audit-logs

Get and send audit log event data.

audit-logs [OPTIONS] COMMAND [ARGS]...

clear-checkpoint

Remove the saved audit log checkpoint from –use-checkpoint/-c mode.

audit-logs clear-checkpoint [OPTIONS] CHECKPOINT_NAME

Options

-d, --debug

Turn on debug logging.

--totp <totp>

TOTP token for multi-factor authentication.

--profile <profile>

The name of the Code42 CLI profile to use when executing this command.

Arguments

CHECKPOINT_NAME

Required argument

send-to

Send audit log events to the given server address in JSON format.

HOSTNAME format: address:port where port is optional and defaults to 514.

audit-logs send-to [OPTIONS] HOSTNAME

Options

-b, --begin <begin>

The beginning of the date range in which to look for audit-logs. Accepts a date/time in yyyy-MM-dd (UTC) or yyyy-MM-dd HH:MM:SS (UTC+24-hr time) format where the ‘time’ portion of the string can be partial (e.g. ‘2020-01-01 12’ or ‘2020-01-01 01:15’) or a ‘short time’ value representing days (30d), hours (24h) or minutes (15m) from the current time.

-e, --end <end>

The end of the date range in which to look for audit-logs, argument format options are the same as –begin.

--affected-username <affected_username>

Filter results by affected usernames.

--affected-user-id <affected_user_id>

Filter results by affected user IDs.

--actor-ip <actor_ip>

Filter results by user IP addresses.

--actor-user-id <actor_user_id>

Filter results by actor user IDs.

--actor-username <actor_username>

Filter results by actor usernames.

--event-type <event_type>

Filter results by event types (e.g. search_issued, user_registered, user_deactivated).

-c, --use-checkpoint <use_checkpoint>

Only get audit-logs that were not previously retrieved.

--ignore-cert-validation

Set to skip CA certificate validation. Incompatible with the ‘certs’ option.

--certs <certs>

A CA certificates-chain file for the TCP-TLS protocol.

-p, --protocol <protocol>

Protocol used to send logs to server. Use TCP-TLS for additional security. Defaults to UDP.

Options:TCP|UDP|TLS-TCP
-d, --debug

Turn on debug logging.

--totp <totp>

TOTP token for multi-factor authentication.

--profile <profile>

The name of the Code42 CLI profile to use when executing this command.

Arguments

HOSTNAME

Required argument