Search Logs¶
Request¶
HTTP Request Path¶
{endpoint}/ecl-api/logs/search?tenantid={tenantid}&usertoken={x-subject-token}&deviceref={msa_device_id}
Request Parameter¶
| Parameter | Type | Format | Description | Required |
|---|---|---|---|---|
| tenantid | String | UUID | Tenant ID of the owner (UUID) | Yes |
| usertoken | String | UUID | User Token (UUID) | Yes |
| deviceref | String | - | MSA Device External Reference. Devices upgraded from Version1 to Version2 will be changed to the value NCSxxxx instead of CESxxxx. | Yes |
| terms | String | - | Terms to search for. Wildcards such as '*' and '?' are accepted. Boolean operator AND, OR and NOT are supported as well as parenthesis. | Optional |
| startDate | String | YYYY-MM-DD HH:MM:SS | Search start date. The date is the one extracted from the syslogs | Optional |
| endDate | String | YYYY-MM-DD HH:MM:SS | Search end date. The date is the one extracted from the syslogs | Optional |
| sortOrder | String | - | The sort ordering of the result. Possible values are desc, asc and relevancy. The field date is used to sort. | Optional |
| from | Integer | - | The starting from index of the logs to return. Defaults to 0. | Optional |
| pageSize | Integer | - | The number of logs to return. Defaults to 10, max is 500. | Optional |
Sample Request Body¶
{
"terms": "device_id:NCS4507",
"startDate": "2017-04-16 03:03:03",
"endDate": "2017-04-17 03:03:03",
"sortOrder": "desc",
"from": "0",
"pageSize": "5"
}
Response¶
HTTP Response Code¶
| Response Code | Description |
|---|---|
| 200 | OK |
| 400 | Request format is invalid |
| 401 | Unauthorized |
| 404 | Not found |
| 500 | Internal Server Error |
Response Parameter¶
| Parameter | Type | Format | Description |
|---|---|---|---|
| logs | Object | - | Logs for an MSA device associated with specific tenant |
| mod_id | String | Numeric | MSA device model id (FORTIGATEVA : 15102617) |
| bytes | String | Numeric | Bytes |
| dst_port | String | Numeric | Destination port |
| threat | String | - | Threat description |
| _timestamp | String | YYYY:MM:DD HH:MM:SS.SSS | Timestamp |
| hostname | String | - | Hostname of Forti VM |
| device_id | String | - | MSA device id |
| severity | String | Numeric | Log severity |
| man_id | String | Numeric | MSA device manufacturer id (FORTINET : 17) |
| date | String | YYYY-MM-DDTHH:MM:SS+ssss | Log Date and Time |
| type | String | - | Log type |
| customer_ref | String | UUID | MSA Customer Reference [tenant id] |
| elapsed | String | Numeric | Elapsed |
| category | String | Numeric | Category |
| sentbyte | String | Numeric | Sent bytes |
| subtype | String | - | Log subtype |
| action | String | - | Log action |
| rawlog | String | - | Raw log |
| subclass_name | String | - | Subclass name |
| customer_id | String | Numeric | MSA Customer Id |
| rcvdbyte | String | Numeric | Received bytes |
Sample Response Body¶
Normal Response¶
{
"logs": [{
"mod_id": "15102617",
"bytes": "0",
"dst_port": "0",
"threat": "System activity event",
"_timestamp": "2017-04-17 00:51:00.490",
"hostname": "NCS4507",
"device_id": "NCS4507",
"severity": "5",
"man_id": "17",
"date": "2017-04-17T02:49:31+0000",
"type": "event",
"customer_ref": "e6fff086078e4977aa7a441bf4bfadf4",
"elapsed": "0",
"category": "0100",
"sentbyte": "0",
"subtype": "system",
"action": "perf-stats",
"rawlog": "<189>date=2017-04-17 time=02:49:31 devname=NCS4507 devid=FGVM020000031897 logid=0100040704 type=event subtype=system level=notice vd=¥\"root¥\" logdesc=¥\"System performance statistics¥\" action=¥\"perf-stats\" cpu=0 mem=19 totalsession=10 disk=0 bandwidth=0/3 setuprate=0 disklograte=0 fazlograte=0 msg=¥\"Performance statistics: average CPU: 0, memory: 19, concurrent sessions: 10, setup-rate: 0¥\"",
"subclass_name": "N/A",
"customer_id": "3008",
"rcvdbyte": "0"
}]
}
Error Response¶
{
"error": {
"message": "error message"
}
}