auditlogs¶
Retrieve audit logs.
auditlogs [OPTIONS] COMMAND [ARGS]...
clear-checkpoint¶
Remove the saved audit log checkpoint from –use-checkpoint/-c mode.
auditlogs clear-checkpoint [OPTIONS] CHECKPOINT_NAME
Options
-
-d
,
--debug
¶
Turn on debug logging.
-
--profile
<profile>
¶ The name of the Code42 CLI profile to use when executing this command.
Arguments
-
CHECKPOINT_NAME
¶
Required argument
search¶
Search audit logs.
auditlogs search [OPTIONS]
Options
-
--affected-username
<affected_username>
¶ Filter results by affected usernames.
-
--affected-user-id
<affected_user_id>
¶ Filter results by affected user ids.
-
--actor-ip
<actor_ip>
¶ Filter results by user ip addresses.
-
--actor-user-id
<actor_user_id>
¶ Filter results by actor user ids.
-
--actor-username
<actor_username>
¶ Filter results by actor usernames.
-
--event-type
<event_type>
¶ Filter results by event types (e.g. search_issued, user_registered, user_deactivated).
-
-e
,
--end
<end>
¶ The end of the date range in which to look for audit-logs, argument format options are the same as –begin.
-
-b
,
--begin
<begin>
¶ The beginning of the date range in which to look for audit-logs, can be a date/time in yyyy-MM-dd (UTC) or yyyy-MM-dd HH:MM:SS (UTC+24-hr time) format where the ‘time’ portion of the string can be partial (e.g. ‘2020-01-01 12’ or ‘2020-01-01 01:15’) or a short value representing days (30d), hours (24h) or minutes (15m) from current time.
-
-f
,
--format
<format>
¶ The output format of the result. Defaults to table format.
Options: TABLE|CSV|JSON|RAW-JSON
-
-c
,
--use-checkpoint
<checkpoint>
¶ Only get audit-log events that were not previously retrieved.
-
-d
,
--debug
¶
Turn on debug logging.
-
--profile
<profile>
¶ The name of the Code42 CLI profile to use when executing this command.
send-to¶
Send audit logs to the given server address in JSON format.
auditlogs send-to [OPTIONS] HOSTNAME
Options
-
--affected-username
<affected_username>
¶ Filter results by affected usernames.
-
--affected-user-id
<affected_user_id>
¶ Filter results by affected user ids.
-
--actor-ip
<actor_ip>
¶ Filter results by user ip addresses.
-
--actor-user-id
<actor_user_id>
¶ Filter results by actor user ids.
-
--actor-username
<actor_username>
¶ Filter results by actor usernames.
-
--event-type
<event_type>
¶ Filter results by event types (e.g. search_issued, user_registered, user_deactivated).
-
-e
,
--end
<end>
¶ The end of the date range in which to look for audit-logs, argument format options are the same as –begin.
-
-b
,
--begin
<begin>
¶ The beginning of the date range in which to look for audit-logs, can be a date/time in yyyy-MM-dd (UTC) or yyyy-MM-dd HH:MM:SS (UTC+24-hr time) format where the ‘time’ portion of the string can be partial (e.g. ‘2020-01-01 12’ or ‘2020-01-01 01:15’) or a short value representing days (30d), hours (24h) or minutes (15m) from current time.
-
-c
,
--use-checkpoint
<checkpoint>
¶ Only get audit-log events that were not previously retrieved.
-
-p
,
--protocol
<protocol>
¶ Protocol used to send logs to server. Defaults to UDP.
Options: TCP|UDP
-
-d
,
--debug
¶
Turn on debug logging.
-
--profile
<profile>
¶ The name of the Code42 CLI profile to use when executing this command.
Arguments
-
HOSTNAME
¶
Required argument