Export Logs

URL:
https://<root>/logs/export
Methods:
POST
Version Introduced:
11.4

Description

The export operation exports and downloads either standard logs or audit logs as a .zip file. Audit logs are detailed event logs that are used to monitor changes to the system. Audit logs are a useful resource when troubleshooting any critical or breaking changes that have occured, as they can help track what organization member made a change, the effect it has on the system, and what time those events occurred. Notably, audit logs can be processed by Security Information and Event Management (SIEM) tools to generate an audit trail, track trends in user activity, as well as monitor and address any security threats or vulnerabilities.

Audit logs captures information for the following events:

  • Accessing the organization portal site
  • Creating, deleting, updating, and disabling member accounts
  • Creating and updating user roles
  • Adding and configuring groups
  • Adding and removing members from a group
  • Sharing items
  • Changing item ownership
  • Adding, updating, moving, and deleting items

Request parameters

ParameterDetails

logType

(Required)

Specifies the types of logs being exported. When set as Application, standard logs will be exported. When set as Audit, audit logs are exported.

Values: Audit | Application

Example usage

The following is a sample request for the export operation:

Use dark colors for code blocksCopy
1
https://machine.domain.com/webadaptor/portaladmin/logs/export?logType=Audit

Audit log syntax

Each event included in the audit logs will use the following JSON syntax:

Use dark colors for code blocksCopy
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
{
  "version": "<The version of the audit record schema>",
  "timestamp": <UTC timestamp when the event occurred>,
  "eventId": "<Unique identifier for the audit record>",
  "event": "<Event name>",
  "eventLevel": "<Event level. Level 1 events are always recorded>",
  "status": "<Success | Fail | Error>",
  "statusCode": "<Status code (e.g. 200 for success, 403 for Invalid Authentication, etc.)>",
  "actor": "<Username of the member who performed the logged event>",
  "actorId": "<Unique identifier for the member who performed the logged event>",
  "actorRole": "<The member's role>",
  "sourceIp": "<Client application's IP address",
  "destinationIp": "<Request target's IP address>",
  "destinationHost": "<Target's hostname>",
  "resource": "<The API endpoint used to make the request>",
  "data":{<Additional, relevant information for the event>},
  "userAgent": <User agent information from the client application>,
  "message": "<High-level description of the event>"
}

Your browser is no longer supported. Please upgrade your browser for the best experience. See our browser deprecation post for more details.