logging¶
Summary¶
Resource |
Operation |
Description |
|---|---|---|
Logging |
Stream/view logs |
|
Get log file settings |
||
Set logging settings |
||
Save log to filestore |
||
Set up SIEM server for log export |
||
Get SIEM server configuration for log export |
||
Set up SIEM server for log export |
Details¶
- GET /api/app/v1/log¶
Stream log file or view last X lines in a log file. Currently only appliance level logs supported.
New in version 1.0.
- Query Parameters:
log (required) – Log file to view.
module (required) – Module where the log resides. Options (esg, appliance, wse, wcg, na).
timeout (optional) – Timeout for log stream. Defaults to 150 seconds.
lines (optional) – Number of lines to read. Must be using last action.
action (optional) – Set this to last to view the last X number of lines.
- Response Headers:
Content-Type – application/json
- Status Codes:
200 OK – Success - log lines
400 Bad Request – Bad Request - invalid parameter
401 Unauthorized – Access Denied
500 Internal Server Error – Internal Server Error - invalid module
- Accepted Authorization:
admin, audit
Example 1 - Request: Get last ten lines from audit log:
GET /api/app/v1/log?log=audit&module=appliance&lines=10&action=last HTTP/1.1 Accept: text/html
Example 1 - Response: Get last ten lines from audit log:
HTTP/1.1 200 OK Content-Type: text/html <LAST 10 LINES>
Example 2 - Request: Stream logs for three minutes:
GET /api/app/v1/log?log=audit&module=appliance&timeout=180 HTTP/1.1 Accept: text/html
Example 2 - Response: Stream logs for three minutes:
HTTP/1.1 200 OK Content-Type: text/html <LOG LINES>
- GET /api/app/v1/log/archive¶
Get log file settings.
New in version 1.0.
- Response Headers:
Content-Type – application/json
- Status Codes:
200 OK – Success - log settings
401 Unauthorized – Access Denied
- Accepted Authorization:
admin, audit
Example 1 - Request: Get log file settings:
GET /api/app/v1/log/archive HTTP/1.1 Accept: text/html
Example 1 - Response: Get log file settings:
HTTP/1.1 200 OK Content-Type: text/html { "app": { "audit": { "filepath": "/var/log/appliance/audit.log", "frequency": "Not Set", "size": "Not Set" }, "system": { "filepath": "/var/log/appliance/cli.log", "frequency": "Not Set", "size": "Not Set" } }, "network-agent": { "network-agent": { "filepath": [ "/var/lib/lxc/na/rootfs/opt/Websense/bin/NetworkAgent.log" ], "frequency": "Not Set", "size": "Not Set" } }, "proxy": { "proxy": { "filepath": [ "/var/lib/lxc/wcg/rootfs/opt/WCG/logs/content_gateway.out" ], "frequency": "Not Set", "size": "Not Set" } }, "web": { "web": { "filepath": [ "/var/lib/lxc/wse/rootfs/opt/Websense/bin/Websense.log" ], "frequency": "Not Set", "size": "Not Set" } } }
- PUT /api/app/v1/log/archive¶
Set the archive frequency or the size. Works for audit and module logs. You can only set size or frequency, not both.
New in version 1.0.
- Query Parameters:
log (required) – Log file archive to modify.
module (required) – Module where the log resides. Options (esg, appliance, wse, wcg, na).
frequency (optional) – Frequency in which to rotate the logs.
size (optional) – Size to allow the log file to get to before rotating it.
rotate (optional) – Number of archive log files to store locally before deleting the oldest.
- Response Headers:
Content-Type – application/json
- Status Codes:
200 OK – Success - archive successfully set
400 Bad Request – Bad Request - invalid parameter
401 Unauthorized – Access Denied
500 Internal Server Error – Internal Server Error - invalid module
- Accepted Authorization:
admin
Example 1 - Request: Set log archive to rotate when the log file is 10 megabytes:
PUT api/app/v1/log/archive?module=na&log=na&size=10m HTTP/1.1 Accept: text/html
Example 1 - Response: Set log archive to rotate when the log file is 10 megabytes:
HTTP/1.1 200 OK Content-Type: text/html { "Status": "Success" }
Example 2 - Request: Set log archive to rotate weekly, keeping 10 files:
PUT api/app/v1/log/archive?module=na&log=na&frequency=weekly&rotate=10 HTTP/1.1 Accept: text/html
Example 1 - Response: Set log archive to rotate weekly:
HTTP/1.1 200 OK Content-Type: text/html { "Status": "Success" }
- PUT /api/app/v1/log/save¶
Save a local log to a filestore.
New in version 1.0.
Warning
This command returns unescaped characters such as Unix new line character and octothorpe
- Query Parameters:
alias (optional) – Filestore alias to save the log to.
save-path (optional) – directory within filstore to store the logs in
module (required) – Module where the log resides. Options (esg, appliance, wse, wcg, na).
url (optional) – URL of the location in which to store the logs
type (required) – Type of log file to save (all, system, audit).
- Response Headers:
Content-Type – application/json
- Status Codes:
200 OK – Success - logfile successfully saved
400 Bad Request – Bad Request - invalid parameter
401 Unauthorized – Access Denied
500 Internal Server Error – Internal Server Error - invalid module
- Accepted Authorization:
admin
Example 1 - Request: Save audit log to filestore:
PUT api/app/v1/log/save?alias=myfilestore&module=appliance&type=audit HTTP/1.1 Accept: text/html
Example 1 - Response: Save audit log to filestore:
HTTP/1.1 200 OK Content-Type: text/html { "Result": "'audit_20170517094711.log' has been saved to ftp://anonymous@10.206.6.131/." }
- DELETE /api/app/v1/log/siem¶
Retrieve configuration for exporting local log to SIEM server
New in version 1.0.
- Query Parameters:
type (required) – Type of log file to save (system, audit).
- Response Headers:
Content-Type – application/json
- Status Codes:
200 OK – Success - logfile successfully deleted
400 Bad Request – Bad Request - invalid parameter
401 Unauthorized – Access Denied
500 Internal Server Error – Internal Server Error - invalid module
- Accepted Authorization:
admin
Example 1 - Request: Delete SIEM configurartion for audit log:
DELETE api/app/v1/log/siem?type=audit HTTP/1.1 Accept: text/html
Example 1 - Response: Delete SIEM configuration for audit log:
HTTP/1.1 200 OK Content-Type: text/html { "Result": "Success" }
- GET /api/app/v1/log/siem¶
Retrieve configuration for exporting local log to SIEM server
New in version 1.0.
- Query Parameters:
type (required) – Type of log file to retrieve SIEM configuration (system, audit).
- Response Headers:
Content-Type – application/json
- Status Codes:
200 OK – Success - logfile successfully saved
400 Bad Request – Bad Request - invalid parameter
401 Unauthorized – Access Denied
500 Internal Server Error – Internal Server Error - invalid module
- Accepted Authorization:
admin, audit
Example 1 - Request: View SIEM log configuration for audit log:
GET api/app/v1/log/siem?type=audit HTTP/1.1 Accept: text/html
Example 1 - Response: Set local log to export:
HTTP/1.1 200 OK Content-Type: text/html { "siem_host": "10.206.11.186", "siem_port": 514, "siem_protocol": "udp" }
- PUT /api/app/v1/log/siem¶
Set a local log to export to a SIEM server
New in version 1.0.
- Query Parameters:
host (required) – IP or hostname of SIEM server
port (required) – Port to send SIEM data to
protocol (required) – Protocol to send data (tcp, udp)
type (required) – Type of log file to save (system, audit).
- Response Headers:
Content-Type – application/json
- Status Codes:
200 OK – Success - logfile successfully saved
400 Bad Request – Bad Request - invalid parameter
401 Unauthorized – Access Denied
500 Internal Server Error – Internal Server Error - invalid module
- Accepted Authorization:
admin
Example 1 - Request: Set audit log to export on port 514 via udp:
PUT api/app/v1/log/siem?host=10.206.11.1&port=514&protocol=udp&type=audit HTTP/1.1 Accept: text/html
Example 1 - Response: SIEM configuration implemented for audit log:
HTTP/1.1 200 OK Content-Type: text/html { "audit": { "siem_host": "10.206.11.1", "siem_port": 514, "siem_protocol": "udp" } }