Get Runtime Log Inspection Audit Events
GET/api/v32.07/audits/runtime/log-inspection
x-prisma-cloud-target-env: {"permission":"monitorRuntimeHosts"}
Retrieves all audit events for log inspection checks that are configured under host runtime rules.
cURL Request
Refer to the following example cURL command:
$ curl -k \
-u <USER> \
-H 'Content-Type: application/json' \
-X GET \
"https://<CONSOLE>/api/v<VERSION>/audits/runtime/log-inspection"
cURL Response
{
"_id": "637639e2b962a7ae744851bf",
"logfile": "/var/lib/twistlock/log/console.log",
"line": "DEBU 2022-11-17T13:40:50.066 route_handler_middleware.go:507 GET /api/v1/audits/runtime/log-inspection?limit=20&offset=0&project=Central+Console&reverse=false&search=panic ssugandh admin 0.10s",
"time": "2022-11-17T13:40:50.067Z",
"hostname": "jen-cen8-cons-dock-0811t160649-cons-ssugandh-lngcon230.c.twistlock-test-247119.internal",
"ruleName": "panic_error_log",
"accountID": "twistlock-test-247119",
"collections": [
"All",
"registry_scan_container_cen8-container_22_11_384_piu",
"cnnf_cen8_client_itu"
],
"cluster": ""
}
Request
Query Parameters
Offsets the result to a specific report count. Offset starts from 0.
Limit is the amount to fix.
Sorts the result using a key.
Sorts the result in reverse order.
IDs is the list of IDs to use for filtering.
From is an optional minimum time constraints for the event.
To is an optional maximum time constraints for the event.
Hosts is the list of hosts to use for filtering.
Logfiles is the list of log files to use for filtering.
Clusters is the cluster filter.
Responses
- 200
- default
- application/json
- Schema
- Example (from schema)
Schema
- Array [
- ]
ID is event's unique identifier.
AccountID is the cloud account ID.
Cluster is the cluster on which the event was found.
Collections are collections to which this event applies.
Hostname is the hostname on which the event was found.
Line is the matching log line.
Logfile is the log file which triggered the event.
RuleName is the name of the applied rule for auditing log inspection events.
Time is the time of the event.
[
{
"_id": "string",
"accountID": "string",
"cluster": "string",
"collections": [
"string"
],
"hostname": "string",
"line": "string",
"logfile": "string",
"ruleName": "string",
"time": "2024-07-29T15:51:28.071Z"
}
]