10-09-2017 11:13 AM - edited 10-09-2017 11:15 AM
I'm trying to retrieve the traffic logs for a user with the following API request:
https://panorama/api/?type=log&log-type=traffic&query=user.src+eq+'pa\dmh'&key=<key>
If I run this query through the API browser (which has the REST_API_TOKEN field instead of the key field) this works as expected. When I run the above I get:
<response status="error" code="17">
<msg>
<line>Invalid value pa\dmh for field user.src</line>
</msg>
</response>I verified that the key is correct (I get an invalid credential if I change that) and tried a couple different ways of quoting the domain\user part but nothing seems to work.
Any ideas what's wrong with my GET request?
11-01-2017 07:23 AM - edited 11-01-2017 07:23 AM
Update on this:
I opened a case with support and haven't been able to get a resolution from them. It seems to me like an authentication bug in the API code at this point. The API call above is formatted correctly and works from an account with superuser privileges but not an account with only XML-API permissions.
Working with my initial support contact I also found that this query works with only the XML-API permissions (using the "in" keyword instead of "eq"):
https://panorama/api/?type=log&log-type=traffic&query=user.src+in+'pa\dmh'&key=<key>
Any ideas as to what I could try next to make this work, other than making my service accounts a superuser on my Panorama?
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
