If we want to keep a record of our audit log offline we can make use of the API.
The endpoint we will be making use of in this article is:
Via API tool - postman, insomnia etc.
- Setup environment of choice
- query GET api/v1/audit/events endpoint
- set any variables required - max, offset, filter
- Send request and save output
The steps here will depend on your environment. Steps shown will be using a curl command on a linux console. This will be different if you are on a different environment.
curl https://<your-endpoint>.iriusrisk.com/api/v1/audit/events?max=100 --header "api-token: <your-api-token>" --header "Content-Type: application/json"
feel free to remove the ?max=100 variable, but this should help by adding pagination as audit logs can be very large.
To export it simply add the following output value:
Improving console output
if install the jq package, we can format the output so it is no longer in a block and closer to what we get from a tool such as postman/insomnia etc.
curl https://<your-endpoint>.iriusrisk.com/api/v1/audit/events?max=100 --header "api-token: <your-api-token>" --header "Content-Type: application/json" | jq
In the above example I have added '| jq' to the end. This gives the following, cleaner output.
to save the output.
The usage of filtering can help us search the audit log within certain parameters. This is explained in the swaggerhub documentation on the API.
applied at the code or API application level. We can also set other filters as we see fit.
- Ensure API is enabled via Settings > API > API Enabled (tick). This is available inside IriusRisk.
- Ensure the api-token is correct. This will show if authentication issues arise
- ensure your user has access to the audit log.