Audit Log API

OmniCenter’s API system must be enabled to use this API. See, How to Enable OmniCenter API Access.

Calls to this API are made using HTTP/HTTPS and are sent as key/value pairs in a POST request.

Security

Netreo recommends always using POST for API calls if possible. If security is a concern we recommend the use of HTTPS and POST requests.

Resource

The resource accessed by this API is the OmniCenter audit log, which records all events that occur in OmniCenter caused by any user.

This resource offers the following endpoints:

  • Audit Log Entries

Resource URL

{your.omnicenter.ip.or.name}/fw/index.php?r=restful

Endpoints

Audit Log Entries

POST
/audit-log/log-list
Retrieves the OmniCenter audit log for the time period supplied in a parameter.

Parameters

The parameters for this endpoint can be included as request body parameters in a POST request.

password
String/Required if authentication is enabled.
The API key set in OmniCenter’s API Administration. Case-sensitive.

timeperiod
String/Required
Specifies the volume of time contained within the retrieved log. Acceptable values: lasthr, 24hr, 7dy. All times are relative to the time of the call.

Request Examples

Retrieve audit log entries for the last hour using POST with API Authentication Enabled

curl -X POST
  "http://38.2.11.62/fw/index.php?r=restful/audit-log/log-list"
  -F timeperiod=lasthr
  -F password=test123

Response

A successful or unsuccessful call to this API will return an array of standard JSON objects for the time period specified.

Response Examples

Note: The output will be returned as standard JSON without indentation or line breaks. It is formatted here to make the example easier to read.

Log Retrieval Success
(Each entry from the audit log will be a JSON object in the returned array.)

[
   {
      "time":"2018-10-28 17:02:45",
      "device":"Houston-R1.netreo.net",
      "user":"OmniCenter",
      "location":"Configuration Manager",
      "message":"Unable to retrieve configuration."
   },
   {
      "time":"2018-10-28 16:20:26",
      "device":"WinSQL",
      "user":"OmniCenter",
      "location":"Automated Process",
      "message":"Device Rediscovered, templates applied. Device Type (ww)"
   },
   {
      "time":"2018-10-28 16:20:25",
      "device":"WinSQL",
      "user":"OmniCenter",
      "location":"Automated Process",
      "message":"Device Rediscovered, templates applied. Everything (Default)."
   },
   {
      "time":"2018-10-28 16:20:23",
      "device":"WinAD",
      "user":"OmniCenter",
      "location":"Automated Process",
      "message":"Device Rediscovered, templates applied. Site (Internal)"
   },
   {
      "time":"2018-10-28 16:20:23",
      "device":"WinAD",
      "user":"OmniCenter",
      "location":"Automated Process",
      "message":"Device Rediscovered, templates applied. Device Type (ww)"
   },
   {
      "time":"2018-10-28 16:20:21",
      "device":"WinAD",
      "user":"OmniCenter",
      "location":"Automated Process",
      "message":"Device Rediscovered, templates applied. Everything (Default)."
   },
]

Log Retrieval Failure

{
   "Failure": "Log does not exist in given time period"
}

Response Schema

The key/value pairs of a “successful” log retrieval reflect their counterparts in the UI version of the audit log.

Output Type Value
time string Returns the date and time the log entry was made, relative to the OmniCenter server.
device string Returns the device that generated the log entry.
user string Returns the logged-in username of the user that caused the entry to be made. A user of “OmniCenter” means that the event was caused by an automatic action taken by OmniCenter.
location string Returns the module or process that generated the log entry.
message string Returns the actual log entry.
Failure string Returns the reason for a call failure.
Updated on July 1, 2019

Was this article helpful?

Need Support?
Can’t find the answer you’re looking for? Don’t worry we’re here to help!
Contact Support

Leave a Reply