GET Log

Returns event information from the Trust Protection Platform log.

NOTE  Parameter names and values differ from those in POST Log. Here are the differences:

GET Log and POST Log data types differ

Parameter

GET Log

POST Log

Id

Id is mixed case.

Example: Id=43646975

ID is upper case.

Example ID: 43646975

Severity

Severity takes a string.

Example, Severity=Alert

Severity takes an integer that represents event severity.

Example, for an Alert, specify Severity: 2

Requirements

  • Permissions: The caller must have View permission and Read permission to the default SQL channel object. The component parameter also requires View permission and Read permission to the component DN.
  • Token scope:  Any valid scope, such as Agent, Certificate, or SSH

Headers

  • Content type: Content-Type:application/json.

  • Token: The bearer access token that you received. For example, Authorization:Bearer 4MyGeneratedBearerTknz==. For more information, see Passing a bearer token in your API calls.

Parameters

Input parameters

Name

Description

Component

(Optional) The Distinguished Name (DN) of an object that originated the event. For example: Component=\\VED\\Policy\\DataCenter1\\Cert1.

FromTime

(Optional) Valid only for GET Log. The UTC start time for retrieving event occurrences. Use the ISO 8601 format, for example FromTime=YYYY-MM-DDTHH:MM:SS.mmmmmmmZ.

Grouping

 (Optional) An integer that corresponds to a set of events that involved the Component. For example Grouping=-496258952

Id

(Optional)The high bits that are shared among all Event IDs logged by this component. For example: Id=65538.

Limit

(Optional) Available only for GET Log. The number of events to return from the event log. The default is 100 and there is no maximum value. For example: Limit=100.

Offset

(Optional) Available only for GET Log. The number of events to skip after the Limit value. For example: Offset=2.

Order

(Optional) Available only for GET Log. The default sort order is by most recent ServerTimestamp. A comma separated set of sort preferences and fields. Any field is sortable except the Name field. Specify a sort preference followed by the field name:

  • To sort fields in ascending order, either omit a sort symbol or use the plus (+) symbol. For example, Order=Id,+Severity sorts in ascending order by Event ID and then by Severity.
  • To sort fields in descending order, use the minus (-) symbol. For example, order=-Id,-Severity sorts in descending order by Event ID and then by Severity.
  • To mix sort, use a combination of plus or minus symbols. For example, +Order=Id,-Severity sorts in ascending order by Event ID and then descending order by Severity.

Severity

(Optional) A string value for one of these event severities: Emergency, Alert, Critical, Error, Warning, Notice, Info. Omit Debug because these events do not appear in the event log. For example, Severity=Alert.

Text1

Corresponds with Value1. A string variable that may be referenced by the event translation as defined by the log schema. For example, Text1=Heavy job.

Text2

A second string variable that may be referenced by the event translation as defined by the log schema. For example, Text2=Nightly job.

ToTime

(Optional) Available only for GET Log. The UTC end time for retrieving a range of event occurrences. For a range of events, set a FromTimethat occurred prior to the ToTime. Use the ISO 8601 format, for example ToTime=YYYY-MM-DDTHH:MM:SS.mmmmmmmZ.

Value1

 Corresponds with Text1. An integer variable that may be referenced by the event translation as defined by the log schema. . For example: Value1=Job in progress.

Value2

Corresponds with Text2. A second integer variable that may be referenced by the event translation as defined by the log schema. For example: Value1=Job complete.

Returns

  • HTTP 200: The following message body:
Response description

Name

Description

LogEvents

An array of log events by ServerTimestamp. The newest log entry appears first.

  • ClientTimestamp: The time that the client generated the event.
  • Component: A string that identifies a Distinguished Name (DN) of an object. For events that occur in a subsystem other than Config, such as a Secret Store, the component may be blank.
  • ComponentId: The component ID that originated the event.
  • ComponentSubsystem: The component subsystem that originated the event.
  • Data: The event stack trace. Otherwise, Null.
  • Grouping: An integer that correlates to a set of events that involve the Component.
  • Id: A hexadecimal value that corresponds to an Event Id.
  • Name: The event name.
  • ServerTimestamp: The time the Log server received the event.
  • Severity: A string value for one of these event severities: Emergency, Alert, Critical, Error, Warning, Notice, Info, Debug.
  • SourceIP: The IP address of the client that originated the event.
  • Text1: A string variable that contains all or part of an event message.
  • Text2: An additional string variable, if present, that appears as part of an event message.
  • Value1: An integer variable. If present, appears as part of an event message.
  • Value2: An additional integer variable. If present, appears as part of an event message.

Example 1: Get the two most recent log entries

Request for Example 1

GET https://tpp.venafi.example/vedsdk/Log?limit=2
Authorization:Bearer 4MyGeneratedBearerTknz==

Response for Example 1

HTTP/1.1 200 OK
{
   "LogEvents":[
      {
         "ClientTimestamp":"2018-02-08T21:15:32.0000000Z",
         "Component":"\\VED\\Identity\\AD1",
         "ComponentId":303,
         "ComponentSubsystem":"Config",
         "EventId":268960006,
         "Grouping":26,
         "Id":247136,
         "Name":"IdentityAD - Recovery Set Completed",
         "ServerTimestamp":"2018-02-08T21:15:33.0000000Z",
         "Severity":"Debug",
         "SourceIP":"172.16.1.100",
         "Text1":"AD+AD1",
         "Text2":"AD+AD1 Domain venafi.example",
         "Value1":0,
         "Value2":0
      },
      {
         "ClientTimestamp":"2018-02-08T21:15:32.0000000Z",
         "Component":"\\VED\\Identity\\AD1",
         "ComponentId":303,
         "ComponentSubsystem":"Config",
         "EventId":268960004,
         "GroupId":26,
         "Id":247135,
         "Name":"IdentityAD - Recover Controller Succeeded",
         "ServerTimestamp":"2018-02-08T21:15:33.0000000Z",
         "Severity":"Debug",
         "SourceIP":"172.16.1.100",
         "Text1":"AD+AD1 Domain venafi.example",
         "Text2":"PM-SSH-VED.venafi.example",
         "Value1":1,
         "Value2":0
      }
   ]
}

Example 2: Gather events for a particular time range

Request for Example 2

GET https://tpp.venafi.example/vedsdk/Log?FromTime=2018-05-04T00:00:00.0000000Z&ToTime=2018-05-04T23:59:59.0000000Z
Authorization:Bearer 4MyGeneratedBearerTknz==

Response for Example 2

HTTP/1.1 200 OK
{
   "LogEvents":[
      {
         "ClientTimestamp":"2018-0504T23:45:26.0000000Z",
         "Component":"\\VED\\Engines\\UX-TPP-1",
         "ComponentId":13,
         "ComponentSubsystem":"Config",
         "Grouping":0,
         "Id":851969,
         "Name":"Certificate Authority Driver Name Missing",
         "ServerTimestamp":"2018-05-12T21:39:24.0000000Z",
         "Severity":"Critical",
         "SourceIP":"192.168.7.198",
         "Text1":"",
         "Text2":null,
         "Value1":0,
         "Value2":0
      },
      {
         "ClientTimestamp":"2018-0504T16:25:26.0000000Z",
         "Component":"\\VED\\Secret Store",
         "ComponentId":5,
         "ComponentSubsystem":"Config",
         "Grouping":5282563,
         "Id":196618,
         "Name":"Secret Store - Retrieve Secret",
         "ServerTimestamp":"2018-0504T16:45:25.0000000Z",
         "Severity":"Info",
         "SourceIP":"192.168.7.198",
         "Text1":"admin",
         "Text2":"Null:Null",
         "Value1":5607,
         "Value2":0
      }
   ]
}