Audit trail API
Overview
To apply the changes, restart the audit log service using the following command:
sudo systemctl restart nxauditlogs
Calling the Audit trail API
To retrieve the audit log files of the Nexthink Appliances, send a GET request to the Portal (primary Appliance) with one of the following URLs:
Retrieve the audit log of the Portal
https:///audit-trail/api/v1/portal/type/auditlog
Retrieve the audit log of a particular Engine
https:///audit-trail/api/v1/engine//type/auditlog
Retrieve the audit log of all Engines
https:///audit-trail/api/v1/engines/type/auditlog
When generating a token, use the following scope: service:audit-trail
.
Optional parameters
To retrieve a timeframe, use the following optional parameters:
before_date: returns all the events before the provided date or datetime. Format:
yyyy-mm-ddThh:mm:ss
(e.g.,2024-12-24
or2024-12-24T14:00:00
).elapsed_hours: returns all the events for the provided duration from now or before_date (when specified).
You can use both parameters independently.
Response of the Audit trail API
The Audit trail API returns the content of the audit log file in the target Appliance. In the case of a call to retrieve the audit log of all Engines, the response is the result of concatenating the audit log files of each connected Engine
Error conditions
When unsuccessful, a call to the Audit trail API returns an error response in the form of a JSON array, along with an HTTP error code:
RELATED REFERENCE
Last updated