Retrieving XML API traffic logs with query

Reply
Highlighted
L1 Bithead

Retrieving XML API traffic logs with query

I'm trying to retrieve the traffic logs for a user with the following API request:

 

https://panorama/api/?type=log&log-type=traffic&query=user.src+eq+'pa\dmh'&key=<key>

If I run this query through the API browser (which has the REST_API_TOKEN field instead of the key field) this works as expected. When I run the above I get:

 

<response status="error" code="17">
  <msg>
    <line>Invalid value pa\dmh for field user.src</line>
  </msg>
</response>

I verified that the key is correct (I get an invalid credential if I change that) and tried a couple different ways of quoting the domain\user part but nothing seems to work.

 

Any ideas what's wrong with my GET request?

Tags (2)
L1 Bithead

Re: Retrieving XML API traffic logs with query

Update on this:

I opened a case with support and haven't been able to get a resolution from them. It seems to me like an authentication bug in the API code at this point. The API call above is formatted correctly and works from an account with superuser privileges but not an account with only XML-API permissions.

 

Working with my initial support contact I also found that this query works with only the XML-API permissions (using the "in" keyword instead of "eq"):

 

https://panorama/api/?type=log&log-type=traffic&query=user.src+in+'pa\dmh'&key=<key>

Any ideas as to what I could try next to make this work, other than making my service accounts a superuser on my Panorama?

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!