Lastline AuditLog API

The Lastline AuditLog API is accessible at:<function>


To test your Lastline AuditLog license, paste the following URL into a browser after replacing the credential parameters accordingly:<username>&password=<password>

This will fetch the current list, providing an output similar to the example shown below:

      <ts>2014-01-17 09:58:15</ts>


Method Index

  • auditlog.get_events():

    Get the events currently stored in the audit log (optionally from a specified starting date).

Method Documentation


Retrieve the list of audit log events.


/papi/auditlog/get_events[. response_format]

response_format can be xml or json (defaults to json)



GET Parameters

Time range selection:

  • start_time:

    Retrieve audit events that occurred on or after the given datetime

  • end_time:

    Retrieve audit events that occurred on or before the given datetime

  • timezone:

    Name of selected time zone

Sorting and pagination:

  • orderby:

    Sort results based on this parameter

  • max_results:

    Limit to this many results

  • offset_results:

    Skip the first offset_results results.


  • accounts:

    Get events triggered by users with these usernames if administrator, otherwise accounts only see their own events

  • affected_customers:

    Get events concerning customers with this emails

  • source_ips:

    Get events triggered by users with this IP addresses

  • action_types:

    Get events with this types

  • entity_types:

    Get events that affected this types of object

  • portal_entity_ids

    Get events that affected objects with this ids

  • audit_event_id:

    Restrict to audit events with this id

Contents of successful response

A list of audit events containing the following fields: - audit_event_id:

The ID of the audit event
  • account:

    User that triggered this event

  • customer:

    Customer to which this action refers

  • entity_type:

    The type of the object affected by this event

  • portal_entity_id:

    the ID of the object affected by this event

  • audit_action_type:

    Name of the action type

  • category:

    Category of the action

  • ts:

    Time that event was first inserted in the db

  • source_ip:

    The IP of client that triggered this event

  • event_category:

    Category of the event

  • severity:

    Severity of the event