May 5, 2020 at 9:19 pm #27890kvivek03Participant
What is the REST API to access the Audit logs? Any help would be appreciated. I am able to get the JSON Audit handler details but not able to find api which would give the data from access or activity log file.
VivekMay 5, 2020 at 10:54 pm #27891Jatinder SinghParticipant
Once data has been written to disk, there’s no stock REST API for direct access to audit log files. You will have to design your data ingestion pipeline on how to consume this data. Or perhaps a custom audit event log hander (similar to Splunk) that would forward these logs. That said, there may be better options depending what you are attempting to do.
Hope this helps!May 6, 2020 at 11:10 am #27893kvivek03Participant
Thanks @Jatinder for the information.Could you please help me with the configuration required for getting users dashboard activity. For example if one user has been assigned google application, so how can i see when user logged into google application from his dashboard?May 6, 2020 at 4:12 pm #27894Jatinder SinghParticipant
AM monitoring dashboard (Grafana) is shipped in the downloads section which you may be able to use to provide general overview. But for use cases like “find users logged in for a particular SP” – you will have to build your own. You can leverage logs and transaction ids to create a lineage of events. For example, create fields for audit log JSON events > and then use those fields to create different metrics and dashboard in your choice of SIEM technology.
Hope this helps!
You must be logged in to reply to this topic.