Skip to main content
Skip table of contents

Audit trail API

Overview

To enable the inspection of product use, each Nexthink Appliance stores the relevant activity of Nexthink users in the form of a log file. Conveniently retrieve the audit log files from any federated Appliance via the Audit trail API.

Note that the TCP port 443 needs to be open on every Engine connected to the Portal. If your Nexthink platform is not using the default Collector port, you have to open it using the Web Console.

If you replaced the default digital certificates (see the Importing and replacing certificates page), ensure that the nginxSelfSignedCertificate parameter on the Appliance server hosting the Portal instance is set to false. Modify the /var/nexthink/nxauditlog/.env file or create one if necessary. Add the following as a new line at the bottom:

CODE 
nginxSelfSignedCertificate=false

To apply the changes, restart the audit log service using the following command:

sudo systemctl restart nxauditlogs

Calling the Audit trail API

To retrieve the audit log files of the Nexthink Appliances, send a GET request to the Portal (primary Appliance) with one of the following URLs:

Retrieve the audit log of the Portal:

https://<Portal_FQDN>/audit-trail/api/v1/portal/type/auditlog

Retrieve the audit log of a particular Engine:

https://<Portal_FQDN>/audit-trail/api/v1/engine/<Engine_Hostname>/type/auditlog

Retrieve the audit log of all Engines:

https://<Portal_FQDN>/audit-trail/api/v1/engines/type/auditlog

When generating a token, use the following scope: service:audit-trail.

Refer to the Integrations with Nexthink documentation for more information.

Optional parameters

To retrieve a timeframe, use the following optional parameters:

  • before_date: returns all the events before the provided date or datetime. Format: yyyy-mm-ddThh:mm:ss (e.g., 2024-12-24 or 2024-12-24T14:00:00).

  • elapsed_hours: returns all the events for the provided duration from now or before_date (when specified).

You can use both parameters independently.

Response of the Audit trail API

The Audit trail API returns the content of the audit log file in the target Appliance. In the case of a call to retrieve the audit log of all Engines, the response is the result of concatenating the audit log files of each connected Engine

Error conditions

When unsuccessful, a call to the Audit trail API returns an error response in the form of a JSON array, along with an HTTP error code:

Error type

HTTP code

Cause

Engine error

Internal server error 500

  • Unknown Engine name

  • Unreachable Engine

RELATED REFERENCE

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close