RESTful API and getting log data

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

RESTful API and getting log data

Not applicable

Hi

1.

Getting the data

I have been researching a way to get threat logs from the system using the RESTful API as a carrier. It seems you can access reports and configuration this way but not the "raw" logs.

The "raw" logs are accessable through the CLI it seems, for instance you can get data by issuing this command:

     show log threat csv-output equal yes start-time 2009/10/22@10:00:00

I would be great if you could get this same output through the RESTful API aswell.

2.

Proposal "uniqe-log-row-id"

When getting data from the logs you are able to restrict the output to alot of different things like source, dest, application, etc, etc. When implementing some kind of automated log-retrieval system i would be really cool if each log-row had an uniqe ID and you could place the following command to the CLI (or RESTful API)

     show log threat csv-output equal yes since-id equal <unique-id>

This would allow a system to uninterrupted get data from the device even if the retrieval application goes offline for awhile.

Does anyone know of a way to solve problem 1 or 2 with the features that are available now.

2 REPLIES 2

L4 Transporter

Henrik,

Thanks for the feedback on the API. We will considers these ideas as

we enhance the API in future releases.

As for options to perform similar function today, there are a couple

of options for getting logs off of the device in a programmatic way.

The most real-time method is to use the syslog forwarding function

which will forward all specified logs as they come in. If you want a

less real-time approach, you can use the scheduled log export function

which will connect to an FTP server once a day and dump any logs for

the previous day in a CSV file format. Alternatively, you can use the

CLI command "scp|ftp export log traffic|data|threat|url unexported-

only equal yes ..." The system internally marks the logs that have

been exported to ensure you don't miss any logs.

Mike

Hi thanks for your answer.

We would not like to use syslog since that protocol does not have any security in it, if a link goes down we will lose data.

The ftp and scp export command in the cli are good, but as you say they are hard-to-use for realtime operations. Do you know if there is a say to send command to the cli directly just like you can with normal ssh shells like bash?

for instance:

ssh user@box "ls -la /"

if you could do:

ssh user@box "<command for outputting a specified amount of logdata to STDOUT>" This would make a pretty good say to pull logs from the machine using for instance a python script.

However, the best way would be access to logs using the REST api.

//Henrik

  • 3177 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!