GET Log
Returns event information from the Trust Protection Platform log.
NOTE Parameter names and values differ from those in POST Log. Here are the differences:
Parameter |
GET Log |
POST Log |
---|---|---|
Id |
Id is mixed case. Example: Id=43646975 |
ID is upper case. Example ID: 43646975 |
Severity |
Severity takes a string. Example, Severity=Alert |
Severity takes an integer that represents event severity. Example, for an Alert, specify Severity: 2 |
Requirements
- Permissions: The caller must have View permission and Read permission to the default SQL channel object. The component parameter also requires View permission and Read permission to the component DN.
- Token scope: Any valid scope, such as Agent, Certificate, or SSH
Headers
-
Content type: Content-Type:application/json.
- Token: The bearer access token that you received. For example, Authorization:Bearer 4MyGeneratedBearerTknz==. For more information, see Passing a bearer token in your API calls.
Parameters
Name |
Description |
---|---|
Component |
(Optional) The Distinguished Name (DN) of an object that originated the event. For example: Component=\\VED\\Policy\\DataCenter1\\Cert1. |
FromTime |
(Optional) Valid only for GET Log. The UTC start time for retrieving event occurrences. Use the ISO 8601 format, for example FromTime=YYYY-MM-DDTHH:MM:SS.mmmmmmmZ. |
Grouping |
(Optional) An integer that corresponds to a set of events that involved the Component. For example Grouping=-496258952 |
Id |
(Optional)The high bits that are shared among all Event IDs logged by this component. For example: Id=65538. |
Limit |
(Optional) Available only for GET Log. The number of events to return from the event log. The default is 100 and there is no maximum value. For example: Limit=100. |
Offset |
(Optional) Available only for GET Log. The number of events to skip after the Limit value. For example: Offset=2. |
Order |
(Optional) Available only for GET Log. The default sort order is by most recent ServerTimestamp. A comma separated set of sort preferences and fields. Any field is sortable except the Name field. Specify a sort preference followed by the field name:
|
Severity |
(Optional) A string value for one of these event severities: Emergency, Alert, Critical, Error, Warning, Notice, Info. Omit Debug because these events do not appear in the event log. For example, Severity=Alert. |
Text1 |
Corresponds with Value1. A string variable that may be referenced by the event translation as defined by the log schema. For example, Text1=Heavy job. |
Text2 |
A second string variable that may be referenced by the event translation as defined by the log schema. For example, Text2=Nightly job. |
ToTime |
(Optional) Available only for GET Log. The UTC end time for retrieving a range of event occurrences. For a range of events, set a FromTimethat occurred prior to the ToTime. Use the ISO 8601 format, for example ToTime=YYYY-MM-DDTHH:MM:SS.mmmmmmmZ. |
Value1 |
Corresponds with Text1. An integer variable that may be referenced by the event translation as defined by the log schema. . For example: Value1=Job in progress. |
Value2 |
Corresponds with Text2. A second integer variable that may be referenced by the event translation as defined by the log schema. For example: Value1=Job complete. |
Returns
- HTTP 200: The following message body:
Name |
Description |
---|---|
LogEvents |
An array of log events by ServerTimestamp. The newest log entry appears first.
|
Example 1: Get the two most recent log entries
Request for Example 1
GET https://tpp.venafi.example/vedsdk/Log?limit=2 Authorization:Bearer 4MyGeneratedBearerTknz==
Response for Example 1
HTTP/1.1 200 OK { "LogEvents":[ { "ClientTimestamp":"2018-02-08T21:15:32.0000000Z", "Component":"\\VED\\Identity\\AD1", "ComponentId":303, "ComponentSubsystem":"Config", "EventId":268960006, "Grouping":26, "Id":247136, "Name":"IdentityAD - Recovery Set Completed", "ServerTimestamp":"2018-02-08T21:15:33.0000000Z", "Severity":"Debug", "SourceIP":"172.16.1.100", "Text1":"AD+AD1", "Text2":"AD+AD1 Domain venafi.example", "Value1":0, "Value2":0 }, { "ClientTimestamp":"2018-02-08T21:15:32.0000000Z", "Component":"\\VED\\Identity\\AD1", "ComponentId":303, "ComponentSubsystem":"Config", "EventId":268960004, "GroupId":26, "Id":247135, "Name":"IdentityAD - Recover Controller Succeeded", "ServerTimestamp":"2018-02-08T21:15:33.0000000Z", "Severity":"Debug", "SourceIP":"172.16.1.100", "Text1":"AD+AD1 Domain venafi.example", "Text2":"PM-SSH-VED.venafi.example", "Value1":1, "Value2":0 } ] }
Example 2: Gather events for a particular time range
Request for Example 2
GET https://tpp.venafi.example/vedsdk/Log?FromTime=2018-05-04T00:00:00.0000000Z&ToTime=2018-05-04T23:59:59.0000000Z Authorization:Bearer 4MyGeneratedBearerTknz==
Response for Example 2
HTTP/1.1 200 OK { "LogEvents":[ { "ClientTimestamp":"2018-0504T23:45:26.0000000Z", "Component":"\\VED\\Engines\\UX-TPP-1", "ComponentId":13, "ComponentSubsystem":"Config", "Grouping":0, "Id":851969, "Name":"Certificate Authority Driver Name Missing", "ServerTimestamp":"2018-05-12T21:39:24.0000000Z", "Severity":"Critical", "SourceIP":"192.168.7.198", "Text1":"", "Text2":null, "Value1":0, "Value2":0 }, { "ClientTimestamp":"2018-0504T16:25:26.0000000Z", "Component":"\\VED\\Secret Store", "ComponentId":5, "ComponentSubsystem":"Config", "Grouping":5282563, "Id":196618, "Name":"Secret Store - Retrieve Secret", "ServerTimestamp":"2018-0504T16:45:25.0000000Z", "Severity":"Info", "SourceIP":"192.168.7.198", "Text1":"admin", "Text2":"Null:Null", "Value1":5607, "Value2":0 } ] }