Audit trail API
Overview
To enable the inspection of product use, each Nexthink Appliance stores the relevant activity of Nexthink users in the form of a log file. Conveniently retrieve the audit log files from any federated Appliance via the Audit trail API.
Note that the TCP port 443 needs to be open on every Engine connected to the Portal. If your Nexthink platform is not using the default Collector port, you have to open it using the Web Console.
Calling the Audit trail API
To retrieve the audit log files of the Nexthink Appliances, send a GET request to the Portal (primary Appliance) with one of the following URLs:
Retrieve the audit log of the Portal:
https://<Portal_FQDN>/audit-trail/api/v1/portal/type/auditlog
Retrieve the audit log of a particular Engine:
https://<Portal_FQDN>/audit-trail/api/v1/engine/<Engine_Hostname>/type/auditlog
Retrieve the audit log of all Engines:
https://<Portal_FQDN>/audit-trail/api/v1/engines/type/auditlog
Response of the Audit trail API
The Audit trail API returns the content of the audit log file in the target Appliance. In the case of a call to retrieve the audit log of all Engines, the response is the result of concatenating the audit log files of each connected Engine
Error conditions
When unsuccessful, a call to the Audit trail API returns an error response in the form of a JSON array, along with an HTTP error code:
Error type | HTTP code | Cause |
---|---|---|
Engine error | Internal server error 500 |
|
RELATED REFERENCE