Lastline AuditLog API

The Lastline AuditLog API is accessible at:

https://user.lastline.com/papi/auditlog/<function>

Quick-Start

To test your Lastline AuditLog license, paste the following URL into a browser after replacing the credential parameters accordingly:

https://user.lastline.com/papi/auditlog/get_events.xml?username=<username>&password=<password>

This will fetch the current list, providing an output similar to the example shown below:

<result>
  <success>1</success>
  <data>
    <element>
      <entity_id></entity_id>
      <entity_type></entity_type>
      <event_name>SUCCESSFUL_LOGIN</event_name>
      <ts>2014-01-17 09:58:15</ts>
      <src_ip>172.16.48.1</src_ip>
      <event_severity>INFO</event_severity>
      <event_category>authentication</event_category>
      <account>user@example.com</account>
    </element>
  </data>
</result>

Methods

Method Index

  • auditlog.get_events():

    Get the events currently stored in the audit log (optionally from a specified starting date).

Method Documentation

auditlog.auditlog.get_events(response_format)

Retrieve the list of audit log events.

URL

/papi/auditlog/get_events[. response_format]

response_format can be xml or json (defaults to json)

HTTP METHOD

GET

GET Parameters

Time range selection:

  • start_time:

    Retrieve audit events that occurred on or after the given datetime

  • end_time:

    Retrieve audit events that occurred on or before the given datetime

  • timezone:

    Name of selected time zone

Sorting and pagination:

  • orderby:

    Sort results based on this parameter

  • max_results:

    Limit to this many results

  • offset_results:

    Skip the first offset_results results.

Filters:

  • accounts:

    Get events triggered by users with these usernames if administrator, otherwise accounts only see their own events

  • affected_customers:

    Get events concerning customers with this emails

  • source_ips:

    Get events triggered by users with this IP addresses

  • action_types:

    Get events with this types

  • entity_types:

    Get events that affected this types of object

  • portal_entity_ids

    Get events that affected objects with this ids

  • audit_event_id:

    Restrict to audit events with this id

Contents of successful response

A list of audit events containing the following fields: - audit_event_id:

The ID of the audit event
  • account:

    User that triggered this event

  • customer:

    Customer to which this action refers

  • entity_type:

    The type of the object affected by this event

  • portal_entity_id:

    the ID of the object affected by this event

  • audit_action_type:

    Name of the action type

  • category:

    Category of the action

  • ts:

    Time that event was first inserted in the db

  • source_ip:

    The IP of client that triggered this event

  • event_category:

    Category of the event

  • severity:

    Severity of the event