This topic has 3 replies, 2 voices, and was last updated 3 weeks, 3 days ago by Jatinder Singh.

  • Author
    Posts
  • #27890
     kvivek03
    Participant

    What is the REST API to access the Audit logs? Any help would be appreciated. I am able to get the JSON Audit handler details but not able to find api which would give the data from access or activity log file.

    Thanks
    Vivek

    #27891
     Jatinder Singh
    Participant

    Once data has been written to disk, there’s no stock REST API for direct access to audit log files. You will have to design your data ingestion pipeline on how to consume this data. Or perhaps a custom audit event log hander (similar to Splunk) that would forward these logs. That said, there may be better options depending what you are attempting to do.

    Hope this helps!

    #27893
     kvivek03
    Participant

    Thanks @Jatinder for the information.Could you please help me with the configuration required for getting users dashboard activity. For example if one user has been assigned google application, so how can i see when user logged into google application from his dashboard?

    #27894
     Jatinder Singh
    Participant

    AM monitoring dashboard (Grafana) is shipped in the downloads section which you may be able to use to provide general overview. But for use cases like “find users logged in for a particular SP” – you will have to build your own. You can leverage logs and transaction ids to create a lineage of events. For example, create fields for audit log JSON events > and then use those fields to create different metrics and dashboard in your choice of SIEM technology.

    Hope this helps!

Viewing 4 posts - 1 through 4 (of 4 total)

You must be logged in to reply to this topic.

©2020 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?