Users often ask for access to GitLab.com logs, typically, due to IP blocks, a possible security issue, or for internal auditing purposes.
Always include a link to the log as an internal note, with additional information if needed.
If required, you can escalate the ticket/issue by following our escalation process.
A standard response is available in ZenDesk as a macro
Support::SaaS::Audit logs access request.
Log requests beyond a summary (similar to the examples below) or where logs are not readily available on Kibana should be handled according to the process outlined in the handbook page dedicated to providing assistance to GitLab.com customers during customer-based security incidents.
Requester must be a Group Owner of a pre-existing paid namespace.
NOTE: A user cannot upgrade to a paid subscription to gain access to logging requests.
We can provide the following information:
We cannot provide the following information:
Any PII information that is pulled, such as a log request, needs to be delivered compressed and password protected to the requestor with the following guidelines:
In case you need to share the data pull results internally, such as in an internal issue, upload the files to Google Drive, such as the Support Ticket Attachments folder (internal).
The following are examples to provide a better idea of what responses we can provide.
A customer, who had accidentally set their project to the incorrect visibility setting, wanted to know if anyone outside the company accessed their project. Here is a modified excerpt of the response:
Excluding users who have the company email domain, 2 users viewed the main project page a total of 4 times between 20:06 and 20:10 UTC 2019-08-15. However, I can confirm that all 4 instances originated from one of the IP addresses you provided as being from your office.
From ticket: 129594
User writes in to say their entire team is getting blocked and they want to know the source. When the user writing in has access to the projects in question, we can provide the specific path(s).
It appears that the majority of requests that returned
401, which likely caused the temporary block, involved
Example ticket: 132652
GitLab reached out to the owners of a project that was causing concern for the production team, who asked Support to reach out. The user wanted to know where the requests were originating from.
There are 3 different IPs showing in our logs, 2 of which are based in CountryA and 1 in CountryB (please note these locations may not be accurate as they are based purely on geolocation web searches). They also all have the same user agent.
Example ticket: 130153