Platform

    Get real-time insights and automation for comprehensive, seamless monitoring with agentless architecture.

    Platform Overview
  • Infrastructure
    monitoring
  • Cloud monitoring
  • Digital experience
  • AIOPS

      • Solutions

      Whether you work in MSP, Enterprise IT or somewhere in between, the solution is clear.

      Solutions Overview
    By Initiative
    By Industry

      About us

      Get to know LogicMonitor and our team.

      About us
    Get to know us
    Connect
    Services

      Documentation

      Read through our documentation, check out our latest release notes, or submit a ticket to our world-class customer service team.

      View Resources
    Support

    Product Documentation

    Get Audit Log Entries

    Last updated on 25 November, 2020

    The Audit Log (formerly called Access Log) resource allows you to programmatically get your Audit log entries.

    Note: As with all of our API calls, authentication is required.

    Resource URI

    /setting/accesslogs

    Resource Properties

    Each access log entry has the following properties:

    Property

    Description

    Type
    id The Id of the access log entry String
    username The username associated with the user that performed the action recorded in the access log entry String
    happenedOn The time, in epoch seconds, that the action recorded in the access log entry occurred Integer
    happenedOnLocal The date and time that the action recorded in the access log entry occured String
    ip The IP address that the action was performed from String
    sessionId The Id of the session during which the action was performed String
    description The description of the action recorded in the access log entry String

    Get a list of Access Log Entries

    Returns a list of Access Log Entries

    HTTP Method:GET

    URI: /setting/accesslogs

    Request Parameters: By default, 50 access log entries will be returned, sorted by their happenedOn values in decreasing order. You can change which access log entries are returned by including sort, filter, fields, size, and offset parameters. Multiple request parameters will be interpreted with an AND operator. Note that query parameters are not considered part of the resource path, and should not be included the calculation of the LMv1 authentication signature.

    Property

    Syntax

    Description

    Example URI
    sort sort={+ or -}property Sorts the access log entries in the response by the property specified in either increasing (+) or decreasing (-) order. Access Log entries can be sorted by username, happenedOn, and session Id values. /setting/accesslogs?sort=+happenedOn
    filter filter=_all~*keyword*, happenedOn>:value Filters the response to only include access log entries that include the keyword if specifed, and entries that have a timestamp in the specified happenedOn range if happenedOn values are specified.

    Note that currently only glob expressions with * on both ends are accepted (you don’t have to use glob), and that only >: (greater than or equal to) and <: (less than or equal to) happenedOn operators are accepted.

     

    Note: If you specify a happenedOn range where the number of entries exceeds 50, the “total” will reflect the total number of entries in the range but only 50 entries will be displayed.

    		 /setting/accesslogs?filter=_all~sarah
    fields fields=list of properties separated by commas Filters the response to only include the following fields for each access log entry /setting/accesslogs?fields=description,username
    size size=integer The number of access log entries to display. The maximum number of entries that can be returned is 1000. /setting/accesslogs?size=5
    offset offset=integer The number of entries to offset the displayed access log entries by /setting/accesslogs?offset=2

    Example 1: Get a list of Access Log Entries

    The following request returns a list of the access log entries from the past 24 hours (a max of 50 will be returned)

    Request:

    curl --user "apiUser:example" -X GET "https://api.logicmonitor.com/santaba/rest/setting/accesslogs"

    Response:

    {
  "status" : 200,
  "errmsg" : "OK",
  "data" : {
    "total" : 9,
    "items" : [ {
      "id" : "2415",
      "username" : "sarah",
      "happenedOn" : 1436460382,
      "happenedOnLocal" : "2015-07-09 09:46:22 PDT",
      "ip" : "174.76.130.100",
      "sessionId" : "17A45B032911D0A8F701906E922A4B50",
      "description" : "sarah signs in (adminId=4)."
    }, {
      "id" : "2414",
      "username" : "Victoria",
      "happenedOn" : 1436395431,
      "happenedOnLocal" : "2015-07-08 15:43:51 PDT",
      "ip" : "174.76.130.120",
      "sessionId" : "3F624A15623BF5DF77456358F8D3289F",
      "description" : "Victoria signs in (adminId=7)."
    }, {
      "id" : "2413",
      "username" : "sarah",
      "happenedOn" : 1436375816,
      "happenedOnLocal" : "2015-07-08 10:16:56 PDT",
      "ip" : "174.76.130.131",
      "sessionId" : "C45F143150240B02C5AA34EDCB4AA5B5",
      "description" : "Add a new collector 115 (hostname=null, desc=)"
    }, {
      "id" : "2412",
      "username" : "sarah",
      "happenedOn" : 1436375721,
      "happenedOnLocal" : "2015-07-08 10:15:21 PDT",
      "ip" : "174.76.100.121",
      "sessionId" : "C45F143150240B02C5AA34EDCB4AA5B5",
      "description" : "Delete the collector 97 (hostname=localhost.localdomain, desc=SB-sterry-LinuxVM)"
    }, {
      "id" : "2411",
      "username" : "sarah",
      "happenedOn" : 1436375544,
      "happenedOnLocal" : "2015-07-08 10:12:24 PDT",
      "ip" : "174.76.130.131",
      "sessionId" : "C45F143150240B02C5AA34EDCB4AA5B5",
      "description" : "Delete the host 192.168.82.210 from the system"
    }, {
      "id" : "2410",
      "username" : "sarah",
      "happenedOn" : 1436375530,
      "happenedOnLocal" : "2015-07-08 10:12:10 PDT",
      "ip" : "174.76.130.131",
      "sessionId" : "C45F143150240B02C5AA34EDCB4AA5B5",
      "description" : "Delete the host 10.36.11.97 from the system"
    }, {
      "id" : "2409",
      "username" : "sarah",
      "happenedOn" : 1436375401,
      "happenedOnLocal" : "2015-07-08 10:10:01 PDT",
      "ip" : "174.76.130.131",
      "sessionId" : "C45F143150240B02C5AA34EDCB4AA5B5",
      "description" : "Delete the collector 114 (hostname=null, desc=)"
    }, {
      "id" : "2408",
      "username" : "sarah",
      "happenedOn" : 1436374244,
      "happenedOnLocal" : "2015-07-08 09:50:44 PDT",
      "ip" : "174.76.130.131",
      "sessionId" : "C45F143150240B02C5AA34EDCB4AA5B5",
      "description" : "Add a new collector 114 (hostname=null, desc=)"
    }, {
      "id" : "2407",
      "username" : "sarah",
      "happenedOn" : 1436374208,
      "happenedOnLocal" : "2015-07-08 09:50:08 PDT",
      "ip" : "174.76.130.131",
      "sessionId" : "C45F143150240B02C5AA34EDCB4AA5B5",
      "description" : "sarah signs in (adminId=4)."
    } ],
    "searchId" : null
  }

    Example 2: Get a list of Access Log Entries

    The following request returns the username, happenedOn, and description fields for access log entries that contain the word ‘sarah’ and that have a timestamp between the specified happenedOn times. Entries are sorted in increasing order by the happenedOn field.

    Request:

    curl --user "apiUser:example" -X GET "https://apiUser.logicmonitor.com/santaba/rest/setting/accesslogs?sort=+happenedOn&filter=_all~sarah,happenedOn<:1436204150,happenedOn>:1436203980&fields=username,happenedOn,description"

    Response:

    {
  "status" : 200,
  "errmsg" : "OK",
  "data" : {
    "total" : 3,
    "items" : [ {
      "username" : "sarah",
      "happenedOn" : 1436203987,
      "description" : "sarah signs in (adminId=4)."
    }, {
      "username" : "sarah",
      "happenedOn" : 1436204111,
      "description" : "Datasource Collector Active Discovery Task updated. Reason unspecified. AD parameters from path=\"LogicMonitor:type=AutoDiscoveryTask,name=*\" url=\"service:jmx:local\" ports=\"\"  to  url=\"service:jmx:local\" ports=\"\" path=\"LogicMonitor:type=AutoDiscoveryTask,name=*\" "
    }, {
      "username" : "sarah",
      "happenedOn" : 1436204148,
      "description" : "sarah signs in (adminId=4)."
    } ],
    "searchId" : null
  }
    In This Article