Get Audit Log Entries

Product Documentation

About LogicMonitor
- Overview
- Technical Support
  - Technical Support Overview
  - Accessing Support Resources
Getting Started
- Implementation Readiness
  - LogicMonitor Implementation Readiness Recommendations for Enterprise Customers
  - Top Dependencies for LogicMonitor Enterprise Implementation
- LogicMonitor Tutorial
- Advanced LogicMonitor Setup
LogicMonitor Concepts
- Limits, Quotas, and Constraints
Collectors
- Collector Overview
- Collector Installation
- Collector Configurations
- Collector Management
- Collector Integrations
- Collector Troubleshooting
Devices
- Adding and Managing Devices
- Device Groups
- Resources Page Overview
- Device DataSources and Instances
- Netscans
Dashboards and Widgets
- Managing Dashboards
- Managing Widgets
- Widget Types
Alerts
- About Alerts
- Alert Discovery
- Responding to Alerts
AIOps
- Anomaly Detection
  - Anomaly Detection Visualization
- Forecasting
  - Data Forecasting
- Topology Mapping
- AIOps for Alerting
LM Service Insight
- About LM™ Service Insight
- Adding Services
- Managing Services
LogicModules
- LogicModule Overview
- LM Exchange
  - LM Exchange
- Modules
- DataSources
- Data Collection Methods
- Datapoints
- Active Discovery
- Groovy Support
- Powershell Support
  - Creating PowerShell Script Datasources
  - Using PowerShell Scripts in LogicMonitor
- ConfigSources
- EventSources
- PropertySources
  - Creating PropertySources
  - External Resource IDs Source Output Scripts
- TopologySources
  - TopologySource Overview
  - TopologySources Scripts
- AppliesTo
  - AppliesTo Scripting Overview
  - User-Defined AppliesTo Functions
- JobMonitors
- SNMP sysOID Maps
  - SNMP SysOID Maps
Reports
- Which report should I use?
- Creating & Managing Reports
- Scheduling a Report for Auto-Delivery
- Creating a Report Group
- Report Types
Security
- Two-Factor Authentication
- Single Sign On
- Multi Sign-On
- Configuring the Azure Active Directory SSO Integration
- LogicMonitor Security Best Practices
- Log4j Security Vulnerabilities
Settings
- About the Account Information Page
- Notification Center
- About Audit Logs
- Message Templates
  - Alert Messages
  - New User Message
- Users and roles
Terminology and Syntax
- Scripting Support
LM Logs
- LM Logs Overview
- Log Ingestion
- Log Processing
- Log Anomaly Detection
- Logs Query Language
- Reviewing Logs and Log Anomalies
- Log Processing Pipelines
- Log Alert Conditions
- LM Logs Roles and Permissions
- LM Logs Usage Monitoring
- Troubleshooting Logs
LM APM
- LM APM Overview
- Push Metrics
- OpenMetrics Integration
  - OpenMetrics DataSource Wizard
  - OpenMetrics Monitoring
- Distributed Tracing
- Synthetics
Cloud Monitoring
- Getting Started
- Amazon Web Services
- Microsoft Azure
- Google Cloud Platform (GCP)
SaaS Monitoring
- Airbrake Monitoring
- Microsoft Office 365 Monitoring
- SaaS Lite Monitoring
- Salesforce Monitoring
- Slack Monitoring (Open Beta)
- Webex Monitoring (Open Beta)
- Zoom Monitoring
Container Monitoring
- About LogicMonitor Container Monitoring
- Kubernetes
- Docker
  - Docker Monitoring
Website Monitoring
- About Websites
- Adding and Managing Websites
- Website Groups
  - Adding Website Groups
  - Editing and Deleting Website Groups
Monitoring Solutions
- Applications and Databases
- Backup and Recovery Systems
- Networking and Firewalls
- Operating Systems and Virtualization
- Server and operations Hardware
- Storage Systems
- Network Traffic Flow
LM Integrations
- LogicMonitor Integrations Overview
- Communication Integrations for LogicMonitor
- Workflow Integrations for LogicMonitor
- Automation Integrations for LogicMonitor
- Custom Integrations for LogicMonitor
- Logs for LM Integrations
  - Logs for Integrations Overview
  - Integrations Logs Filtering and Sorting
Mobile
- About LogicMonitor’s Mobile View and Application
- Responding to Alerts from a Mobile Device
- Viewing Alerts from a Mobile Device
- Viewing Dashboards from a Mobile Device
- Viewing Graphs from a Mobile Device
REST API Developers Guide
- Rest API Overview
- REST API v3
- REST API v2
  - About REST API v2
  - Creating Services via the API
- Rest API v1
RPC API - Deprecated
- About LogicMonitor’s RPC API (Deprecated)
Training and Certification
- LogicMonitor Certified Professional Exam Information
- LogicMonitor Training and Certification

The Audit Log (formerly called Access Log) resource allows you to programmatically get your Audit log entries.

Note: As with all of our API calls, authentication is required.

Resource URI

/setting/accesslogs

Resource Properties

Each access log entry has the following properties:

Property	Description	Type
id	The Id of the access log entry	String
username	The username associated with the user that performed the action recorded in the access log entry	String
happenedOn	The time, in epoch seconds, that the action recorded in the access log entry occurred	Integer
happenedOnLocal	The date and time that the action recorded in the access log entry occured	String
ip	The IP address that the action was performed from	String
sessionId	The Id of the session during which the action was performed	String
description	The description of the action recorded in the access log entry	String

Get a list of Access Log Entries

Returns a list of Access Log Entries

HTTP Method:GET

URI: /setting/accesslogs

Request Parameters: By default, 50 access log entries will be returned, sorted by their happenedOn values in decreasing order. You can change which access log entries are returned by including sort, filter, fields, size, and offset parameters. Multiple request parameters will be interpreted with an AND operator. Note that query parameters are not considered part of the resource path, and should not be included the calculation of the LMv1 authentication signature.

Property	Syntax	Description	Example URI
sort	sort={+ or -}property	Sorts the access log entries in the response by the property specified in either increasing (+) or decreasing (-) order. Access Log entries can be sorted by username, happenedOn, and session Id values.	/setting/accesslogs?sort=+happenedOn
filter	filter=_all~keyword, happenedOn>:value	Filters the response to only include access log entries that include the keyword if specifed, and entries that have a timestamp in the specified happenedOn range if happenedOn values are specified. Note that currently only glob expressions with * on both ends are accepted (you don’t have to use glob), and that only >: (greater than or equal to) and <: (less than or equal to) happenedOn operators are accepted. Note: If you specify a happenedOn range where the number of entries exceeds 50, the “total” will reflect the total number of entries in the range but only 50 entries will be displayed.	/setting/accesslogs?filter=_all~sarah
fields	fields=list of properties separated by commas	Filters the response to only include the following fields for each access log entry	/setting/accesslogs?fields=description,username
size	size=integer	The number of access log entries to display. The maximum number of entries that can be returned is 1000.	/setting/accesslogs?size=5
offset	offset=integer	The number of entries to offset the displayed access log entries by	/setting/accesslogs?offset=2

Example 1: Get a list of Access Log Entries

The following request returns a list of the access log entries from the past 24 hours (a max of 50 will be returned)

Request:

curl --user "apiUser:example" -X GET "https://api.logicmonitor.com/santaba/rest/setting/accesslogs"

Response:

{
  "status" : 200,
  "errmsg" : "OK",
  "data" : {
    "total" : 9,
    "items" : [ {
      "id" : "2415",
      "username" : "sarah",
      "happenedOn" : 1436460382,
      "happenedOnLocal" : "2015-07-09 09:46:22 PDT",
      "ip" : "174.76.130.100",
      "sessionId" : "17A45B032911D0A8F701906E922A4B50",
      "description" : "sarah signs in (adminId=4)."
    }, {
      "id" : "2414",
      "username" : "Victoria",
      "happenedOn" : 1436395431,
      "happenedOnLocal" : "2015-07-08 15:43:51 PDT",
      "ip" : "174.76.130.120",
      "sessionId" : "3F624A15623BF5DF77456358F8D3289F",
      "description" : "Victoria signs in (adminId=7)."
    }, {
      "id" : "2413",
      "username" : "sarah",
      "happenedOn" : 1436375816,
      "happenedOnLocal" : "2015-07-08 10:16:56 PDT",
      "ip" : "174.76.130.131",
      "sessionId" : "C45F143150240B02C5AA34EDCB4AA5B5",
      "description" : "Add a new collector 115 (hostname=null, desc=)"
    }, {
      "id" : "2412",
      "username" : "sarah",
      "happenedOn" : 1436375721,
      "happenedOnLocal" : "2015-07-08 10:15:21 PDT",
      "ip" : "174.76.100.121",
      "sessionId" : "C45F143150240B02C5AA34EDCB4AA5B5",
      "description" : "Delete the collector 97 (hostname=localhost.localdomain, desc=SB-sterry-LinuxVM)"
    }, {
      "id" : "2411",
      "username" : "sarah",
      "happenedOn" : 1436375544,
      "happenedOnLocal" : "2015-07-08 10:12:24 PDT",
      "ip" : "174.76.130.131",
      "sessionId" : "C45F143150240B02C5AA34EDCB4AA5B5",
      "description" : "Delete the host 192.168.82.210 from the system"
    }, {
      "id" : "2410",
      "username" : "sarah",
      "happenedOn" : 1436375530,
      "happenedOnLocal" : "2015-07-08 10:12:10 PDT",
      "ip" : "174.76.130.131",
      "sessionId" : "C45F143150240B02C5AA34EDCB4AA5B5",
      "description" : "Delete the host 10.36.11.97 from the system"
    }, {
      "id" : "2409",
      "username" : "sarah",
      "happenedOn" : 1436375401,
      "happenedOnLocal" : "2015-07-08 10:10:01 PDT",
      "ip" : "174.76.130.131",
      "sessionId" : "C45F143150240B02C5AA34EDCB4AA5B5",
      "description" : "Delete the collector 114 (hostname=null, desc=)"
    }, {
      "id" : "2408",
      "username" : "sarah",
      "happenedOn" : 1436374244,
      "happenedOnLocal" : "2015-07-08 09:50:44 PDT",
      "ip" : "174.76.130.131",
      "sessionId" : "C45F143150240B02C5AA34EDCB4AA5B5",
      "description" : "Add a new collector 114 (hostname=null, desc=)"
    }, {
      "id" : "2407",
      "username" : "sarah",
      "happenedOn" : 1436374208,
      "happenedOnLocal" : "2015-07-08 09:50:08 PDT",
      "ip" : "174.76.130.131",
      "sessionId" : "C45F143150240B02C5AA34EDCB4AA5B5",
      "description" : "sarah signs in (adminId=4)."
    } ],
    "searchId" : null
  }

Example 2: Get a list of Access Log Entries

The following request returns the username, happenedOn, and description fields for access log entries that contain the word ‘sarah’ and that have a timestamp between the specified happenedOn times. Entries are sorted in increasing order by the happenedOn field.

Request:

curl --user "apiUser:example" -X GET "https://apiUser.logicmonitor.com/santaba/rest/setting/accesslogs?sort=+happenedOn&filter=_all~sarah,happenedOn<:1436204150,happenedOn>:1436203980&fields=username,happenedOn,description"

Response:

{
  "status" : 200,
  "errmsg" : "OK",
  "data" : {
    "total" : 3,
    "items" : [ {
      "username" : "sarah",
      "happenedOn" : 1436203987,
      "description" : "sarah signs in (adminId=4)."
    }, {
      "username" : "sarah",
      "happenedOn" : 1436204111,
      "description" : "Datasource Collector Active Discovery Task updated. Reason unspecified. AD parameters from path=\"LogicMonitor:type=AutoDiscoveryTask,name=*\" url=\"service:jmx:local\" ports=\"\"  to  url=\"service:jmx:local\" ports=\"\" path=\"LogicMonitor:type=AutoDiscoveryTask,name=*\" "
    }, {
      "username" : "sarah",
      "happenedOn" : 1436204148,
      "description" : "sarah signs in (adminId=4)."
    } ],
    "searchId" : null
  }

Product Documentation

Resource URI

Resource Properties

Property

Description

Type

Get a list of Access Log Entries

Property

Syntax

Description

Example URI

Example 1: Get a list of Access Log Entries

Example 2: Get a list of Access Log Entries

In This Article