Audit query parameters
For the audit query, these are the possible parameters:
Parameter | Description |
---|---|
fromId/toId | Return audit events with audit event IDs in the range specified. |
fromTime/toTime | Return audit events within the date/time range specified. |
user | Return audit events generated by the specified user. |
forward (true/false) | Return audit events sorted upward/downward by date/time. The result ordering differs between SkyVault Community Edition versions, so we recommend using "true" for consistency. |
limit | Optionally limit the number of entries retrieved. For example, limit=100. The default, when unspecified, is 100. Using extreme values will result in memory issues during the FreeMarker template conversion. It is possible to use the lower bound ID-based queries ('fromId'), in conjunction with the 'limit' parameter, to page through results. |
verbose | Determine if entry 'values' should be returned. For example, verbose=true : pull back all entry values, For example, verbose=false : ignore all entry values. |
value | Optional value to search for. If no 'valueType' is specified, then the value will be treated as a String. |
valueType | Optional class name to convert the 'value' parameter. For example, valueType=java.lang.Long |
Auditing Control
URL:
/api/audit/control
Description:
Get and change the global audit status. Status for individual applications is also shown.
Call:
curl -u admin:admin "http://localhost:8080/alfresco/service/api/audit/control"
Response:
{ "enabled" : true, "applications": [ { "name": "SkyVault Sync Service", "path" : "/sync", "enabled" : true } , { "name": "SkyVault Tagging Service", "path" : "/tagging", "enabled" : true } , { "name": "AuditExampleExtractors", "path" : "/auditexampleextractors", "enabled" : true } , { "name": "AuditExampleLogin1", "path" : "/auditexamplelogin1", "enabled" : true } , { "name": "AuditExampleLogin2", "path" : "/auditexamplelogin2", "enabled" : true } , { "name": "alfresco-access", "path" : "/alfresco-access", "enabled" : true } ] }
URL:
/api/audit/control/{application}/{path}
Description:
Get and change the audit status for a given application and path.
Call:
curl -u admin:admin "http://localhost:8080/alfresco/service/api/audit/control/AuditExampleLogin1/auditexamplelogin1"
Response:
{ "enabled" : true, "applications": [ { "name": "AuditExampleLogin1", "path" : "/auditexamplelogin1", "enabled" : true } ] }
Audit Query
URL:
/api/audit/query/{application}
Description:
Retrieve audit events.
Call:
curl -u admin:admin "http://localhost:8080/alfresco/service/api/audit/query/AuditExampleLogin1"
Response:
{ "count":19, "entries": [ { "id":1, "application":"AuditExampleLogin1", "user":"admin", "time":"2015-12-09T11:40:54.540Z", "values": null }, { "id":7, "application":"AuditExampleLogin1", "user":"admin", "time":"2015-12-09T12:24:43.674Z", "values": null }, ...
URL:
/api/audit/query/{application}/{path}
Description:
Retrieve audit events for the specified application and path.
Call:
curl -u admin:admin "http://localhost:8080/alfresco/service/api/audit/query/AuditExampleLogin1/auditexamplelogin1"
Response:
{ "count":0, "entries": [ ] }
URL:
/api/audit/query/{application}?fromId={fromId}&toId={toId}&fromTime={fromTime}&toTime={toTime}&user={user}&forward={forward}&limit={limit}&verbose={verbose}
Description:
Retrieve audit events for the specified application (with id, time range, and other parameters).
Call:
curl -u admin:admin "http://localhost:8080/alfresco/service/api/audit/query/AuditExampleLogin1?verbose=true&forward=false&limit=2"
Response:
{ "count":2, "entries": [ { "id":68, "application":"AuditExampleLogin1", "user":"admin", "time":"2015-12-09T14:23:52.364Z", "values": { "\/auditexamplelogin1\/login\/no-error\/user":"admin" } }, { "id":65, "application":"AuditExampleLogin1", "user":"admin", "time":"2015-12-09T14:23:03.432Z", "values": { "\/auditexamplelogin1\/login\/no-error\/user":"admin" } } ] }
URL:
/api/audit/query/{application}/{path}?value={value}&valueType={valueType}&fromId={fromId}&toId={toId}&fromTime={fromTime}&toTime={toTime}&user={user}&forward={forward}&limit={limit}&verbose={verbose}
Description:
Retrieve audit events for the specified application and path (with id, time range, and other parameters).
Call:
curl -u admin:admin 'http://localhost:8080/alfresco/service/api/audit/query/AuditExampleLogin1?verbose=false&limit=8&forward=false&toId=96'
Response:
{ 'count':8, 'entries': [ { 'id':94, 'application':AuditExampleLogin1, 'user':admin, 'time':'2010-09-20T15:09:47.606+01:00', 'values': null }, ... { 'id':80, 'application':AuditExampleLogin1, 'user':admin, 'time':'2010-09-20T14:58:34.305+01:00', 'values': null } ] }
Clear audit records
URL:
/api/audit/clear/{application}
Description:
Delete audit entries for a given application (and time range if specified).
Call:
curl -X POST -u admin:admin "http://localhost:8080/alfresco/service/api/audit/clear/AuditExampleLogin2"
Response:
{ "cleared" : 29 }