You are here

Using the auditing REST API

You can use the REST API to control auditing and also run queries against the audit data for specific applications. It is also possible to clear auditing data using the API.

Audit query parameters

For the audit query, these are the possible parameters:

Parameter Description
fromId/toId Return audit events with audit event IDs in the range specified.
fromTime/toTime Return audit events within the date/time range specified.
user Return audit events generated by the specified user.
forward (true/false) Return audit events sorted upward/downward by date/time. The result ordering differs between SkyVault Community Edition versions, so we recommend using "true" for consistency.
limit Optionally limit the number of entries retrieved. For example, limit=100. The default, when unspecified, is 100. Using extreme values will result in memory issues during the FreeMarker template conversion. It is possible to use the lower bound ID-based queries ('fromId'), in conjunction with the 'limit' parameter, to page through results.
verbose Determine if entry 'values' should be returned. For example, verbose=true : pull back all entry values, For example, verbose=false : ignore all entry values.
value Optional value to search for. If no 'valueType' is specified, then the value will be treated as a String.
valueType Optional class name to convert the 'value' parameter. For example, valueType=java.lang.Long

Auditing Control

URL:

/api/audit/control

Description:

Get and change the global audit status. Status for individual applications is also shown.

Call:

curl -u admin:admin "http://localhost:8080/alfresco/service/api/audit/control"

Response:

{
   "enabled" : true,
   "applications": 
   [
      {
         "name": "SkyVault Sync Service",
         "path" : "/sync",
         "enabled" : true
      }
         ,
      {
         "name": "SkyVault Tagging Service",
         "path" : "/tagging",
         "enabled" : true
      }
         ,
      {
         "name": "AuditExampleExtractors",
         "path" : "/auditexampleextractors",
         "enabled" : true
      }
         ,
      {
         "name": "AuditExampleLogin1",
         "path" : "/auditexamplelogin1",
         "enabled" : true
      }
         ,
      {
         "name": "AuditExampleLogin2",
         "path" : "/auditexamplelogin2",
         "enabled" : true
      }
         ,
      {
         "name": "alfresco-access",
         "path" : "/alfresco-access",
         "enabled" : true
      }
         
   ]
}
        

URL:

/api/audit/control/{application}/{path}

Description:

Get and change the audit status for a given application and path.

Call:

curl -u admin:admin "http://localhost:8080/alfresco/service/api/audit/control/AuditExampleLogin1/auditexamplelogin1"

Response:

{
   "enabled" : true,
   "applications": 
   [
      {
         "name": "AuditExampleLogin1",
         "path" : "/auditexamplelogin1",
         "enabled" : true
      }
         
   ]
}

Audit Query

URL:

/api/audit/query/{application}

Description:

Retrieve audit events.

Call:

curl -u admin:admin "http://localhost:8080/alfresco/service/api/audit/query/AuditExampleLogin1"

Response:

{
   "count":19,
   "entries": 
   [
      {
         "id":1,
         "application":"AuditExampleLogin1",
         "user":"admin",
         "time":"2015-12-09T11:40:54.540Z",
         "values":
null
      },
      {
         "id":7,
         "application":"AuditExampleLogin1",
         "user":"admin",
         "time":"2015-12-09T12:24:43.674Z",
         "values":
null
      },
...
          
        

URL:

/api/audit/query/{application}/{path}

Description:

Retrieve audit events for the specified application and path.

Call:

curl -u admin:admin "http://localhost:8080/alfresco/service/api/audit/query/AuditExampleLogin1/auditexamplelogin1"

Response:

{
  "count":0,
  "entries": 
    [
    ]
}
      

URL:

/api/audit/query/{application}?fromId={fromId}&toId={toId}&fromTime={fromTime}&toTime={toTime}&user={user}&forward={forward}&limit={limit}&verbose={verbose}

Description:

Retrieve audit events for the specified application (with id, time range, and other parameters).

Call:

curl -u admin:admin "http://localhost:8080/alfresco/service/api/audit/query/AuditExampleLogin1?verbose=true&forward=false&limit=2"

Response:

{
   "count":2,
   "entries": 
   [
      {
         "id":68,
         "application":"AuditExampleLogin1",
         "user":"admin",
         "time":"2015-12-09T14:23:52.364Z",
         "values":
         {
                     "\/auditexamplelogin1\/login\/no-error\/user":"admin"
         }
         
      },
      {
         "id":65,
         "application":"AuditExampleLogin1",
         "user":"admin",
         "time":"2015-12-09T14:23:03.432Z",
         "values":
         {
                     "\/auditexamplelogin1\/login\/no-error\/user":"admin"
         }
         
      }
   ]
}          
        

URL:

/api/audit/query/{application}/{path}?value={value}&valueType={valueType}&fromId={fromId}&toId={toId}&fromTime={fromTime}&toTime={toTime}&user={user}&forward={forward}&limit={limit}&verbose={verbose}

Description:

Retrieve audit events for the specified application and path (with id, time range, and other parameters).

Call:

curl -u admin:admin 'http://localhost:8080/alfresco/service/api/audit/query/AuditExampleLogin1?verbose=false&limit=8&forward=false&toId=96'

Response:

{
  'count':8,
  'entries': 
     [
      {
        'id':94,
        'application':AuditExampleLogin1,
        'user':admin,
        'time':'2010-09-20T15:09:47.606+01:00',
        'values':
         null
       },
       ...
       {
         'id':80,
         'application':AuditExampleLogin1,
         'user':admin,
         'time':'2010-09-20T14:58:34.305+01:00',
         'values':
          null
       }
     ]
}
      

Clear audit records

URL:

/api/audit/clear/{application}

Description:

Delete audit entries for a given application (and time range if specified).

Call:

curl -X POST -u admin:admin "http://localhost:8080/alfresco/service/api/audit/clear/AuditExampleLogin2"

Response:

{
   "cleared" : 29
}