Audit query parameters
For the audit query, these are the possible parameters:
| Parameter | Description |
|---|---|
| fromId/toId | Return audit events with audit event IDs in the range specified. |
| fromTime/toTime | Return audit events within the date/time range specified. |
| user | Return audit events generated by the specified user. |
| forward (true/false) | Return audit events sorted upward/downward by date/time. The result ordering differs between SkyVault versions, so we recommend using "true" for consistency. |
| limit | Optionally limit the number of entries retrieved. For example, limit=100. The default, when unspecified, is 100. Using extreme values will result in memory issues during the FreeMarker template conversion. It is possible to use the lower bound ID-based queries ('fromId'), in conjunction with the 'limit' parameter, to page through results. |
| verbose | Determine if entry 'values' should be returned. For example, verbose=true : pull back all entry values, For example, verbose=false : ignore all entry values. |
| value | Optional value to search for. If no 'valueType' is specified, then the value will be treated as a String. |
| valueType | Optional class name to convert the 'value' parameter. For example, valueType=java.lang.Long |
Auditing Control
URL:
/api/audit/control
Description:
Get and change the global audit status. Status for individual applications is also shown.
Call:
curl -u admin:admin "http://localhost:8080/alfresco/service/api/audit/control"
Response:
{
"enabled" : true,
"applications":
[
{
"name": "SkyVault Sync Service",
"path" : "/sync",
"enabled" : true
}
,
{
"name": "SkyVault Tagging Service",
"path" : "/tagging",
"enabled" : true
}
,
{
"name": "AuditExampleExtractors",
"path" : "/auditexampleextractors",
"enabled" : true
}
,
{
"name": "AuditExampleLogin1",
"path" : "/auditexamplelogin1",
"enabled" : true
}
,
{
"name": "AuditExampleLogin2",
"path" : "/auditexamplelogin2",
"enabled" : true
}
,
{
"name": "alfresco-access",
"path" : "/alfresco-access",
"enabled" : true
}
]
}
URL:
/api/audit/control/{application}/{path}
Description:
Get and change the audit status for a given application and path.
Call:
curl -u admin:admin "http://localhost:8080/alfresco/service/api/audit/control/AuditExampleLogin1/auditexamplelogin1"
Response:
{
"enabled" : true,
"applications":
[
{
"name": "AuditExampleLogin1",
"path" : "/auditexamplelogin1",
"enabled" : true
}
]
}
Audit Query
URL:
/api/audit/query/{application}
Description:
Retrieve audit events.
Call:
curl -u admin:admin "http://localhost:8080/alfresco/service/api/audit/query/AuditExampleLogin1"
Response:
{
"count":19,
"entries":
[
{
"id":1,
"application":"AuditExampleLogin1",
"user":"admin",
"time":"2015-12-09T11:40:54.540Z",
"values":
null
},
{
"id":7,
"application":"AuditExampleLogin1",
"user":"admin",
"time":"2015-12-09T12:24:43.674Z",
"values":
null
},
...
URL:
/api/audit/query/{application}/{path}
Description:
Retrieve audit events for the specified application and path.
Call:
curl -u admin:admin "http://localhost:8080/alfresco/service/api/audit/query/AuditExampleLogin1/auditexamplelogin1"
Response:
{
"count":0,
"entries":
[
]
}
URL:
/api/audit/query/{application}?fromId={fromId}&toId={toId}&fromTime={fromTime}&toTime={toTime}&user={user}&forward={forward}&limit={limit}&verbose={verbose}
Description:
Retrieve audit events for the specified application (with id, time range, and other parameters).
Call:
curl -u admin:admin "http://localhost:8080/alfresco/service/api/audit/query/AuditExampleLogin1?verbose=true&forward=false&limit=2"
Response:
{
"count":2,
"entries":
[
{
"id":68,
"application":"AuditExampleLogin1",
"user":"admin",
"time":"2015-12-09T14:23:52.364Z",
"values":
{
"\/auditexamplelogin1\/login\/no-error\/user":"admin"
}
},
{
"id":65,
"application":"AuditExampleLogin1",
"user":"admin",
"time":"2015-12-09T14:23:03.432Z",
"values":
{
"\/auditexamplelogin1\/login\/no-error\/user":"admin"
}
}
]
}
URL:
/api/audit/query/{application}/{path}?value={value}&valueType={valueType}&fromId={fromId}&toId={toId}&fromTime={fromTime}&toTime={toTime}&user={user}&forward={forward}&limit={limit}&verbose={verbose}
Description:
Retrieve audit events for the specified application and path (with id, time range, and other parameters).
Call:
curl -u admin:admin 'http://localhost:8080/alfresco/service/api/audit/query/AuditExampleLogin1?verbose=false&limit=8&forward=false&toId=96'
Response:
{
'count':8,
'entries':
[
{
'id':94,
'application':AuditExampleLogin1,
'user':admin,
'time':'2010-09-20T15:09:47.606+01:00',
'values':
null
},
...
{
'id':80,
'application':AuditExampleLogin1,
'user':admin,
'time':'2010-09-20T14:58:34.305+01:00',
'values':
null
}
]
}
Clear audit records
URL:
/api/audit/clear/{application}
Description:
Delete audit entries for a given application (and time range if specified).
Call:
curl -X POST -u admin:admin "http://localhost:8080/alfresco/service/api/audit/clear/AuditExampleLogin2"
Response:
{
"cleared" : 29
}