audit-logs
Get and send audit log event data.
audit-logs [OPTIONS] COMMAND [ARGS]...
clear-checkpoint
Remove the saved audit log checkpoint from –use-checkpoint/-c mode.
audit-logs clear-checkpoint [OPTIONS] CHECKPOINT_NAME
Options
- -d, --debug
Turn on debug logging.
- --totp <totp>
TOTP token for multi-factor authentication.
- --profile <profile>
The name of the Code42 CLI profile to use when executing this command.
Arguments
- CHECKPOINT_NAME
Required argument
search
Search audit log events.
audit-logs search [OPTIONS]
Options
- -b, --begin <begin>
The beginning of the date range in which to look for audit-logs. Accepts a date/time in yyyy-MM-dd (UTC) or yyyy-MM-dd HH:MM:SS (UTC+24-hr time) format where the ‘time’ portion of the string can be partial (e.g. ‘2020-01-01 12’ or ‘2020-01-01 01:15’) or a ‘short time’ value representing days (30d), hours (24h) or minutes (15m) from the current time. [required unless –use-checkpoint option used]
- -e, --end <end>
The end of the date range in which to look for audit-logs, argument format options are the same as –begin.
- --affected-username <affected_username>
Filter results by affected usernames.
- --affected-user-id <affected_user_id>
Filter results by affected user IDs.
- --actor-ip <actor_ip>
Filter results by user IP addresses.
- --actor-user-id <actor_user_id>
Filter results by actor user IDs.
- --actor-username <actor_username>
Filter results by actor usernames.
- --event-type <event_type>
Filter results by event types (e.g. search_issued, user_registered, user_deactivated).
- -f, --format <format>
The output format of the result. Defaults to table format.
- Options
TABLE | CSV | JSON | RAW-JSON
- -c, --use-checkpoint <use_checkpoint>
Use a checkpoint with the given name to only get audit-logs that were not previously retrieved.If a checkpoint for audit-logs with the given name doesn’t exist, it will be created on the first run.Subsequent CLI runs with this flag and the same name will use the stored checkpoint to modify the search query and then update the stored checkpoint
- -d, --debug
Turn on debug logging.
- --totp <totp>
TOTP token for multi-factor authentication.
- --profile <profile>
The name of the Code42 CLI profile to use when executing this command.
send-to
Send audit log events to the given server address in JSON format.
HOSTNAME format: address:port where port is optional and defaults to 514.
audit-logs send-to [OPTIONS] HOSTNAME
Options
- -b, --begin <begin>
The beginning of the date range in which to look for audit-logs. Accepts a date/time in yyyy-MM-dd (UTC) or yyyy-MM-dd HH:MM:SS (UTC+24-hr time) format where the ‘time’ portion of the string can be partial (e.g. ‘2020-01-01 12’ or ‘2020-01-01 01:15’) or a ‘short time’ value representing days (30d), hours (24h) or minutes (15m) from the current time. [required unless –use-checkpoint option used]
- -e, --end <end>
The end of the date range in which to look for audit-logs, argument format options are the same as –begin.
- --affected-username <affected_username>
Filter results by affected usernames.
- --affected-user-id <affected_user_id>
Filter results by affected user IDs.
- --actor-ip <actor_ip>
Filter results by user IP addresses.
- --actor-user-id <actor_user_id>
Filter results by actor user IDs.
- --actor-username <actor_username>
Filter results by actor usernames.
- --event-type <event_type>
Filter results by event types (e.g. search_issued, user_registered, user_deactivated).
- -c, --use-checkpoint <use_checkpoint>
Use a checkpoint with the given name to only get audit-logs that were not previously retrieved.If a checkpoint for audit-logs with the given name doesn’t exist, it will be created on the first run.Subsequent CLI runs with this flag and the same name will use the stored checkpoint to modify the search query and then update the stored checkpoint
- --ignore-cert-validation
Set to skip CA certificate validation. Incompatible with the ‘certs’ option.
- --certs <certs>
A CA certificates-chain file for the TCP-TLS protocol.
- -p, --protocol <protocol>
Protocol used to send logs to server. Use TCP-TLS for additional security. Defaults to UDP.
- Options
TCP | UDP | TLS-TCP
- -d, --debug
Turn on debug logging.
- --totp <totp>
TOTP token for multi-factor authentication.
- --profile <profile>
The name of the Code42 CLI profile to use when executing this command.
Arguments
- HOSTNAME
Required argument