You can obtain audit logs based on the following criteria: date, request ID, user, user agent, HTTP method, client IP, API function, request length, response code, and service time based on the specified search criteria.
Request line
baseURL/alertapi.do?action=getAuditLogs
The request payload is a JSON object in the case of an HTTP POST request.
Request body
{ "function":[ "", "" ], "tw":[ "", "" ] }
Request examples
Audit logs for all request IDs in the range of 12355 to 12365 in the last 24 hours:
GET /alertapi.do?action=getAuditLogs&requestId=123[5-6]5
Audit logs for API functions deleteAlertDef and disableAlertDef for a specific timeline:
POST /alertapi.do?action=getAuditLogs
{ "function":[ "deleteAlertDef", "disableAlertDef" ], "tw":[ "20151102_200000", "20151103_000000" ] }
Request parameters
Parameter | Values | Description |
---|---|---|
tw | String[ ] | (Optional) JSON list of string where the first element represents the start time and the second element represents the end time for the audit.
Date format: yyyyMMdd_HHmmss Time zone: UTC Default: Application considers last 24 hours for audit. |
requestId r | String | (Optional) Request ID whose audit log is required.
Supports regular expressions Default: .* |
function | String | (Optional) List of strings, each value representing the API function name to be searched. |
user r | String | (Optional)
User name whose audit log is required. If you want to give audit logs a specific username, then regular expression special characters in the user name should be escaped. Supports regular expressions Default: .* |
clientIp r | String | (Optional) Client IP address for which audit log is required.
Supports regular expressions Default: .* |
responseCode r | String | (Optional) HTTP response code for which audit log is required.
Supports regular expressions Default: .* |
Response body
[ { "date":"", "requestId":"", "user":"", "userAgent":"", "clientIp":"", "action":"", "requestLength":, "httpMethod":"", "responseCode":, "serviceTime": } ]
Response example
[ { "date":"20160314_182254", "requestId":"1466911767_1", "user":"admin", "userAgent":"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/48.0.2564.116 Safari/537.36", "clientIp":"0:0:0:0:0:0:0:1", "action":"createAlertDef", "requestLength":756, "httpMethod":"POST", "responseCode":200, "serviceTime":673 }, { "date":"20160314_182303", "requestId":"1261810925_2", "user":"admin", "userAgent":"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/48.0.2564.116 Safari/537.36", "clientIp":"0:0:0:0:0:0:0:1", "action":"createAlertDef", "requestLength":754, "httpMethod":"POST", "responseCode":200, "serviceTime":13 } ]
Status codes
Status code |
Message |
Description |
---|---|---|
200 | OK | Request was successful, and the response body contains the requested log details. |
206 | PARTIAL CONTENT | Request is in progress, and the incremental content is available in the response body. |
277 | PARTIAL OK | Request completed successfully with some failures. Check the response body for details. |
400 | BAD REQUEST | Request URL or request body validation failed. Check the response body for details. |
401 | UNAUTHORIZED | Supplied authentication token is invalid or does not have the appropriate credentials to access the resource. |
404 | NOT FOUND | API server could not find a resource matching the request. |
405 | METHOD NOT ALLOWED | Request HTTP method is not allowed for the operation. |
409 | CONFLICT | Resource already exists. |
413 | REQUEST ENTITY TOO LARGE | Server cannot process the request because the request entity is too large for processing. |
500 | SERVER ERROR | API operation request failed. Check the response body for details. |
501 | NOT IMPLEMENTED | API server does not support the specified action. |
503 | SERVICE UNAVAILABLE | API server cannot process the request, possibly because the API server instance is not running. |