- URL:
- https://<root>/logs/export
- Methods:
POST- Version Introduced:
- 11.4
Access requirements
Required privileges
The Portal Administrator API requires privilege-based access. An administrator must be assigned a specific user privilege, or role, to access any given endpoint. Listed below are the user privileges or roles an administrator can be assigned that provides access to this endpoint. If multiple privileges are listed, only one needs to be assigned to gain access.
Tokens
This API requires token-based authentication. A token is automatically generated for administrators who sign in to the Portal Administrator API directory's HTML interface. Tokens generated in this way are stored for the entirety of the session.
Those accessing the API directory outside of the HTML interface will need to acquire a session token from the generate operation in the Portal Directory API. For security reasons, all POST requests made to the Portal Administrator API must include a token in the request body.
Description
The export operation exports and downloads either standard logs or audit logs as a .zip file. Audit logs are detailed event logs that are used to monitor changes to the system. Audit logs are a useful resource when troubleshooting any critical or breaking changes that have occured, as they can help track what organization member made a change, the effect it has on the system, and what time those events occurred. Notably, audit logs can be processed by Security Information and Event Management (SIEM) tools to generate an audit trail, track trends in user activity, as well as monitor and address any security threats or vulnerabilities.
Audit logs captures information for the following events:
- Accessing the organization portal site
- Creating, deleting, updating, and disabling member accounts
- Creating and updating user roles
- Adding and configuring groups
- Adding and removing members from a group
- Sharing items
- Changing item ownership
- Adding, updating, moving, and deleting items
Request parameters
| Parameter | Details |
|---|---|
(Required) | Specifies the types of logs being exported. When set as Values: |
Example usage
The following is a sample request for the export operation:
https://organization.example.com/<context>/portaladmin/logs/export?logType=AuditAudit log syntax
Each event included in the audit logs will use the following JSON syntax:
{
"version": "<The version of the audit record schema>",
"timestamp": <UTC timestamp when the event occurred>,
"eventId": "<Unique identifier for the audit record>",
"event": "<Event name>",
"eventLevel": "<Event level. Level 1 events are always recorded>",
"status": "<Success | Fail | Error>",
"statusCode": "<Status code (e.g. 200 for success, 403 for Invalid Authentication, etc.)>",
"actor": "<Username of the member who performed the logged event>",
"actorId": "<Unique identifier for the member who performed the logged event>",
"actorRole": "<The member's role>",
"sourceIp": "<Client application's IP address",
"destinationIp": "<Request target's IP address>",
"destinationHost": "<Target's hostname>",
"resource": "<The API endpoint used to make the request>",
"data":{<Additional, relevant information for the event>},
"userAgent": <User agent information from the client application>,
"message": "<High-level description of the event>"
}