How to find out IP address of a given push event in Gitlab

Question

It\'s quite easy to impersonate another user in Gitlab. See this topic for more details.

It\'s possible to find out which user performed a push by examining \"Activi

Answer 1

You should be able to find out the ip address from the production.log file.

Answer 2

Pushes done through HTTP(S)

You can examine access logs of nginx (nginx/gitlab_access.log):

192.168.21.150 - johndoe [19/Dec/2016:08:05:58 +0100] "POST /TEST/test.git/git-receive-pack HTTP/1.1" 200 52 "-" "git/2.9.2.windows.1

Pushes done through SSH

You can examine gitlab-shell logs (gitlab-shell/gitlab-shell.log). That way you can find the time of a push:

I, [2016-12-19T07:34:08.173561 #3560] INFO -- : gitlab-shell: executing git command for user with key key-417.

Then you can examine standard SSH logs to find the IP address: /var/log/auth.log or /var/log/secure:

Dec 19 07:34:08 gitlab-hostname sshd[3563]: Accepted publickey for git from 192.168.21.151 port 40864 ssh2: RSA 32:ea:2d:e2:47:ac:fc:50:84:16:e2:16:57:b0:5c:2d