Search Logs¶
Request¶
HTTP Request Path¶
{endpoint}/ecl-api/logs/search?tenantid={tenantid}&usertoken={x-subject-token}&deviceref={msa_device_id}
Request Parameter¶
Parameter |
Type |
Format |
Description |
Required |
---|---|---|---|---|
tenantid |
String |
UUID |
Tenant ID of the owner (UUID) |
Yes |
usertoken |
String |
UUID |
User Token (UUID) |
Yes |
deviceref |
String |
- |
MSA Device External Reference. Devices upgraded from Version1 to Version2 will be changed to the value NCSxxxx instead of CESxxxx. |
Yes |
terms |
String |
- |
Terms to search for. Wildcards such as '*' and '?' are accepted. Boolean operator AND, OR and NOT are supported as well as parenthesis. |
Optional |
startDate |
String |
YYYY-MM-DD HH:MM:SS |
Search start date. The date is the one extracted from the syslogs |
Optional |
endDate |
String |
YYYY-MM-DD HH:MM:SS |
Search end date. The date is the one extracted from the syslogs |
Optional |
sortOrder |
String |
- |
The sort ordering of the result. Possible values are desc, asc and relevancy. The field date is used to sort. |
Optional |
from |
Integer |
- |
The starting from index of the logs to return. Defaults to 0. |
Optional |
pageSize |
Integer |
- |
The number of logs to return. Defaults to 10, max is 500. |
Optional |
Sample Request Body¶
{
"terms": "device_id:NCS4507",
"startDate": "2017-04-16 03:03:03",
"endDate": "2017-04-17 03:03:03",
"sortOrder": "desc",
"from": "0",
"pageSize": "5"
}
Response¶
HTTP Response Code¶
Response Code |
Description |
---|---|
200 |
OK |
400 |
Request format is invalid |
401 |
Unauthorized |
404 |
Not found |
500 |
Internal Server Error |
Response Parameter¶
Parameter |
Type |
Format |
Description |
---|---|---|---|
logs |
Object |
- |
Logs for an MSA device associated with specific tenant |
mod_id |
String |
Numeric |
MSA device model id (FORTIGATEVA : 15102617) |
bytes |
String |
Numeric |
Bytes |
dst_port |
String |
Numeric |
Destination port |
threat |
String |
- |
Threat description |
_timestamp |
String |
YYYY:MM:DD HH:MM:SS.SSS |
Timestamp |
hostname |
String |
- |
Hostname of Forti VM |
device_id |
String |
- |
MSA device id |
severity |
String |
Numeric |
Log severity |
man_id |
String |
Numeric |
MSA device manufacturer id (FORTINET : 17) |
date |
String |
YYYY-MM-DDTHH:MM:SS+ssss |
Log Date and Time |
type |
String |
- |
Log type |
customer_ref |
String |
UUID |
MSA Customer Reference [tenant id] |
elapsed |
String |
Numeric |
Elapsed |
category |
String |
Numeric |
Category |
sentbyte |
String |
Numeric |
Sent bytes |
subtype |
String |
- |
Log subtype |
action |
String |
- |
Log action |
rawlog |
String |
- |
Raw log |
subclass_name |
String |
- |
Subclass name |
customer_id |
String |
Numeric |
MSA Customer Id |
rcvdbyte |
String |
Numeric |
Received bytes |
Sample Response Body¶
Normal Response¶
{
"logs": [{
"mod_id": "15102617",
"bytes": "0",
"dst_port": "0",
"threat": "System activity event",
"_timestamp": "2017-04-17 00:51:00.490",
"hostname": "NCS4507",
"device_id": "NCS4507",
"severity": "5",
"man_id": "17",
"date": "2017-04-17T02:49:31+0000",
"type": "event",
"customer_ref": "e6fff086078e4977aa7a441bf4bfadf4",
"elapsed": "0",
"category": "0100",
"sentbyte": "0",
"subtype": "system",
"action": "perf-stats",
"rawlog": "<189>date=2017-04-17 time=02:49:31 devname=NCS4507 devid=FGVM020000031897 logid=0100040704 type=event subtype=system level=notice vd=¥\"root¥\" logdesc=¥\"System performance statistics¥\" action=¥\"perf-stats\" cpu=0 mem=19 totalsession=10 disk=0 bandwidth=0/3 setuprate=0 disklograte=0 fazlograte=0 msg=¥\"Performance statistics: average CPU: 0, memory: 19, concurrent sessions: 10, setup-rate: 0¥\"",
"subclass_name": "N/A",
"customer_id": "3008",
"rcvdbyte": "0"
}]
}
Error Response¶
{
"error": {
"message": "error message"
}
}