Get audit logs

Gets a list of audit logs that match the search criteria.

Required Permissions

Requires the MASTER role.

HTTP Request

GET /api/sonar/audit-logs
cURL Example
curl -H "Authorization: Bearer <API_KEY>" \
     "https://HOSTNAME/api/sonar/audit-logs?keywords=login&from=2024-06-18%2000:00:00+0900&to=2024-06-18%2023:59:59+0900&limit=50"
Request Parameters
KeyRequiredTypeDescriptionNotes
offsetNo64-bit integerNumber of records to skipDefault: 0
limitNo64-bit integerMaximum number of records to load
keywordsNoString listSearch keywords (matched across the entire audit log content)Multiple keywords allowed
categoriesNoString listCategory filter
actionsNoString listAction filter
company_guidsNoString listCompany GUID filter
fromNoDateStart timeFormat: yyyy-MM-dd HH:mm:ssZ
toNoDateEnd timeFormat: yyyy-MM-dd HH:mm:ssZ
localeNoStringLocale for localized category and action labelse.g. ko, en

Success Response

{
  "audit_logs": [
    {
      "id": 1024,
      "user_guid": "a1b2c3d4-1111-2222-3333-444455556666",
      "user_name": "admin",
      "remote_ip": "192.0.2.50",
      "module": "auth",
      "method": "login",
      "params": null,
      "msg_params": null,
      "error": null,
      "created_at": 1718668800000,
      "user": "admin",
      "time": 1718668800000,
      "result": "Success",
      "category": "Authentication",
      "action": "Login",
      "msg": "User admin logged in."
    }
  ],
  "total": 1,
  "categories": ["Authentication", "Configuration"],
  "actions": ["Login", "Logout"]
}
  • audit_logs (Array): List of audit log entries that match the search criteria. Each entry includes localized fields such as category, action, and message based on the locale.
    • id (32-bit integer): Audit log identifier
    • user_guid (String, optional): User GUID
    • user_name (String): User name
    • remote_ip (String): Source IP address of the request
    • module (String): Module name
    • method (String): Method name
    • params (Map, optional): Request parameters
    • msg_params (Map, optional): Message parameters
    • error (String, optional): Error content
    • created_at (Date): Creation time (epoch milliseconds)
    • user (String): User name
    • time (Date): Creation time (epoch milliseconds)
    • result (String): Processing result (localized string)
    • category (String, optional): Category (localized string). Included only when an action definition exists
    • action (String, optional): Action (localized string). Included only when an action definition exists
    • msg (String, optional): Localized log message. Included only when an action definition exists
  • total (64-bit integer): Total number of records that match the search criteria
  • categories (Array): Available category labels for building filters (localized strings)
  • actions (Array): Available action labels for building filters (localized strings)

Error Responses

from or to value has an invalid date format

HTTP status code 400

{
  "error_code": "invalid-argument",
  "error_msg": "invalid date format"
}
offset or limit value is not an integer

HTTP status code 400

{
  "error_code": "invalid-argument",
  "error_msg": "'offset' parameter should be long type"
}
Permission denied

HTTP status code 500

{
  "error_code": "illegal-state",
  "error_msg": "no-permission"
}