Search Logs


Overview

Search Logs for a Security device associated with specific tenant.


Synchronous / Asynchronous

  • Synchronous


Request

HTTP Request Method

  • POST


HTTP Request Path

{endpoint}/ecl-api/logs/search?tenantid={tenantid}&usertoken={x-subject-token}&deviceref={msa_device_id}

HTTP Request Header

Content-Type: application/json
X-Auth-Token: <token_id>

Request Parameter

Request Parameters

Parameter

Type

Format

Description

Required

tenantid

String

UUID

Tenant ID of the owner (UUID)

Yes

usertoken

String

UUID

User Token (UUID)

Yes

deviceref

String

-

MSA Device External Reference. Devices upgraded from Version1 to Version2 will be changed to the value NCSxxxx instead of CESxxxx.

Yes

terms

String

-

Terms to search for. Wildcards such as '*' and '?' are accepted. Boolean operator AND, OR and NOT are supported as well as parenthesis.

Optional

startDate

String

YYYY-MM-DD HH:MM:SS

Search start date. The date is the one extracted from the syslogs

Optional

endDate

String

YYYY-MM-DD HH:MM:SS

Search end date. The date is the one extracted from the syslogs

Optional

sortOrder

String

-

The sort ordering of the result. Possible values are desc, asc and relevancy. The field date is used to sort.

Optional

from

Integer

-

The starting from index of the logs to return. Defaults to 0.

Optional

pageSize

Integer

-

The number of logs to return. Defaults to 10, max is 500.

Optional


Sample Request Body

{
   "terms": "device_id:NCS4507",
   "startDate": "2017-04-16 03:03:03",
   "endDate": "2017-04-17 03:03:03",
   "sortOrder": "desc",
   "from": "0",
   "pageSize": "5"
}

Response

HTTP Response Code

Response Codes

Response Code

Description

200

OK

400

Request format is invalid

401

Unauthorized

404

Not found

500

Internal Server Error


Response Parameter

Response Parameters

Parameter

Type

Format

Description

logs

Object

-

Logs for an MSA device associated with specific tenant

mod_id

String

Numeric

MSA device model id (FORTIGATEVA : 15102617)

bytes

String

Numeric

Bytes

dst_port

String

Numeric

Destination port

threat

String

-

Threat description

_timestamp

String

YYYY:MM:DD HH:MM:SS.SSS

Timestamp

hostname

String

-

Hostname of Forti VM

device_id

String

-

MSA device id

severity

String

Numeric

Log severity

man_id

String

Numeric

MSA device manufacturer id (FORTINET : 17)

date

String

YYYY-MM-DDTHH:MM:SS+ssss

Log Date and Time

type

String

-

Log type

customer_ref

String

UUID

MSA Customer Reference [tenant id]

elapsed

String

Numeric

Elapsed

category

String

Numeric

Category

sentbyte

String

Numeric

Sent bytes

subtype

String

-

Log subtype

action

String

-

Log action

rawlog

String

-

Raw log

subclass_name

String

-

Subclass name

customer_id

String

Numeric

MSA Customer Id

rcvdbyte

String

Numeric

Received bytes


Sample Response Body

Normal Response

{
    "logs": [{
         "mod_id": "15102617",
         "bytes": "0",
         "dst_port": "0",
         "threat": "System activity event",
         "_timestamp": "2017-04-17 00:51:00.490",
         "hostname": "NCS4507",
         "device_id": "NCS4507",
         "severity": "5",
         "man_id": "17",
         "date": "2017-04-17T02:49:31+0000",
         "type": "event",
         "customer_ref": "e6fff086078e4977aa7a441bf4bfadf4",
         "elapsed": "0",
         "category": "0100",
         "sentbyte": "0",
         "subtype": "system",
         "action": "perf-stats",
         "rawlog": "<189>date=2017-04-17 time=02:49:31 devname=NCS4507 devid=FGVM020000031897 logid=0100040704 type=event subtype=system level=notice vd=¥\"root¥\" logdesc=¥\"System performance statistics¥\" action=¥\"perf-stats\" cpu=0 mem=19 totalsession=10 disk=0 bandwidth=0/3 setuprate=0 disklograte=0 fazlograte=0 msg=¥\"Performance statistics: average CPU: 0, memory: 19, concurrent sessions: 10, setup-rate: 0¥\"",
         "subclass_name": "N/A",
         "customer_id": "3008",
         "rcvdbyte": "0"
    }]
}

Error Response

{
    "error": {
         "message": "error message"
    }
}