Getting an alert audit log

Ops Center Analyzer Detail View REST API Reference Guide

Version
11.0.x
Audience
anonymous
Part Number
MK-99ANA004-11

You can obtain audit logs based on the following criteria: date, request ID, user, user agent, HTTP method, client IP, API function, request length, response code, and service time based on the specified search criteria.

Request line

baseURL/alertapi.do?action=getAuditLogs

The request payload is a JSON object in the case of an HTTP POST request.

Request body

{
  "function":[
    "",
    ""
  ],
  "tw":[
    "",
    ""
  ]
}

Request examples

Audit logs for all request IDs in the range of 12355 to 12365 in the last 24 hours:

GET /alertapi.do?action=getAuditLogs&requestId=123[5-6]5

Audit logs for API functions deleteAlertDef and disableAlertDef for a specific timeline:

POST /alertapi.do?action=getAuditLogs
{
  "function":[
    "deleteAlertDef",
    "disableAlertDef"
  ],
  "tw":[
    "20151102_200000",
    "20151103_000000"
  ]
}

Request parameters

Parameter Values Description
tw String[ ] (Optional) JSON list of string where the first element represents the start time and the second element represents the end time for the audit.

Date format: yyyyMMdd_HHmmss

Time zone: UTC

Default: Application considers last 24 hours for audit.

requestId r String (Optional) Request ID whose audit log is required.

Supports regular expressions

Default: .*

function String (Optional) List of strings, each value representing the API function name to be searched.
user r String (Optional)

User name whose audit log is required.

If you want to give audit logs a specific username, then regular expression special characters in the user name should be escaped.

Supports regular expressions

Default: .*

clientIp r String (Optional) Client IP address for which audit log is required.

Supports regular expressions

Default: .*

responseCode r String (Optional) HTTP response code for which audit log is required.

Supports regular expressions

Default: .*

Note: r represents parameters which support regular expressions where their default value is .*

Response body

[
  {
    "date":"",
    "requestId":"",
    "user":"",
    "userAgent":"",
    "clientIp":"",
    "action":"",
    "requestLength":,
    "httpMethod":"",
    "responseCode":,
    "serviceTime":
  }
]

Response example

[
  {
    "date":"20160314_182254",
    "requestId":"1466911767_1",
    "user":"admin",
    "userAgent":"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/48.0.2564.116 Safari/537.36",
    "clientIp":"0:0:0:0:0:0:0:1",
    "action":"createAlertDef",
    "requestLength":756,
    "httpMethod":"POST",
    "responseCode":200, "serviceTime":673
  },
  {
    "date":"20160314_182303",
    "requestId":"1261810925_2",
    "user":"admin",
    "userAgent":"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/48.0.2564.116 Safari/537.36",
    "clientIp":"0:0:0:0:0:0:0:1",
    "action":"createAlertDef",
    "requestLength":754,
    "httpMethod":"POST",
    "responseCode":200,
    "serviceTime":13
  }
]

Status codes

Status code

Message

Description

200 OK Request was successful, and the response body contains the requested log details.
206 PARTIAL CONTENT Request is in progress, and the incremental content is available in the response body.
277 PARTIAL OK Request completed successfully with some failures. Check the response body for details.
400 BAD REQUEST Request URL or request body validation failed. Check the response body for details.
401 UNAUTHORIZED Supplied authentication token is invalid or does not have the appropriate credentials to access the resource.
404 NOT FOUND API server could not find a resource matching the request.
405 METHOD NOT ALLOWED Request HTTP method is not allowed for the operation.
409 CONFLICT Resource already exists.
413 REQUEST ENTITY TOO LARGE Server cannot process the request because the request entity is too large for processing.
500 SERVER ERROR API operation request failed. Check the response body for details.
501 NOT IMPLEMENTED API server does not support the specified action.
503 SERVICE UNAVAILABLE API server cannot process the request, possibly because the API server instance is not running.