW
RepositoryOtherReadEvent Raised when the server uploads a pack file to the client via HTTP. LOW
RepositoryOtherWriteEvent Raised when the server receives a pack file from the client via HTTP. LOW
RepositoryPullEvent Raised when a Git client pulls from a repository (only when new content is sent to the client). LOW
RepositoryPushEvent Raised when a Git client pushed to a repository. LOW

Pull request events

Event Description Priority
PullRequestEvent Fired at different points in the pull request lifecycle (declined, merged, opened, reopened, rescoped [code updated], updated, approved, unapproved, participants updated). LOW

Plugin events

See this plugin documentation for details of when these events below are triggered.

Event Description Priority
PluginDisabledEvent Occurs when a plugin has been disabled, either by the system or a user. MEDIUM

PluginEnabledEvent

Occurs when a plugin has been enabled, either by the system or a user. MEDIUM
PluginModuleDisabledEvent Occurs when a plugin module has been disabled, either by the system or a user. MEDIUM
PluginModuleEnabledEvent Occurs when a plugin module has been enabled, either by the system or a user. MEDIUM
PluginModuleUnavailableEvent Signifies a plugin module is now unavailable outside the usual installation process. MEDIUM
PluginUninstalledEvent Occurs when a plugin is explicitly uninstalled (as opposed to as part of an upgrade). MEDIUM
PluginUpgradedEvent Signifies that a plugin has been upgraded at runtime. MEDIUM
PluginContainerUnavailableEvent Occurs when the container of a plugin is being shutdown, usually as a result of the server being stopped. LOW
PluginModuleAvailableEvent Signifies that a plugin module is now available outside the usual installation process. LOW
PluginFrameworkStartedEvent Signifies that the plugin framework has been started and initialized. LOW

 

SSH key events

(info) in the table below indicates that the event is visible in the recent audit log screen for the project or repository.

Event Description Priority
SshKeyCreatedEvent

Occurs when:

  • an SSH key is added for a user, or
  • an access key is added to a project or repository and the key has not yet been used on any other projects or repositories.
HIGH
SshKeyDeletedEvent

Occurs when:

  • an SSH key is removed from a user, or
  • an access key is removed from a project or repository and it is no longer being used by any other projects or repositories.
HIGH
SshKeyAccessGrantedEvent Occurs when an access key is given access to a project or repository. (info) HIGH
SshKeyAccessRevokedEvent Occurs when an access key is removed from a project or repository. (info) HIGH

Redirection notice

This page will redirect to /display/BitbucketServer/Audit+events+in+Bitbucket+Server .

The auditing component of Stash will log many different events that occur when Stash is being used. The events have been assigned priorities based on how important they are – these priorities can be used to control how much information is added to the audit log file. For example, if you have a server under high load and no need for auditing, you may wish to turn audit logging off by setting it to NONE - see the audit log config properties.

On this page:

Server level events

Event Description Priority
ApplicationConfigurationChangedEvent The server configuration has changed e.g. the display name or the base url.

HIGH

BackupEvent Audited at the beginning and the end of a system backup. HIGH
LicenseChangedEvent The server license has changed. HIGH
MailHostConfigurationChangedEvent The servers mail host has changed (used to send email notifications). HIGH
MigrationEvent Audited at the beginning and the end of a database migration. HIGH
ServerEmailAddressChangedEvent The server email address has changed (used in email notifications). HIGH
TicketRejectedEvent Certain resources (e.g. the Git processes) are throttled, when tickets are rejected (e.g. too many Git processes are in use) this event is fired. LOW

User management events

Event Description Priority
DirectoryCreatedEvent Occurs when a new directory is created. HIGH
DirectoryDeletedEvent Occurs when a new directory is deleted. HIGH
GroupCreatedEvent Occurs when a new groupis created in the internal directory. HIGH
GroupUpdatedEvent Occurs when a new group is updated (not when membership changes) in the internal directory. HIGH
GroupDeletedEvent Occurs when a new group is deleted from the internal directory. HIGH
GroupMembershipCreatedEvent Occurs when a user is added to a group in the internal directory. HIGH
GroupMembershipDeletedEvent Occurs when a user is removed from a group in the internal directory. HIGH
UserAuthenticatedEvent Occurs when a user is successfully authenticated (logged in). LOW
UserAuthenticationFailedInvalidAuthenticationEvent

Occurs whenever a user fails to authenticate.

Note that this can occur frequently in Stash whenever a command line CLI is used as the initial URL provided to Stash contains a username but no password, which is rejected by Crowd.

MEDIUM
UserCreatedEvent Occurs when a user is created in the internal directory. HIGH
UserCredentialUpdatedEvent Occurs when a user changes password in the internal directory. HIGH
UserDeletedEvent Occurs when a user is deleted from the internal directory. HIGH
UserRenamedEvent Occurs when the username of a user is changed in the internal directory. HIGH

Permission events

(info) in the table below indicates that the event is visible in the recent audit log screen for the project or repository.

Event Description Priority
GlobalPermissionGrantedEvent Occurs when a user or group is granted a global permission (e.g. create project). HIGH
GlobalPermissionRevokedEvent Occurs when a user or group has a global permission revoked. HIGH
ProjectPermissionGrantedEvent

Occurs when a user or group is granted a permission for a specific project. (info)

HIGH
ProjectPermissionRevokedEvent

Occurs when a user or group has a permission for a specific project revoked. (info)

HIGH
RepositoryPermissionEvent

Occurs when a user or group has a permission for a specific repository altered. (info)

HIGH
RestrictedRefEvent

Children of this event are fired when a restricted ref is altered. (info)

HIGH

Project events

(info) in the table below indicates that the event is visible in the recent audit log screen for the project.

Event Description Priority
ProjectAvatarUpdatedEvent Raised when a project avatar has been successfully updated. LOW

ProjectCreatedEvent

Raised when a project is created. (info)

HIGH
ProjectCreationRequestedEvent Raised just before a project is created; can be cancelled. LOW
ProjectModifiedEvent

Raised when a project has been successfully updated (e.g. the project name). (info)

HIGH
ProjectModificationRequestedEvent  Raised just before a project is updated; can be cancelled. LOW
ProjectDeletedEvent  Raised when a project is deleted. HIGH
ProjectDeletionRequestedEvent  Raised just before a project is deleted; can be cancelled. LOW

Repository events

(info) in the table below indicates that the event is visible in the recent audit log screen for the project or repository.

Event Description Priority
RepositoryAccessedEvent

Raised when a repository is accessed by a user.
Stash currently only fires this event selectively - when users hit a repository page.

LOW

RepositoryCreatedEvent

Raised when a repository is created. (info)

MEDIUM
RepositoryCreationFailedEvent Raised when an attempt to create a repository fails. LOW
RepositoryCreationRequestedEvent Raised just before a repository is created; can be cancelled. LOW
RepositoryForkedEvent

Raised when a repository is forked successfully. (info)

MEDIUM
RepositoryForkFailedEvent Raised when an attempt to fork a repository fails. LOW
RepositoryForkRequestedEvent Raised just before a repository is forked; can be cancelled. LOW
RepositoryDefaultBranchModifiedEvent Raised when the default branch of a repository is reconfigured (typically through repository settings). LOW
RepositoryDeletedEvent

Raised when a repository is deleted. (info)

HIGH
RepositoryDeletionRequestedEvent Raised just before a repository is deleted; can be cancelled. LOW
RepositoryOtherReadEvent Raised when the server uploads a pack file to the client via HTTP. LOW
RepositoryOtherWriteEvent Raised when the server receives a pack file from the client via HTTP. LOW
RepositoryPullEvent Raised when a Git client pulls from a repository (only when new content is sent to the client). LOW
RepositoryPushEvent Raised when a Git client pushed to a repository. LOW

Pull request events

Event Description Priority
PullRequestEvent Fired at different points in the pull request lifecycle (declined, merged, opened, reopened, rescoped [code updated], updated, approved, unapproved, participants updated). LOW

Plugin events

See this plugin documentation for details of when these events below are triggered.

Event Description Priority
PluginDisabledEvent Occurs when a plugin has been disabled, either by the system or a user. MEDIUM

PluginEnabledEvent

Occurs when a plugin has been enabled, either by the system or a user. MEDIUM
PluginModuleDisabledEvent Occurs when a plugin module has been disabled, either by the system or a user. MEDIUM
PluginModuleEnabledEvent Occurs when a plugin module has been enabled, either by the system or a user. MEDIUM
PluginModuleUnavailableEvent Signifies a plugin module is now unavailable outside the usual installation process. MEDIUM
PluginUninstalledEvent Occurs when a plugin is explicitly uninstalled (as opposed to as part of an upgrade). MEDIUM
PluginUpgradedEvent Signifies that a plugin has been upgraded at runtime. MEDIUM
PluginContainerUnavailableEvent Occurs when the container of a plugin is being shutdown, usually as a result of the server being stopped. LOW
PluginModuleAvailableEvent Signifies that a plugin module is now available outside the usual installation process. LOW
PluginFrameworkStartedEvent Signifies that the plugin framework has been started and initialized. LOW

 

SSH key events

(info) in the table below indicates that the event is visible in the recent audit log screen for the project or repository.

Event Description Priority
SshKeyCreatedEvent

Occurs when:

  • an SSH key is added for a user, or
  • an access key is added to a project or repository and the key has not yet been used on any other projects or repositories.
HIGH
SshKeyDeletedEvent

Occurs when:

  • an SSH key is removed from a user, or
  • an access key is removed from a project or repository and it is no longer being used by any other projects or repositories.
HIGH
SshKeyAccessGrantedEvent Occurs when an access key is given access to a project or repository. (info) HIGH
SshKeyAccessRevokedEvent Occurs when an access key is removed from a project or repository. (info) HIGH

Was this helpful?

Thanks for your feedback!

Why was this unhelpful?

Have a question about this article?

See questions about this article

Powered by Confluence and Scroll Viewport