auditlogs

Retrieve audit logs.

auditlogs [OPTIONS] COMMAND [ARGS]...

clear-checkpoint

Remove the saved audit log checkpoint from –use-checkpoint/-c mode.

auditlogs clear-checkpoint [OPTIONS] CHECKPOINT_NAME

Options

-d, --debug

Turn on debug logging.

--profile <profile>

The name of the Code42 CLI profile to use when executing this command.

Arguments

CHECKPOINT_NAME

Required argument

search

Search audit logs.

auditlogs search [OPTIONS]

Options

--affected-username <affected_username>

Filter results by affected usernames.

--affected-user-id <affected_user_id>

Filter results by affected user ids.

--actor-ip <actor_ip>

Filter results by user ip addresses.

--actor-user-id <actor_user_id>

Filter results by actor user ids.

--actor-username <actor_username>

Filter results by actor usernames.

--event-type <event_type>

Filter results by event types (e.g. search_issued, user_registered, user_deactivated).

-e, --end <end>

The end of the date range in which to look for audit-logs, argument format options are the same as –begin.

-b, --begin <begin>

The beginning of the date range in which to look for audit-logs, can be a date/time in yyyy-MM-dd (UTC) or yyyy-MM-dd HH:MM:SS (UTC+24-hr time) format where the ‘time’ portion of the string can be partial (e.g. ‘2020-01-01 12’ or ‘2020-01-01 01:15’) or a short value representing days (30d), hours (24h) or minutes (15m) from current time.

-f, --format <format>

The output format of the result. Defaults to table format.

Options:TABLE|CSV|JSON|RAW-JSON

-c, --use-checkpoint <checkpoint>

Only get audit-log events that were not previously retrieved.

-d, --debug

Turn on debug logging.

--profile <profile>

The name of the Code42 CLI profile to use when executing this command.

send-to

Send audit logs to the given server address in JSON format.

auditlogs send-to [OPTIONS] HOSTNAME

Options

--affected-username <affected_username>

Filter results by affected usernames.

--affected-user-id <affected_user_id>

Filter results by affected user ids.

--actor-ip <actor_ip>

Filter results by user ip addresses.

--actor-user-id <actor_user_id>

Filter results by actor user ids.

--actor-username <actor_username>

Filter results by actor usernames.

--event-type <event_type>

Filter results by event types (e.g. search_issued, user_registered, user_deactivated).

-e, --end <end>

The end of the date range in which to look for audit-logs, argument format options are the same as –begin.

-b, --begin <begin>

The beginning of the date range in which to look for audit-logs, can be a date/time in yyyy-MM-dd (UTC) or yyyy-MM-dd HH:MM:SS (UTC+24-hr time) format where the ‘time’ portion of the string can be partial (e.g. ‘2020-01-01 12’ or ‘2020-01-01 01:15’) or a short value representing days (30d), hours (24h) or minutes (15m) from current time.

-c, --use-checkpoint <checkpoint>

Only get audit-log events that were not previously retrieved.

-p, --protocol <protocol>

Protocol used to send logs to server. Defaults to UDP.

Options:TCP|UDP

-d, --debug

Turn on debug logging.

--profile <profile>

The name of the Code42 CLI profile to use when executing this command.

Arguments

HOSTNAME

Required argument