Product Documentation

Get Audit Log Entries

Last Updated: 25 November, 2020

The Audit Log (formerly called Access Log) resource allows you to programmatically get your Audit log entries.

Note: As with all of our API calls, authentication is required.

Resource URI

/setting/accesslogs

Resource Properties

Each access log entry has the following properties:

Property

Description

Type
id The Id of the access log entry String
username The username associated with the user that performed the action recorded in the access log entry String
happenedOn The time, in epoch seconds, that the action recorded in the access log entry occurred Integer
happenedOnLocal The date and time that the action recorded in the access log entry occured String
ip The IP address that the action was performed from String
sessionId The Id of the session during which the action was performed String
description The description of the action recorded in the access log entry String

Get a list of Access Log Entries

Returns a list of Access Log Entries

HTTP Method:GET

URI: /setting/accesslogs

Request Parameters: By default, 50 access log entries will be returned, sorted by their happenedOn values in decreasing order. You can change which access log entries are returned by including sort, filter, fields, size, and offset parameters. Multiple request parameters will be interpreted with an AND operator. Note that query parameters are not considered part of the resource path, and should not be included the calculation of the LMv1 authentication signature.

Property

Syntax

Description

Example URI
sort sort={+ or -}property Sorts the access log entries in the response by the property specified in either increasing (+) or decreasing (-) order. Access Log entries can be sorted by username, happenedOn, and session Id values. /setting/accesslogs?sort=+happenedOn
filter filter=_all~*keyword*, happenedOn>:value Filters the response to only include access log entries that include the keyword if specifed, and entries that have a timestamp in the specified happenedOn range if happenedOn values are specified.

Note that currently only glob expressions with * on both ends are accepted (you don’t have to use glob), and that only >: (greater than or equal to) and <: (less than or equal to) happenedOn operators are accepted.

 

Note: If you specify a happenedOn range where the number of entries exceeds 50, the “total” will reflect the total number of entries in the range but only 50 entries will be displayed.

 /setting/accesslogs?filter=_all~sarah
fields fields=list of properties separated by commas Filters the response to only include the following fields for each access log entry /setting/accesslogs?fields=description,username
size size=integer The number of access log entries to display. The maximum number of entries that can be returned is 1000. /setting/accesslogs?size=5
offset offset=integer The number of entries to offset the displayed access log entries by /setting/accesslogs?offset=2

Example 1: Get a list of Access Log Entries

The following request returns a list of the access log entries from the past 24 hours (a max of 50 will be returned)

Request:

curl --user "apiUser:example" -X GET "https://api.logicmonitor.com/santaba/rest/setting/accesslogs"

Response:

{
  "status" : 200,
  "errmsg" : "OK",
  "data" : {
    "total" : 9,
    "items" : [ {
      "id" : "2415",
      "username" : "sarah",
      "happenedOn" : 1436460382,
      "happenedOnLocal" : "2015-07-09 09:46:22 PDT",
      "ip" : "174.76.130.100",
      "sessionId" : "17A45B032911D0A8F701906E922A4B50",
      "description" : "sarah signs in (adminId=4)."
    }, {
      "id" : "2414",
      "username" : "Victoria",
      "happenedOn" : 1436395431,
      "happenedOnLocal" : "2015-07-08 15:43:51 PDT",
      "ip" : "174.76.130.120",
      "sessionId" : "3F624A15623BF5DF77456358F8D3289F",
      "description" : "Victoria signs in (adminId=7)."
    }, {
      "id" : "2413",
      "username" : "sarah",
      "happenedOn" : 1436375816,
      "happenedOnLocal" : "2015-07-08 10:16:56 PDT",
      "ip" : "174.76.130.131",
      "sessionId" : "C45F143150240B02C5AA34EDCB4AA5B5",
      "description" : "Add a new collector 115 (hostname=null, desc=)"
    }, {
      "id" : "2412",
      "username" : "sarah",
      "happenedOn" : 1436375721,
      "happenedOnLocal" : "2015-07-08 10:15:21 PDT",
      "ip" : "174.76.100.121",
      "sessionId" : "C45F143150240B02C5AA34EDCB4AA5B5",
      "description" : "Delete the collector 97 (hostname=localhost.localdomain, desc=SB-sterry-LinuxVM)"
    }, {
      "id" : "2411",
      "username" : "sarah",
      "happenedOn" : 1436375544,
      "happenedOnLocal" : "2015-07-08 10:12:24 PDT",
      "ip" : "174.76.130.131",
      "sessionId" : "C45F143150240B02C5AA34EDCB4AA5B5",
      "description" : "Delete the host 192.168.82.210 from the system"
    }, {
      "id" : "2410",
      "username" : "sarah",
      "happenedOn" : 1436375530,
      "happenedOnLocal" : "2015-07-08 10:12:10 PDT",
      "ip" : "174.76.130.131",
      "sessionId" : "C45F143150240B02C5AA34EDCB4AA5B5",
      "description" : "Delete the host 10.36.11.97 from the system"
    }, {
      "id" : "2409",
      "username" : "sarah",
      "happenedOn" : 1436375401,
      "happenedOnLocal" : "2015-07-08 10:10:01 PDT",
      "ip" : "174.76.130.131",
      "sessionId" : "C45F143150240B02C5AA34EDCB4AA5B5",
      "description" : "Delete the collector 114 (hostname=null, desc=)"
    }, {
      "id" : "2408",
      "username" : "sarah",
      "happenedOn" : 1436374244,
      "happenedOnLocal" : "2015-07-08 09:50:44 PDT",
      "ip" : "174.76.130.131",
      "sessionId" : "C45F143150240B02C5AA34EDCB4AA5B5",
      "description" : "Add a new collector 114 (hostname=null, desc=)"
    }, {
      "id" : "2407",
      "username" : "sarah",
      "happenedOn" : 1436374208,
      "happenedOnLocal" : "2015-07-08 09:50:08 PDT",
      "ip" : "174.76.130.131",
      "sessionId" : "C45F143150240B02C5AA34EDCB4AA5B5",
      "description" : "sarah signs in (adminId=4)."
    } ],
    "searchId" : null
  }

Example 2: Get a list of Access Log Entries

The following request returns the username, happenedOn, and description fields for access log entries that contain the word ‘sarah’ and that have a timestamp between the specified happenedOn times. Entries are sorted in increasing order by the happenedOn field.

Request:

curl --user "apiUser:example" -X GET "https://apiUser.logicmonitor.com/santaba/rest/setting/accesslogs?sort=+happenedOn&filter=_all~sarah,happenedOn<:1436204150,happenedOn>:1436203980&fields=username,happenedOn,description"

Response:

{
  "status" : 200,
  "errmsg" : "OK",
  "data" : {
    "total" : 3,
    "items" : [ {
      "username" : "sarah",
      "happenedOn" : 1436203987,
      "description" : "sarah signs in (adminId=4)."
    }, {
      "username" : "sarah",
      "happenedOn" : 1436204111,
      "description" : "Datasource Collector Active Discovery Task updated. Reason unspecified. AD parameters from path=\"LogicMonitor:type=AutoDiscoveryTask,name=*\" url=\"service:jmx:local\" ports=\"\"  to  url=\"service:jmx:local\" ports=\"\" path=\"LogicMonitor:type=AutoDiscoveryTask,name=*\" "
    }, {
      "username" : "sarah",
      "happenedOn" : 1436204148,
      "description" : "sarah signs in (adminId=4)."
    } ],
    "searchId" : null
  }
In This Article