audit-logs¶
Get and send audit log event data.
audit-logs [OPTIONS] COMMAND [ARGS]...
clear-checkpoint¶
Remove the saved audit log checkpoint from –use-checkpoint/-c mode.
audit-logs clear-checkpoint [OPTIONS] CHECKPOINT_NAME
Options
-
-d
,
--debug
¶
Turn on debug logging.
-
--totp
<totp>
¶ TOTP token for multi-factor authentication.
-
--profile
<profile>
¶ The name of the Code42 CLI profile to use when executing this command.
Arguments
-
CHECKPOINT_NAME
¶
Required argument
search¶
Search audit log events.
audit-logs search [OPTIONS]
Options
-
-b
,
--begin
<begin>
¶ The beginning of the date range in which to look for audit-logs. Accepts a date/time in yyyy-MM-dd (UTC) or yyyy-MM-dd HH:MM:SS (UTC+24-hr time) format where the ‘time’ portion of the string can be partial (e.g. ‘2020-01-01 12’ or ‘2020-01-01 01:15’) or a ‘short time’ value representing days (30d), hours (24h) or minutes (15m) from the current time.
-
-e
,
--end
<end>
¶ The end of the date range in which to look for audit-logs, argument format options are the same as –begin.
-
--affected-username
<affected_username>
¶ Filter results by affected usernames.
-
--affected-user-id
<affected_user_id>
¶ Filter results by affected user IDs.
-
--actor-ip
<actor_ip>
¶ Filter results by user IP addresses.
-
--actor-user-id
<actor_user_id>
¶ Filter results by actor user IDs.
-
--actor-username
<actor_username>
¶ Filter results by actor usernames.
-
--event-type
<event_type>
¶ Filter results by event types (e.g. search_issued, user_registered, user_deactivated).
-
-f
,
--format
<format>
¶ The output format of the result. Defaults to table format.
Options: TABLE|CSV|JSON|RAW-JSON
-
-c
,
--use-checkpoint
<use_checkpoint>
¶ Only get audit-logs that were not previously retrieved.
-
-d
,
--debug
¶
Turn on debug logging.
-
--totp
<totp>
¶ TOTP token for multi-factor authentication.
-
--profile
<profile>
¶ The name of the Code42 CLI profile to use when executing this command.
send-to¶
Send audit log events to the given server address in JSON format.
HOSTNAME format: address:port where port is optional and defaults to 514.
audit-logs send-to [OPTIONS] HOSTNAME
Options
-
-b
,
--begin
<begin>
¶ The beginning of the date range in which to look for audit-logs. Accepts a date/time in yyyy-MM-dd (UTC) or yyyy-MM-dd HH:MM:SS (UTC+24-hr time) format where the ‘time’ portion of the string can be partial (e.g. ‘2020-01-01 12’ or ‘2020-01-01 01:15’) or a ‘short time’ value representing days (30d), hours (24h) or minutes (15m) from the current time.
-
-e
,
--end
<end>
¶ The end of the date range in which to look for audit-logs, argument format options are the same as –begin.
-
--affected-username
<affected_username>
¶ Filter results by affected usernames.
-
--affected-user-id
<affected_user_id>
¶ Filter results by affected user IDs.
-
--actor-ip
<actor_ip>
¶ Filter results by user IP addresses.
-
--actor-user-id
<actor_user_id>
¶ Filter results by actor user IDs.
-
--actor-username
<actor_username>
¶ Filter results by actor usernames.
-
--event-type
<event_type>
¶ Filter results by event types (e.g. search_issued, user_registered, user_deactivated).
-
-c
,
--use-checkpoint
<use_checkpoint>
¶ Only get audit-logs that were not previously retrieved.
-
--ignore-cert-validation
¶
Set to skip CA certificate validation. Incompatible with the ‘certs’ option.
-
--certs
<certs>
¶ A CA certificates-chain file for the TCP-TLS protocol.
-
-p
,
--protocol
<protocol>
¶ Protocol used to send logs to server. Use TCP-TLS for additional security. Defaults to UDP.
Options: TCP|UDP|TLS-TCP
-
-d
,
--debug
¶
Turn on debug logging.
-
--totp
<totp>
¶ TOTP token for multi-factor authentication.
-
--profile
<profile>
¶ The name of the Code42 CLI profile to use when executing this command.
Arguments
-
HOSTNAME
¶
Required argument