Documentation
Table of Contents
auditlog.get
Description
integer/array auditlog.get(object parameters)
The method allows to retrieve audit log records according to the given parameters.
Parameters
(object) Parameters defining the desired output.
The method supports the following parameters.
| Parameter | Type | Description |
|---|---|---|
| auditids | string/array | Return only audit log with the given IDs. |
| userids | string/array | Return only audit log that were created by the given users. |
| time_from | timestamp | Returns only audit log entries that have been created after or at the given time. |
| time_till | timestamp | Returns only audit log entries that have been created before or at the given time. |
| selectDetails | query | Returns audit log entries with per field changes as details property. Available only for entries with action "1 - Update", for actions of other types returns empty array. |
| sortfield | string/array | Sort the result by the given properties. Possible values are: auditid, userid, clock. |
| filter | object | Return only results that exactly match the given filter. Accepts an array, where the keys are property names, and the values are either a single value or an array of values to match against. Additionally supports filtering by details property fields: table_name, field_name. |
| search | object | Case insensitive sub-string search in content of fields: note, ip, resourcename, oldvalue, newvalue. |
| countOutput | boolean | These parameters being common for all get methods are described in the reference commentary. |
| excludeSearch | boolean | |
| limit | integer | |
| output | query | |
| preservekeys | boolean | |
| searchByAny | boolean | |
| searchWildcardsEnabled | boolean | |
| sortorder | string/array | |
| startSearch | boolean |
Return values
(integer/array) Returns either:
- an array of objects;
- the count of retrieved objects, if the
countOutputparameter has been used.
Examples
Retrieve audit log
Retrieve two latest audit log records.
Request:
{
"jsonrpc": "2.0",
"method": "auditlog.get",
"params": {
"output": "extend",
"sortfield": "clock",
"sortorder": "DESC",
"limit": 2
},
"auth": "038e1d7b1735c6a5436ee9eae095879e",
"id": 1
}Response:
{
"jsonrpc": "2.0",
"result": [
{
"auditid": "189",
"userid": "1",
"clock": "1580913141",
"action": "3",
"resourcetype": "0",
"note": "",
"ip": "127.0.0.1",
"resourceid": "0",
"resourcename": ""
},
{
"auditid": "188",
"userid": "1",
"clock": "1580903029",
"action": "3",
"resourcetype": "0",
"note": "",
"ip": "127.0.0.1",
"resourceid": "0",
"resourcename": ""
}
],
"id": 2
}Retrieve audit log records having substring "test" in oldvalue field.
Request:
{
"jsonrpc": "2.0",
"method": "auditlog.get",
"params": {
"output": ["auditid", "resourcename"],
"search": {
"newvalue": "test"
},
"selectDetails": "extend"
},
"auth": "038e1d7b1735c6a5436ee9eae095879e",
"id": 1
}Response:
{
"jsonrpc": "2.0",
"result": [
{
"auditid": "5",
"resourcename": "Mattermost2",
"details": [
{
"table_name": "media_type",
"field_name": "event_menu_url",
"oldvalue": "http://test",
"newvalue": "http://test{EVENT.TAGS.__test}"
}
]
},
{
"auditid": "7",
"resourcename": "Email",
"details": [
{
"table_name": "media_type",
"field_name": "name",
"oldvalue": "Email",
"newvalue": "Email test"
}
]
}
],
"id": 20
}See also
Source
CAuditLog::get() in ui/include/classes/api/services/CAuditLog.php.