Audit Log for Rewind Backups for Github

The audit log is a centralized stream of all system and user activity within your Rewind Backups for GitHub application (BackHub). Most importantly, the log contains entries when a backup is added or fails, as well as installation-related events.

Note: This feature is only available to customers on the enterprise plan. If you want to purchase or upgrade to an Enterprise plan, please contact sales at 

The following actions are logged in the audit log:

  • backup.files_downloaded
  • backup.wiki_downloaded
  • backup.metadata_downloaded
  • backup.recurrence_activated
  • backup.recurrence_deactivated
  • backup.restore_started
  • backup.restore_failed
  • backup.cloudsync_failed
  • backup.created
  • backup.deleted
  • backup.failed
  • backup.git_cloned
  • backup.renamed
  • backup.snapshot_created
  • account.renamed
  • account.admin_added
  • account.admin_removed
  • account.cloud_sync_started
  • account.cloud_sync_stopped
  • account.created
  • account.deleted
  • account.github_marketplace_plan_assigned
  • account.github_marketplace_plan_downgraded
  • account.github_marketplace_plan_upgraded
  • account.plan_removed
  • account.plan_cancelled
  • account.restore_installation_added
  • account.restore_installation_removed
  • user.created
  • user.git_clone_enabled
  • user.git_clone_disabled
  • user.login
  • user.logout
  • user.deleted


Actions which are triggered by frontend users contain at least the following additional context:

  • actor_ip: source IP Address of the HTTP request
  • actor_location: City/region/country, based on a geo ip database using the actor_ip
  • actor_device: user_agent of the browser
  • actor: the user name

Actions which are triggered by github webhooks contain the following additional context:

  • actor: the github user name which triggered the webhook, or "webhook" if no github user name available in webhook payload

Action which are triggered by the application itself contain the following additional context:

  • actor: static value "system"

Depending on which entity the action was performed, they at least contain:

  • Backups: backup (repository) name, account name (login)
  • Accounts: account name (login)
  • Users: user name (login)