You can obtain audit logs based on the following criteria: date, request ID, user, user agent, HTTP method, client IP, API function, request length, response code, and service time based on the specified search criteria.
Request line
baseURL/alertapi.do?action=getAuditLogs
The request payload is a JSON object in the case of an HTTP POST request.
Request body
{
"function":[
"",
""
],
"tw":[
"",
""
]
}
Request examples
Audit logs for all request IDs in the range of 12355 to 12365 in the last 24 hours:
GET /alertapi.do?action=getAuditLogs&requestId=123[5-6]5
Audit logs for API functions deleteAlertDef and disableAlertDef for a specific timeline:
POST /alertapi.do?action=getAuditLogs
{
"function":[
"deleteAlertDef",
"disableAlertDef"
],
"tw":[
"20151102_200000",
"20151103_000000"
]
}
Request parameters
| Parameter | Values | Description |
|---|---|---|
| tw | String[ ] | (Optional) JSON list of string where the first element represents the start time and the second element represents the end time for the audit.
Date format: yyyyMMdd_HHmmss Time zone: UTC Default: Application considers last 24 hours for audit. |
| requestId r | String | (Optional) Request ID whose audit log is required.
Supports regular expressions Default: .* |
| function | String | (Optional) List of strings, each value representing the API function name to be searched. |
| user r | String | (Optional)
User name whose audit log is required. If you want to give audit logs a specific username, then regular expression special characters in the user name should be escaped. Supports regular expressions Default: .* |
| clientIp r | String | (Optional) Client IP address for which audit log is required.
Supports regular expressions Default: .* |
| responseCode r | String | (Optional) HTTP response code for which audit log is required.
Supports regular expressions Default: .* |
Response body
[
{
"date":"",
"requestId":"",
"user":"",
"userAgent":"",
"clientIp":"",
"action":"",
"requestLength":,
"httpMethod":"",
"responseCode":,
"serviceTime":
}
]
Response example
[
{
"date":"20160314_182254",
"requestId":"1466911767_1",
"user":"admin",
"userAgent":"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/48.0.2564.116 Safari/537.36",
"clientIp":"0:0:0:0:0:0:0:1",
"action":"createAlertDef",
"requestLength":756,
"httpMethod":"POST",
"responseCode":200, "serviceTime":673
},
{
"date":"20160314_182303",
"requestId":"1261810925_2",
"user":"admin",
"userAgent":"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/48.0.2564.116 Safari/537.36",
"clientIp":"0:0:0:0:0:0:0:1",
"action":"createAlertDef",
"requestLength":754,
"httpMethod":"POST",
"responseCode":200,
"serviceTime":13
}
]
Status codes
| Status code | Message | Description |
|---|---|---|
| 200 | OK | Request was successful, and the response body contains the requested log details. |
| 206 | PARTIAL CONTENT | Request is in progress, and the incremental content is available in the response body. |
| 277 | PARTIAL OK | Request completed successfully with some failures. Check the response body for details. |
| 400 | BAD REQUEST | Request URL or request body validation failed. Check the response body for details. |
| 401 | UNAUTHORIZED | Supplied authentication token is invalid or does not have the appropriate credentials to access the resource. |
| 404 | NOT FOUND | API server could not find a resource matching the request. |
| 405 | METHOD NOT ALLOWED | Request HTTP method is not allowed for the operation. |
| 409 | CONFLICT | Resource already exists. |
| 413 | REQUEST ENTITY TOO LARGE | Server cannot process the request because the request entity is too large for processing. |
| 500 | SERVER ERROR | API operation request failed. Check the response body for details. |
| 501 | NOT IMPLEMENTED | API server does not support the specified action. |
| 503 | SERVICE UNAVAILABLE | API server cannot process the request, possibly because the API server instance is not running. |