Zabbix Documentation 5.0

3.04.04.4 (current)| In development:5.0 (devel)| Unsupported:1.82.02.22.43.23.44.2Guidelines

User Tools

Site Tools


Sidebar

manual:api:reference:auditlog:get

auditlog.get

Description

integer/array auditlog.get(object parameters)

The method allows to retrieve audit log records according to the given parameters.

Parameters

(object) Parameters defining the desired output.

The method supports the following parameters.

Parameter Type Description
auditids string/array Return only audit log with the given IDs.
userids string/array Return only audit log that were created by the given users.
time_from timestamp Returns only audit log entries that have been created after or at the given time.
time_till timestamp Returns only audit log entries that have been created before or at the given time.
selectDetails query Returns audit log entries with per field changes as details property.

Available only for entries with action “1 - Update”, for actions of other types returns empty array.
sortfield string/array Sort the result by the given properties.

Possible values are: auditid, userid, clock.
filter object Return only results that exactly match the given filter.

Accepts an array, where the keys are property names, and the values are either a single value or an array of values to match against.

Additionally supports filtering by details property fields: table_name, field_name.
search object Case insensitive sub-string search in content of fields: note, ip, resourcename, oldvalue, newvalue.
countOutput booleanThese parameters being common for all get methods are described in the reference commentary.
excludeSearch boolean
limit integer
output query
preservekeys boolean
searchByAny boolean
searchWildcardsEnabled boolean
sortorder string/array
startSearch boolean

Return values

(integer/array) Returns either:

  • an array of objects;
  • the count of retrieved objects, if the countOutput parameter has been used.

Examples

Retrieve audit log

Retrieve two latest audit log records.

Request:

{
    "jsonrpc": "2.0",
    "method": "auditlog.get",
    "params": {
        "output": "extend",
        "sortfield": "clock",
        "sortorder": "DESC",
        "limit": 2
    },
    "auth": "038e1d7b1735c6a5436ee9eae095879e",
    "id": 1
}

Response:

{
    "jsonrpc": "2.0",
    "result": [
        {
            "auditid": "189",
            "userid": "1",
            "clock": "1580913141",
            "action": "3",
            "resourcetype": "0",
            "note": "",
            "ip": "127.0.0.1",
            "resourceid": "0",
            "resourcename": ""
        },
        {
            "auditid": "188",
            "userid": "1",
            "clock": "1580903029",
            "action": "3",
            "resourcetype": "0",
            "note": "",
            "ip": "127.0.0.1",
            "resourceid": "0",
            "resourcename": ""
        }
    ],
    "id": 2
}

Retrieve audit log records having substring “test” in oldvalue field.

Request:

{
    "jsonrpc": "2.0",
    "method": "auditlog.get",
    "params": {
        "output": ["auditid", "resourcename"],
        "search": {
            "newvalue": "test"
        },
        "selectDetails": "extend"
    },
    "auth": "038e1d7b1735c6a5436ee9eae095879e",
    "id": 1
}

Response:

{
    "jsonrpc": "2.0",
    "result": [
        {
            "auditid": "5",
            "resourcename": "Mattermost2",
            "details": [
                {
                    "table_name": "media_type",
                    "field_name": "event_menu_url",
                    "oldvalue": "http://test",
                    "newvalue": "http://test{EVENT.TAGS.__test}"
                }
            ]
        },
        {
            "auditid": "7",
            "resourcename": "Email",
            "details": [
                {
                    "table_name": "media_type",
                    "field_name": "name",
                    "oldvalue": "Email",
                    "newvalue": "Email test"
                }
            ]
        }
    ],
    "id": 20
}

See also

Source

CAuditLog::get() in frontends/php/include/classes/api/services/CAuditLog.php.