auditlogs

Tools for getting audit-log data.

auditlogs [OPTIONS] COMMAND [ARGS]...

clear-checkpoint

Remove the saved audit log checkpoint from –use-checkpoint/-c mode.

auditlogs clear-checkpoint [OPTIONS] CHECKPOINT_NAME

Options

-d, --debug

Turn on debug logging.

--profile <profile>

The name of the Code42 CLI profile to use when executing this command.

Arguments

CHECKPOINT_NAME

Required argument

send-to

Send audit logs to the given server address in JSON format.

HOSTNAME format: address:port where port is optional and defaults to 514.

auditlogs send-to [OPTIONS] HOSTNAME

Options

-b, --begin <begin>

The beginning of the date range in which to look for audit-logs. Accepts a date/time in yyyy-MM-dd (UTC) or yyyy-MM-dd HH:MM:SS (UTC+24-hr time) format where the ‘time’ portion of the string can be partial (e.g. ‘2020-01-01 12’ or ‘2020-01-01 01:15’) or a ‘short time’ value representing days (30d), hours (24h) or minutes (15m) from the current time.

-e, --end <end>

The end of the date range in which to look for audit-logs, argument format options are the same as –begin.

--affected-username <affected_username>

Filter results by affected usernames.

--affected-user-id <affected_user_id>

Filter results by affected user ids.

--actor-ip <actor_ip>

Filter results by user ip addresses.

--actor-user-id <actor_user_id>

Filter results by actor user ids.

--actor-username <actor_username>

Filter results by actor usernames.

--event-type <event_type>

Filter results by event types (e.g. search_issued, user_registered, user_deactivated).

-c, --use-checkpoint <use_checkpoint>

Only get audit-logs that were not previously retrieved.

-p, --protocol <protocol>

Protocol used to send logs to server. Defaults to UDP.

Options:TCP|UDP
-d, --debug

Turn on debug logging.

--profile <profile>

The name of the Code42 CLI profile to use when executing this command.

Arguments

HOSTNAME

Required argument