logging¶
Summary¶
| Resource | Operation | Description |
|---|---|---|
| Logging | GET /api/app/v1/log | Stream/view logs |
| GET /api/app/v1/log/archive | Get log file settings | |
| PUT /api/app/v1/log/archive | Set logging settings | |
| PUT /api/app/v1/log/save | Save log to filestore | |
| DELETE /api/app/v1/log/siem | Set up SIEM server for log export | |
| GET /api/app/v1/log/siem | Get SIEM server configuration for log export | |
| PUT /api/app/v1/log/siem | Set up SIEM server for log export |
Details¶
-
GET/api/app/v1/log¶ Stream log file or view last X lines in a log file. Currently only appliance level logs supported.
New in version 1.0.
Query Parameters: - log (required) – Log file to view.
- module (required) – Module where the log resides. Options (esg, appliance, wse, wcg, na).
- timeout (optional) – Timeout for log stream. Defaults to 150 seconds.
- lines (optional) – Number of lines to read. Must be using last action.
- action (optional) – Set this to last to view the last X number of lines.
Response Headers: - Content-Type – application/json
Status Codes: - 200 OK – Success - log lines
- 400 Bad Request – Bad Request - invalid parameter
- 401 Unauthorized – Access Denied
- 500 Internal Server Error – Internal Server Error - invalid module
Accepted Authorization: admin, audit
Example 1 - Request: Get last ten lines from audit log:
GET /api/app/v1/log?log=audit&module=appliance&lines=10&action=last HTTP/1.1 Accept: text/html
Example 1 - Response: Get last ten lines from audit log:
HTTP/1.1 200 OK Content-Type: text/html <LAST 10 LINES>
Example 2 - Request: Stream logs for three minutes:
GET /api/app/v1/log?log=audit&module=appliance&timeout=180 HTTP/1.1 Accept: text/html
Example 2 - Response: Stream logs for three minutes:
HTTP/1.1 200 OK Content-Type: text/html <LOG LINES>
-
GET/api/app/v1/log/archive¶ Get log file settings.
New in version 1.0.
Response Headers: - Content-Type – application/json
Status Codes: - 200 OK – Success - log settings
- 401 Unauthorized – Access Denied
Accepted Authorization: admin, audit
Example 1 - Request: Get log file settings:
GET /api/app/v1/log/archive HTTP/1.1 Accept: text/html
Example 1 - Response: Get log file settings:
HTTP/1.1 200 OK Content-Type: text/html { "app": { "audit": { "filepath": "/var/log/appliance/audit.log", "frequency": "Not Set", "size": "Not Set" }, "system": { "filepath": "/var/log/appliance/cli.log", "frequency": "Not Set", "size": "Not Set" } }, "network-agent": { "network-agent": { "filepath": [ "/var/lib/lxc/na/rootfs/opt/Websense/bin/NetworkAgent.log" ], "frequency": "Not Set", "size": "Not Set" } }, "proxy": { "proxy": { "filepath": [ "/var/lib/lxc/wcg/rootfs/opt/WCG/logs/content_gateway.out" ], "frequency": "Not Set", "size": "Not Set" } }, "web": { "web": { "filepath": [ "/var/lib/lxc/wse/rootfs/opt/Websense/bin/Websense.log" ], "frequency": "Not Set", "size": "Not Set" } } }
-
PUT/api/app/v1/log/archive¶ Set the archive frequency or the size. Works for audit and module logs. You can only set size or frequency, not both.
New in version 1.0.
Query Parameters: - log (required) – Log file archive to modify.
- module (required) – Module where the log resides. Options (esg, appliance, wse, wcg, na).
- frequency (optional) – Frequency in which to rotate the logs.
- size (optional) – Size to allow the log file to get to before rotating it.
- rotate (optional) – Number of archive log files to store locally before deleting the oldest.
Response Headers: - Content-Type – application/json
Status Codes: - 200 OK – Success - archive successfully set
- 400 Bad Request – Bad Request - invalid parameter
- 401 Unauthorized – Access Denied
- 500 Internal Server Error – Internal Server Error - invalid module
Accepted Authorization: admin
Example 1 - Request: Set log archive to rotate when the log file is 10 megabytes:
PUT api/app/v1/log/archive?module=na&log=na&size=10m HTTP/1.1 Accept: text/html
Example 1 - Response: Set log archive to rotate when the log file is 10 megabytes:
HTTP/1.1 200 OK Content-Type: text/html { "Status": "Success" }
Example 2 - Request: Set log archive to rotate weekly, keeping 10 files:
PUT api/app/v1/log/archive?module=na&log=na&frequency=weekly&rotate=10 HTTP/1.1 Accept: text/html
Example 1 - Response: Set log archive to rotate weekly:
HTTP/1.1 200 OK Content-Type: text/html { "Status": "Success" }
-
PUT/api/app/v1/log/save¶ Save a local log to a filestore.
New in version 1.0.
Warning
This command returns unescaped characters such as Unix new line character and octothorpe
Query Parameters: - alias (optional) – Filestore alias to save the log to.
- save-path (optional) – directory within filstore to store the logs in
- module (required) – Module where the log resides. Options (esg, appliance, wse, wcg, na).
- url (optional) – URL of the location in which to store the logs
- type (required) – Type of log file to save (all, system, audit).
Response Headers: - Content-Type – application/json
Status Codes: - 200 OK – Success - logfile successfully saved
- 400 Bad Request – Bad Request - invalid parameter
- 401 Unauthorized – Access Denied
- 500 Internal Server Error – Internal Server Error - invalid module
Accepted Authorization: admin
Example 1 - Request: Save audit log to filestore:
PUT api/app/v1/log/save?alias=myfilestore&module=appliance&type=audit HTTP/1.1 Accept: text/html
Example 1 - Response: Save audit log to filestore:
HTTP/1.1 200 OK Content-Type: text/html { "Result": "'audit_20170517094711.log' has been saved to ftp://anonymous@10.206.6.131/." }
-
DELETE/api/app/v1/log/siem¶ Retrieve configuration for exporting local log to SIEM server
New in version 1.0.
Query Parameters: - type (required) – Type of log file to save (system, audit).
Response Headers: - Content-Type – application/json
Status Codes: - 200 OK – Success - logfile successfully deleted
- 400 Bad Request – Bad Request - invalid parameter
- 401 Unauthorized – Access Denied
- 500 Internal Server Error – Internal Server Error - invalid module
Accepted Authorization: admin
Example 1 - Request: Delete SIEM configurartion for audit log:
DELETE api/app/v1/log/siem?type=audit HTTP/1.1 Accept: text/html
Example 1 - Response: Delete SIEM configuration for audit log:
HTTP/1.1 200 OK Content-Type: text/html { "Result": "Success" }
-
GET/api/app/v1/log/siem¶ Retrieve configuration for exporting local log to SIEM server
New in version 1.0.
Query Parameters: - type (required) – Type of log file to retrieve SIEM configuration (system, audit).
Response Headers: - Content-Type – application/json
Status Codes: - 200 OK – Success - logfile successfully saved
- 400 Bad Request – Bad Request - invalid parameter
- 401 Unauthorized – Access Denied
- 500 Internal Server Error – Internal Server Error - invalid module
Accepted Authorization: admin, audit
Example 1 - Request: View SIEM log configuration for audit log:
GET api/app/v1/log/siem?type=audit HTTP/1.1 Accept: text/html
Example 1 - Response: Set local log to export:
HTTP/1.1 200 OK Content-Type: text/html { "siem_host": "10.206.11.186", "siem_port": 514, "siem_protocol": "udp" }
-
PUT/api/app/v1/log/siem¶ Set a local log to export to a SIEM server
New in version 1.0.
Query Parameters: - host (required) – IP or hostname of SIEM server
- port (required) – Port to send SIEM data to
- protocol (required) – Protocol to send data (tcp, udp)
- type (required) – Type of log file to save (system, audit).
Response Headers: - Content-Type – application/json
Status Codes: - 200 OK – Success - logfile successfully saved
- 400 Bad Request – Bad Request - invalid parameter
- 401 Unauthorized – Access Denied
- 500 Internal Server Error – Internal Server Error - invalid module
Accepted Authorization: admin
Example 1 - Request: Set audit log to export on port 514 via udp:
PUT api/app/v1/log/siem?host=10.206.11.1&port=514&protocol=udp&type=audit HTTP/1.1 Accept: text/html
Example 1 - Response: SIEM configuration implemented for audit log:
HTTP/1.1 200 OK Content-Type: text/html { "audit": { "siem_host": "10.206.11.1", "siem_port": 514, "siem_protocol": "udp" } }