Event report
Generates an array of all the data/events generated by the Manager device. Log messages, incidents, and audits can all be collected.
Request
Security
| Any | Super User | System Admin | Security Admin | Operator |
|---|---|---|---|---|
| superUser | systemAdmin (readOnly and read/write) |
securityAdmin (readOnly and read/write) |
operator |
HTTP method
GET /manager/api/{apiResponseType}/1.0/eventConsole.adm HTTP/1.1
Host:{manager.dsnet}
streamSize={numElements}&streamTypes={streamType1}&streamTypes={streamType2}
Curl method
curl -u {admin}:{password} -k
”https://{manager.dsnet}/manager/api/{apiResponseType}/1.0/eventConsole.adm“ -d
”streamSize={numElements}&streamTypes={streamType1}&streamTypes={streamType2}“
Parameters
| Parameter | Type | Usage | Default | Description |
|---|---|---|---|---|
| streamSize | Integer | Optional |
Maximum number of elements to return. |
|
| streamTypes | String | Optional | allIncidentStates
allLogMessages |
Types of data to gather.
Multiple stream types can be passed as streamTypes=allLogMessages&streamTypes=allAudits. |
| startTimestamp | Long | Optional |
Earliest date to gather data (UNIX time in ms). |
|
| endTimestamp | Long | Optional |
Latest date to gather data (UNIX time in ms). |
|
| message | String |
Filter results to data that contains message. |
||
| eventLevels | String | Optional | all event levels |
Filter event levels of logs and incidents.
Multiple event levels can be passed as eventLevels=cleared&eventLevels=info. |
| api | Boolean | Optional |
true - filters results to audits that originate from API. false - filters results to UI audits. |
|
| accountId | Long | Optional |
Filter to specific account. |
|
| quickMode | Boolean | Optional | True | Enables faster message searching of all events and audits. Enabled by default. If false, the advanced search switches to the legacy mode. |
| regEx | Boolean | Optional | False | Enable regular expression searching. |
Response
Returns success or failure status.
JSON response example
{
”responseStatus“: ”ok“,
”responseHeader“: {
”status“: ”ok“,
”now“: 1394043570077,
”requestId“: null
},
”responseData“: {
”streamElements“: [
{
”requestIp“: ”127.0.0.1“,
”account“: 1,
"occurrenceDate":"Tue, 15 Sep 2015 17:59:28 -0500",
”timestamp“: 1393888945512,
”auditableId“: 5,
”api“: true,
”requestId“: null,
”deletion“: false,
”actionCode“: ”createEditVaultTemplate“,
”message“: ”The vault template 'foosbar' was created. The width
of the vault template is 8. The threshold is 6. The write threshold is
7. The SecureSlice\u2122 feature is enabled. The Analytics feature
is disabled. This is a 'object' vault template. “,
”auditableType“: ”vaultTemplate“,
”streamableType“: ”audit“
},
{
"occurrenceDate":"Tue, 15 Sep 2015 17:59:28 -0500",
”timestamp“: 1393888710394,
”requestIp“: null,
”requestId“: null,
”streamableType“: ”audit“,
”actionCode“: null
},
...
{
”requestIp“: ”127.0.0.1“,
”account“: 1,
"occurrenceDate":"Tue, 15 Sep 2015 17:59:28 -0500",
”timestamp“: 1393886244438,
”auditableId“: 1,
”api“: false,
”requestId“: null,
”deletion“: false,
”actionCode“: ”editMyAccountAccessKey“,
”message“: ”The account with name 'Adam' was modified. The
following access key was removed: 'j1kLPgYfZs6Ub3MrCNFU'. “,
”auditableType“: ”account“,
”streamableType“: ”audit“
}
]
}
}Parameters
| Parameter | Type | Description |
|---|---|---|
| startTimestamp |
Long |
Sent as a UNIX timestamp in milliseconds, this is the furthest date in the past to gather data from. |
| endTimestamp |
Long |
Sent as a UNIX timestamp in milliseconds, this is the latest date in the past to gather data from. |
| message |
String |
Message for specific event. If streamableType is incidentState or logMessage: |
| streamSize | Integer |
The max number of elements to return. |
| streamableTypes |
List |
The type(s) of data to gather. Element type of either: allIncidentStates, openIncidentStates, openIncidientsCurrentState, closedIncidentStates, noHighVolumeLogMessages, onlyHighVolumeLogMessages, allLogMessages, noLogMessages, noIncidentStates, noAudits, or allAudits. Element fields can differ depending on type of element. |
| eventLevels |
List |
The event levels to gather. Incident event level (cleared, information, warning, error, or critical). |
| accountId | Long |
An id corresponding to an account in the Manager that made the change to generate an audit. If provided, the only audits that are returned will be those generated by the given account. |
| api |
Boolean |
Flag that should be true if only API-generated audits are desired, and false if only UI-generated audits are desired |