audit interface — VMware Salt API
audit interface
The LoadedMod class allows for the module loaded onto the sub to return custom sequencing, for instance it can be iterated over to return all functions
get_audit(account_uuid: uuid.UUID | None, username: str | None, session_uuid: uuid.UUID | None, event_type: str | None, event_name: str | None, failed: bool | None, daterange: list | None, elapsed_msec_min: int | None, elapsed_msec_max: int | None, page: int | None, limit: int | None = 50, sort_by: str | None, reverse: bool | None)
Returns: <class 'dict'>
Return a list of audit records matching search criteria.
Parameters
| account_uuid: | Account UUID to match on audit records. Cannot be combined with username |
|---|---|
| username: | Username to match on audit records. Cannot be combined with account_uuid |
| session_uuid: | Session UUID, to match retrieve audit records from a particular client session |
| event_type: | 'system', 'auth', 'rpc', or 'task' |
| event_name: | For system events, 'startup' or 'shutdown'. For auth events, 'login' or 'logout'. For rpc events, '<resource>.<method>' of the API call. For task events, the name of the background task. |
| failed: | True to match failed events, False to match successful events |
| daterange: | List of two date strings in ISO 8601 format |
| elapsed_msec_min: | Minimum event duration, in milliseconds |
| elapsed_msec_max: | Maximum event duration, in milliseconds |
| page: | Which page of the records to return (offset = page * limit) |
| limit: | How many records to return at a time |
| sort_by: | Field to sort by ('username', 'event_type', 'event_name', 'failed', 'start_time', 'end_time', 'elapsed_msec') |
| reverse: | True to reverse sort order |
client.api.audit.get_audit(username='root', event_type='auth', failed=True) RPCResponse( riq=4, ret={'count': 1, 'results': [ {'id': 175, 'start_time': '2019-06-05T21:12:53.190506+00:00', 'end_time': '2019-06-05T21:13:24.729561+00:00', 'event_type': 'auth', 'event_name': 'login', 'username': 'root', 'account_uuid': None, 'session_uuid': '4642ef92-d5ac-4ea2-b95d-2055b43f2193', 'failed': True, 'event_data': { 'note': 'User root: authentication failed: invalid basic-auth credentials', 'status': 401, 'headers': { 'Host': 'localhost:8080', 'Accept': '*/*', 'User-Agent': 'curl/7.65.0', 'Content-Type': 'application/x-www-form-urlencoded', 'Authorization': 'Basic cm9vdDpzYWx0MQ==', 'Content-Length': '41'}}}], error=None, warnings=[])