audit interface — VMware Salt API

audit interface — VMware Salt API

audit interface

The LoadedMod class allows for the module loaded onto the sub to return custom sequencing, for instance it can be iterated over to return all functions

get_audit(account_uuid: uuid.UUID | None, username: str | None, session_uuid: uuid.UUID | None, event_type: str | None, event_name: str | None, failed: bool | None, daterange: list | None, elapsed_msec_min: int | None, elapsed_msec_max: int | None, page: int | None, limit: int | None = 50, sort_by: str | None, reverse: bool | None)
Returns: <class 'dict'>

Return a list of audit records matching search criteria.

Parameters

account_uuid:Account UUID to match on audit records. Cannot be combined with username
username:Username to match on audit records. Cannot be combined with account_uuid
session_uuid:Session UUID, to match retrieve audit records from a particular client session
event_type:'system', 'auth', 'rpc', or 'task'
event_name:For system events, 'startup' or 'shutdown'. For auth events, 'login' or 'logout'. For rpc events, '<resource>.<method>' of the API call. For task events, the name of the background task.
failed:True to match failed events, False to match successful events
daterange:List of two date strings in ISO 8601 format
elapsed_msec_min:Minimum event duration, in milliseconds
elapsed_msec_max:Maximum event duration, in milliseconds
page:Which page of the records to return (offset = page * limit)
limit:How many records to return at a time
sort_by:Field to sort by ('username', 'event_type', 'event_name', 'failed', 'start_time', 'end_time', 'elapsed_msec')
reverse:True to reverse sort order
client.api.audit.get_audit(username='root', event_type='auth', failed=True)

RPCResponse(
    riq=4,
    ret={'count': 1,
         'results': [
            {'id': 175,
             'start_time': '2019-06-05T21:12:53.190506+00:00',
             'end_time': '2019-06-05T21:13:24.729561+00:00',
             'event_type': 'auth',
             'event_name': 'login',
             'username': 'root',
             'account_uuid': None,
             'session_uuid': '4642ef92-d5ac-4ea2-b95d-2055b43f2193',
             'failed': True,
             'event_data': {
                'note': 'User root: authentication failed: invalid basic-auth credentials',
                'status': 401,
                'headers': {
                    'Host': 'localhost:8080',
                    'Accept': '*/*',
                    'User-Agent': 'curl/7.65.0',
                    'Content-Type': 'application/x-www-form-urlencoded',
                    'Authorization': 'Basic cm9vdDpzYWx0MQ==',
                    'Content-Length': '41'}}}],
    error=None,
    warnings=[])