Merge pull request #404 from gm3dmo/issue403

gm3dmo · web-flow · commit 71e2cdb87cd6 · 2025-05-25T07:21:08.000+01:00
Moving configuration to configuration file
diff --git a/configure.py b/configure.py
@@ -72,6 +72,16 @@ def main(args):
 ### GitHub Enterprise
 enterprise="${enterprise_name}"
 
+# [Enterprise Audit Log Stream](https://docs.github.com/en/enterprise-cloud@latest/rest/enterprise-admin/audit-log?apiVersion=2022-11-28#create-an-audit-log-streaming-configuration-for-an-enterprise)
+## Splunk Audit Log Stream
+stream_type="Splunk"
+enabled=true
+domain="audit.example.com"
+port=443
+token='mytoken'
+# SSL verification helps ensure your events are sent to your Splunk endpoint securely.
+ssl_verify=true
+
 
 ### GitHub API Version
 # https://docs.github.com/en/rest/overview/api-versions
diff --git a/create-splunk-audit-log-stream-for-an-enterprise.sh b/create-splunk-audit-log-stream-for-an-enterprise.sh
@@ -12,21 +12,13 @@ if [ -z "$1" ]
     stream_no=$1
 fi
 
-
-enabled=true
-stream_type="Splunk"
-domain="audit.yourdomain.com"
-port=443
-token='mytoken'
-# SSL verification helps ensure your events are sent to your Splunk endpoint securely.
-ssl_verify=false
+# Configuration comes from the .gh-api-examples.conf file section "Splunk Audit Log Stream"
 
 # Key ID obtained from the audit log stream key endpoint used to encrypt secrets.
 audit_key_details="tmp/audit-log-stream-key.json"
 ./get-the-audit-log-stream-key-for-encrypting-secrets.sh > ${audit_key_details}
 key_id=$(jq -r '.key_id' ${audit_key_details})
 key=$(jq -r '.key' ${audit_key_details})
-
 encrypted_token=$(ruby create-enterprise-audit-log-stream-key.rb $key $token)
 
 
diff --git a/http-event-collector/README.md b/http-event-collector/README.md
@@ -88,12 +88,17 @@ Should contain an event. Press the Show/Hide button to see details of the test m
 
 <img width="1260" alt="event collector search page" src="https://github.com/user-attachments/assets/e9915c22-a81e-438a-ab23-7d0694c0eb9d" />
 
-## Configure the splunk audit log stream in GitHub
+### Configure the splunk audit log stream in GitHub
 
 Follow the guidance at [setting up streaming to Splunk](https://docs.github.com/en/enterprise-cloud@latest/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/streaming-the-audit-log-for-your-enterprise#setting-up-streaming-to-splunk) 
 
 <img width="1374" alt="Picture of GitHub Splunk Audit Log Stream Setting page" src="https://github.com/user-attachments/assets/3ea42126-d3d7-4df8-a766-b6e8aa7e7658" />
 
+### Configure the splunk audit log stream using GitHub REST API [Create an audit log straming configuration for an enterprise](https://docs.github.com/en/enterprise-cloud@latest/rest/enterprise-admin/audit-log?apiVersion=2022-11-28#create-an-audit-log-streaming-configuration-for-an-enterprise)
+
+- Set the appropriate values in the configuration file.
+- Execute [create-splunk-audit-log-stream-for-an-enterprise.sh](https://github.com/gm3dmo/the-power/blob/main/create-splunk-audit-log-stream-for-an-enterprise.sh)
+
 
 ## API Endpoints
 
