Search Logs


Search Logs for a Security device associated with specific tenant.

Synchronous / Asynchronous

  • Synchronous


HTTP Request Method

  • POST

HTTP Request Path


HTTP Request Header

Content-Type: application/json
X-Auth-Token: <token_id>

Request Parameter

Request Parameters
Parameter Type Format Description Required
tenantid String UUID Tenant ID of the owner (UUID) Yes
usertoken String UUID User Token (UUID) Yes
deviceref String - MSA Device External Reference. Devices upgraded from Version1 to Version2 will be changed to the value NCSxxxx instead of CESxxxx. Yes
terms String - Terms to search for. Wildcards such as '*' and '?' are accepted. Boolean operator AND, OR and NOT are supported as well as parenthesis. Optional
startDate String YYYY-MM-DD HH:MM:SS Search start date. The date is the one extracted from the syslogs Optional
endDate String YYYY-MM-DD HH:MM:SS Search end date. The date is the one extracted from the syslogs Optional
sortOrder String - The sort ordering of the result. Possible values are desc, asc and relevancy. The field date is used to sort. Optional
from Integer - The starting from index of the logs to return. Defaults to 0. Optional
pageSize Integer - The number of logs to return. Defaults to 10, max is 500. Optional

Sample Request Body

   "terms": "device_id:NCS4507",
   "startDate": "2017-04-16 03:03:03",
   "endDate": "2017-04-17 03:03:03",
   "sortOrder": "desc",
   "from": "0",
   "pageSize": "5"


HTTP Response Code

Response Codes
Response Code Description
200 OK
400 Request format is invalid
401 Unauthorized
404 Not found
500 Internal Server Error

Response Parameter

Response Parameters
Parameter Type Format Description
logs Object - Logs for an MSA device associated with specific tenant
mod_id String Numeric MSA device model id (FORTIGATEVA : 15102617)
bytes String Numeric Bytes
dst_port String Numeric Destination port
threat String - Threat description
_timestamp String YYYY:MM:DD HH:MM:SS.SSS Timestamp
hostname String - Hostname of Forti VM
device_id String - MSA device id
severity String Numeric Log severity
man_id String Numeric MSA device manufacturer id (FORTINET : 17)
date String YYYY-MM-DDTHH:MM:SS+ssss Log Date and Time
type String - Log type
customer_ref String UUID MSA Customer Reference [tenant id]
elapsed String Numeric Elapsed
category String Numeric Category
sentbyte String Numeric Sent bytes
subtype String - Log subtype
action String - Log action
rawlog String - Raw log
subclass_name String - Subclass name
customer_id String Numeric MSA Customer Id
rcvdbyte String Numeric Received bytes

Sample Response Body

Normal Response

    "logs": [{
         "mod_id": "15102617",
         "bytes": "0",
         "dst_port": "0",
         "threat": "System activity event",
         "_timestamp": "2017-04-17 00:51:00.490",
         "hostname": "NCS4507",
         "device_id": "NCS4507",
         "severity": "5",
         "man_id": "17",
         "date": "2017-04-17T02:49:31+0000",
         "type": "event",
         "customer_ref": "e6fff086078e4977aa7a441bf4bfadf4",
         "elapsed": "0",
         "category": "0100",
         "sentbyte": "0",
         "subtype": "system",
         "action": "perf-stats",
         "rawlog": "<189>date=2017-04-17 time=02:49:31 devname=NCS4507 devid=FGVM020000031897 logid=0100040704 type=event subtype=system level=notice vd=¥\"root¥\" logdesc=¥\"System performance statistics¥\" action=¥\"perf-stats\" cpu=0 mem=19 totalsession=10 disk=0 bandwidth=0/3 setuprate=0 disklograte=0 fazlograte=0 msg=¥\"Performance statistics: average CPU: 0, memory: 19, concurrent sessions: 10, setup-rate: 0¥\"",
         "subclass_name": "N/A",
         "customer_id": "3008",
         "rcvdbyte": "0"

Error Response

    "error": {
         "message": "error message"