Come join our live training webinar every other Wednesday at 11am PST and hear LogicMonitor experts explain best practices and answer common questions. We understand these are uncertain times, and we are here to help!
The Audit Log (formerly called Access Log) resource allows you to programmatically get your Audit log entries.
Note: As with all of our API calls, authentication is required.
/setting/accesslogs
Each access log entry has the following properties:
Returns a list of Access Log Entries
HTTP Method:GET
URI: /setting/accesslogs
Request Parameters: By default, 50 access log entries will be returned, sorted by their happenedOn values in decreasing order. You can change which access log entries are returned by including sort, filter, fields, size, and offset parameters. Multiple request parameters will be interpreted with an AND operator. Note that query parameters are not considered part of the resource path, and should not be included the calculation of the LMv1 authentication signature.
Note that currently only glob expressions with * on both ends are accepted (you don’t have to use glob), and that only >: (greater than or equal to) and <: (less than or equal to) happenedOn operators are accepted.
Note: If you specify a happenedOn range where the number of entries exceeds 50, the “total” will reflect the total number of entries in the range but only 50 entries will be displayed.
The following request returns a list of the access log entries from the past 24 hours (a max of 50 will be returned)
Request:
curl --user "apiUser:example" -X GET "https://api.logicmonitor.com/santaba/rest/setting/accesslogs"
Response:
{ "status" : 200, "errmsg" : "OK", "data" : { "total" : 9, "items" : [ { "id" : "2415", "username" : "sarah", "happenedOn" : 1436460382, "happenedOnLocal" : "2015-07-09 09:46:22 PDT", "ip" : "174.76.130.100", "sessionId" : "17A45B032911D0A8F701906E922A4B50", "description" : "sarah signs in (adminId=4)." }, { "id" : "2414", "username" : "Victoria", "happenedOn" : 1436395431, "happenedOnLocal" : "2015-07-08 15:43:51 PDT", "ip" : "174.76.130.120", "sessionId" : "3F624A15623BF5DF77456358F8D3289F", "description" : "Victoria signs in (adminId=7)." }, { "id" : "2413", "username" : "sarah", "happenedOn" : 1436375816, "happenedOnLocal" : "2015-07-08 10:16:56 PDT", "ip" : "174.76.130.131", "sessionId" : "C45F143150240B02C5AA34EDCB4AA5B5", "description" : "Add a new collector 115 (hostname=null, desc=)" }, { "id" : "2412", "username" : "sarah", "happenedOn" : 1436375721, "happenedOnLocal" : "2015-07-08 10:15:21 PDT", "ip" : "174.76.100.121", "sessionId" : "C45F143150240B02C5AA34EDCB4AA5B5", "description" : "Delete the collector 97 (hostname=localhost.localdomain, desc=SB-sterry-LinuxVM)" }, { "id" : "2411", "username" : "sarah", "happenedOn" : 1436375544, "happenedOnLocal" : "2015-07-08 10:12:24 PDT", "ip" : "174.76.130.131", "sessionId" : "C45F143150240B02C5AA34EDCB4AA5B5", "description" : "Delete the host 192.168.82.210 from the system" }, { "id" : "2410", "username" : "sarah", "happenedOn" : 1436375530, "happenedOnLocal" : "2015-07-08 10:12:10 PDT", "ip" : "174.76.130.131", "sessionId" : "C45F143150240B02C5AA34EDCB4AA5B5", "description" : "Delete the host 10.36.11.97 from the system" }, { "id" : "2409", "username" : "sarah", "happenedOn" : 1436375401, "happenedOnLocal" : "2015-07-08 10:10:01 PDT", "ip" : "174.76.130.131", "sessionId" : "C45F143150240B02C5AA34EDCB4AA5B5", "description" : "Delete the collector 114 (hostname=null, desc=)" }, { "id" : "2408", "username" : "sarah", "happenedOn" : 1436374244, "happenedOnLocal" : "2015-07-08 09:50:44 PDT", "ip" : "174.76.130.131", "sessionId" : "C45F143150240B02C5AA34EDCB4AA5B5", "description" : "Add a new collector 114 (hostname=null, desc=)" }, { "id" : "2407", "username" : "sarah", "happenedOn" : 1436374208, "happenedOnLocal" : "2015-07-08 09:50:08 PDT", "ip" : "174.76.130.131", "sessionId" : "C45F143150240B02C5AA34EDCB4AA5B5", "description" : "sarah signs in (adminId=4)." } ], "searchId" : null }
The following request returns the username, happenedOn, and description fields for access log entries that contain the word ‘sarah’ and that have a timestamp between the specified happenedOn times. Entries are sorted in increasing order by the happenedOn field.
curl --user "apiUser:example" -X GET "https://apiUser.logicmonitor.com/santaba/rest/setting/accesslogs?sort=+happenedOn&filter=_all~sarah,happenedOn<:1436204150,happenedOn>:1436203980&fields=username,happenedOn,description"
{ "status" : 200, "errmsg" : "OK", "data" : { "total" : 3, "items" : [ { "username" : "sarah", "happenedOn" : 1436203987, "description" : "sarah signs in (adminId=4)." }, { "username" : "sarah", "happenedOn" : 1436204111, "description" : "Datasource Collector Active Discovery Task updated. Reason unspecified. AD parameters from path=\"LogicMonitor:type=AutoDiscoveryTask,name=*\" url=\"service:jmx:local\" ports=\"\" to url=\"service:jmx:local\" ports=\"\" path=\"LogicMonitor:type=AutoDiscoveryTask,name=*\" " }, { "username" : "sarah", "happenedOn" : 1436204148, "description" : "sarah signs in (adminId=4)." } ], "searchId" : null }
In This Article