Event report

Generates an array of all the data/events generated by the Manager device. Log messages, incidents, and audits can all be collected.

Note: This API is ''rate limited.' The manager application processes a maximum number of RESTful requests concurrently to avoid excessive memory consumption. The maximum number of requests is 3. If the maximum is reached, subsequent requests are blocked for at most 5 seconds. If 5 seconds is exceeded, the request gets an immediate response with HTTP status code 429.

Request

Security

Table 1. Roles capable of executing the Event Report API method
Any Super User System Admin Security Admin Operator
  superUser systemAdmin

(readOnly and read/write)

securityAdmin

(readOnly and read/write)

operator

HTTP method

GET /manager/api/{apiResponseType}/1.0/eventConsole.adm HTTP/1.1 Host:{manager.dsnet} streamSize={numElements}&streamTypes={streamType1}&streamTypes={streamType2}

Curl method

curl -u {admin}:{password} -k ”https://{manager.dsnet}/manager/api/{apiResponseType}/1.0/eventConsole.adm“ -d ”streamSize={numElements}&streamTypes={streamType1}&streamTypes={streamType2}“

Parameters

Table 2. Request parameters for Event Report (eventConsole) API method
Parameter Type Usage Default Description
streamSize Integer Optional  

Maximum number of elements to return.

streamTypes String Optional allIncidentStates

allLogMessages

Types of data to gather.

  • allIncidentStates
  • openIncidentStates
  • openIncidentsCurrentState
  • closedIncidentStates
  • noHighVolumeLogMessages
  • onlyHighVolumeLogMessages
  • allLogMessages
  • noLogMessages
  • noIncidentStates
  • noAudits
  • allAudits

Multiple stream types can be passed as streamTypes=allLogMessages&streamTypes=allAudits.

startTimestamp Long Optional  

Earliest date to gather data (UNIX time in ms).

endTimestamp Long Optional  

Latest date to gather data (UNIX time in ms).

message String    

Filter results to data that contains message.

eventLevels String Optional all event levels

Filter event levels of logs and incidents.

  • cleared
  • info
  • warning
  • error
  • critical

Multiple event levels can be passed as eventLevels=cleared&eventLevels=info.

api Boolean Optional  

true - filters results to audits that originate from API.

false - filters results to UI audits.

accountId Long Optional  

Filter to specific account.

quickMode Boolean Optional True Enables faster message searching of all events and audits. Enabled by default. If false, the advanced search switches to the legacy mode.
regEx Boolean Optional False Enable regular expression searching.

Response

Returns success or failure status.

JSON response example

{
  ”responseStatus“: ”ok“,
  ”responseHeader“: {
    ”status“: ”ok“,
    ”now“: 1394043570077,
    ”requestId“: null
  },
  ”responseData“: {
    ”streamElements“: [
      {
        ”requestIp“: ”127.0.0.1“,
        ”account“: 1,
        "occurrenceDate":"Tue, 15 Sep 2015 17:59:28 -0500",
        ”timestamp“: 1393888945512,
        ”auditableId“: 5,
        ”api“: true,
        ”requestId“: null,
        ”deletion“: false,
        ”actionCode“: ”createEditVaultTemplate“,
        ”message“: ”The vault template 'foosbar' was created. The width
        of the vault template is 8. The threshold is 6. The write threshold is
        7. The SecureSlice\u2122 feature is enabled. The Analytics feature
        is disabled. This is a 'object' vault template. “,
        ”auditableType“: ”vaultTemplate“,
        ”streamableType“: ”audit“
      },
      {
        "occurrenceDate":"Tue, 15 Sep 2015 17:59:28 -0500",
        ”timestamp“: 1393888710394,
        ”requestIp“: null,
        ”requestId“: null,
        ”streamableType“: ”audit“,
        ”actionCode“: null
      },
      ...
      {
        ”requestIp“: ”127.0.0.1“,
        ”account“: 1,
        "occurrenceDate":"Tue, 15 Sep 2015 17:59:28 -0500",
        ”timestamp“: 1393886244438,
        ”auditableId“: 1,
        ”api“: false,
        ”requestId“: null,
        ”deletion“: false,
        ”actionCode“: ”editMyAccountAccessKey“,
        ”message“: ”The account with name 'Adam' was modified. The
        following access key was removed: 'j1kLPgYfZs6Ub3MrCNFU'. “,
        ”auditableType“: ”account“,
        ”streamableType“: ”audit“
      }
    ]
  }
}

Parameters

Table 3. Response parameters for Event Report (eventConsole) API method
Parameter Type Description
startTimestamp

Long

Sent as a UNIX timestamp in milliseconds, this is the furthest date in the past to gather data from.

endTimestamp

Long

Sent as a UNIX timestamp in milliseconds, this is the latest date in the past to gather data from.

message

String

Message for specific event.

If streamableType is incidentState or logMessage:

streamSize Integer

The max number of elements to return.

streamableTypes

List

The type(s) of data to gather. Element type of either: allIncidentStates, openIncidentStates, openIncidientsCurrentState, closedIncidentStates, noHighVolumeLogMessages, onlyHighVolumeLogMessages, allLogMessages, noLogMessages, noIncidentStates, noAudits, or allAudits. Element fields can differ depending on type of element.

eventLevels

List

The event levels to gather. Incident event level (cleared, information, warning, error, or critical).

accountId Long

An id corresponding to an account in the Manager that made the change to generate an audit. If provided, the only audits that are returned will be those generated by the given account.

api

Boolean

Flag that should be true if only API-generated audits are desired, and false if only UI-generated audits are desired