audit-logs¶

Get and send audit log event data.

audit-logs [OPTIONS] COMMAND [ARGS]...

clear-checkpoint¶

Remove the saved audit log checkpoint from –use-checkpoint/-c mode.

audit-logs clear-checkpoint [OPTIONS] CHECKPOINT_NAME

Options

-d, --debug¶: Turn on debug logging.

--profile <profile>¶: The name of the Code42 CLI profile to use when executing this command.

Arguments

CHECKPOINT_NAME¶: Required argument

search¶

Search audit log events.

audit-logs search [OPTIONS]

Options

-b, --begin <begin>¶: The beginning of the date range in which to look for audit-logs. Accepts a date/time in yyyy-MM-dd (UTC) or yyyy-MM-dd HH:MM:SS (UTC+24-hr time) format where the ‘time’ portion of the string can be partial (e.g. ‘2020-01-01 12’ or ‘2020-01-01 01:15’) or a ‘short time’ value representing days (30d), hours (24h) or minutes (15m) from the current time.

-e, --end <end>¶: The end of the date range in which to look for audit-logs, argument format options are the same as –begin.

--affected-username <affected_username>¶: Filter results by affected usernames.

--affected-user-id <affected_user_id>¶: Filter results by affected user IDs.

--actor-ip <actor_ip>¶: Filter results by user IP addresses.

--actor-user-id <actor_user_id>¶: Filter results by actor user IDs.

--actor-username <actor_username>¶: Filter results by actor usernames.

--event-type <event_type>¶: Filter results by event types (e.g. search_issued, user_registered, user_deactivated).

-f, --format <format>¶

The output format of the result. Defaults to table format.

Options:	TABLE\|CSV\|JSON\|RAW-JSON

-c, --use-checkpoint <use_checkpoint>¶: Only get audit-logs that were not previously retrieved.

-d, --debug¶: Turn on debug logging.

--profile <profile>¶: The name of the Code42 CLI profile to use when executing this command.

send-to¶

Send audit log events to the given server address in JSON format.

HOSTNAME format: address:port where port is optional and defaults to 514.

audit-logs send-to [OPTIONS] HOSTNAME

Options

-b, --begin <begin>¶: The beginning of the date range in which to look for audit-logs. Accepts a date/time in yyyy-MM-dd (UTC) or yyyy-MM-dd HH:MM:SS (UTC+24-hr time) format where the ‘time’ portion of the string can be partial (e.g. ‘2020-01-01 12’ or ‘2020-01-01 01:15’) or a ‘short time’ value representing days (30d), hours (24h) or minutes (15m) from the current time.

-e, --end <end>¶: The end of the date range in which to look for audit-logs, argument format options are the same as –begin.

--affected-username <affected_username>¶: Filter results by affected usernames.

--affected-user-id <affected_user_id>¶: Filter results by affected user IDs.

--actor-ip <actor_ip>¶: Filter results by user IP addresses.

--actor-user-id <actor_user_id>¶: Filter results by actor user IDs.

--actor-username <actor_username>¶: Filter results by actor usernames.

--event-type <event_type>¶: Filter results by event types (e.g. search_issued, user_registered, user_deactivated).

-c, --use-checkpoint <use_checkpoint>¶: Only get audit-logs that were not previously retrieved.

--ignore-cert-validation¶: Set to skip CA certificate validation. Incompatible with the ‘certs’ option.

--certs <certs>¶: A CA certificates-chain file for the TCP-TLS protocol.

-p, --protocol <protocol>¶

Protocol used to send logs to server. Use TCP-TLS for additional security. Defaults to UDP.

Options:	TCP\|UDP\|TLS-TCP

-d, --debug¶: Turn on debug logging.

--profile <profile>¶: The name of the Code42 CLI profile to use when executing this command.

Arguments

HOSTNAME¶: Required argument