Get Logs v3.1

API version3.1
Last Update04/21/2021
AuthenticationYES
HTTP MethodPOST
Content Typeapplication/json
Rate limitedYES
Requests per rate limit10/min
Response FormatJSON

MetaAccess records events on your account. There are 3 types of event logs: admin event logs, device event logs, and webhook event logs. To retrieve event logs on your account, you can use this API. You can set filters in parameters to filter event logs you concern.

API URL

Copy

Request Parameters

KeyDatatypeParameter TypeRequiredDescriptionDefault
access_tokenstringURLYesaccess token which archived from OAuth authentication step
event_categorystringBodyYes

Specify what event logs you want to retrieve. Possible values can be:

  • device: Device event logs
  • admin: Admin event logs
  • webhook: webhook's event logs
limitintBodyOptionalSpecify a maximum number of event logs will be returned in the response. The value should be in [1,50]. If there are more event logs than what the limit asks for, HTTP code in a response will be 406. Event logs in the response are sorted by timestamp.20
pageintBodyOptionalSpecify a page number that event logs will be returned in. If the requested page exceeds the number of pages of event logs, HTTP code in a response will be 413. It means that the requested page number is too large, no event logs will be returned.1
start_timelongBodyOptionalSpecify a start time of the query's duration. The format should be Unix epoch time in milliseconds
end_timelongBodyOptionalSpecify an end time of the query's duration. The format should be Unix epoch time in milliseconds
ageintBodyOptionalSpecify age of the information in seconds. Maximum value is 86400 (1 day) For example: if you want to query event logs in last 5 minutes, you need set the "age" parameter to 300.
filterobjectBodyOptionalSpecify filter criteria
filter.eventsstringBodyOptional

Specify which events you want to retrieve. Values for admin event logs (event_category = admin) can be:

  • cac_change: an admin changed configuration for Secure Access module
  • config: an admin changed configuration
  • failed_auth: an admin failed authenticate with OPSWAT SSO.
  • login: an admin logged into MetaAccess console
  • rev_mobile_code: an admin revoked a registration code
  • submit_ticket: an admin summited a support ticket to OPSWAT through MetaAccess console
  • whitelist: an admin updated allowlist settings for CVEs

Values for device event logs (event_category=device) can be:

  • access_granted: a device was granted temporary access to a protected app
  • access_revoked: a device was revoked a temporary access to a protected app
  • added: a device was enrolled to an account
  • added_duplicate_mac: a device was enrolled to an account with a duplicated MAC address.
  • compliance_check: an admin performed an on-demand compliance check on the device
  • compliant: a device was considered as COMPLIANT
  • deleted: a device was deleted by an admin
  • deleted_user: OPSWAT Client was uninstalled by a local user on a device
  • exempt_all: an admin exempted a device
  • fetch_log: an admin fetched the OPSWAT Client's log remotely
  • noncompliant: a device was considered as NON-COMPLIANT
  • scan_threat: an admin requested an on-demand malware scan on a device
  • unexempt: an admin unexempted a device
  • unseen: a device was deleted by Lost Devices feature

Values for category webhook can be:

  • added : a device was enrolled to an account
  • deleted : a device was deleted
  • status_changed_to_compliant: a device was considered as COMPLIANT
  • status_changed_to_exempted: a device was exempted
  • status_changed_to_non_compliant: a device was considered as NON-COMPLIANT
filter.agent_typesarray<int>BodyOptional

Only valid for device event logs (event_category = device). To filter event logs by an agent type. Values can be:

  • 0: OPSWAT Client
  • 2: OPSWAT Domain Controller Client
filter.searchstringBodyOptionalOnly valid for device event logs (event_category = device) or webhook event logs (event_category = webhook) Search by device name, device id.

Response HTTP Code

See APIs

Response Parameters for admin event logs (event_category = admin):

KeyDataTypeDescription
timestampstringtimestamp when the event occurs
eventstringEvent text
detailsstringEvent details
admin_namestringName of an admin who is related to the event
admin_emailstringEmail of an admin who is related to the event

Response Parameters for Device event logs (event_category = device):

KeyDataTypeDescription
timestampstringtimestamp when the event occurs
eventstringEvent text
detailsstringEvent details
device_idstringDevice id of a device that the event occurred on
device_namestringDevice name that the event occurred on
device_usernamestringUser logged-in ID who logged into a device when the event occurred
device_groupstringA device's group name

Response Parameters for Webhook event logs (event_category = webhook):

KeyDataTypeDescription
timestampstringtimestamp when the event log occurs
eventstringEvent text
detailsstringEvent details
device_idstringDevice id of a device that the event occurred on
device_namestringDevice name that the event occurred on
response_codestringResponse code from a webhoook API
response_bodystringResponse body from a webhoook API

Example

Example Request

Copy

Example Response

Copy

Example Request

Copy

Example Response

Copy

Example Request

Copy

Example Response

Copy

History

VersionURL
v3.0Get Logs v3.0
v2.0Get Logs v2.0
Type to search, ESC to discard
Type to search, ESC to discard
Type to search, ESC to discard
Next to read:
Get Logs v3.2
On This Page
Get Logs v3.1API URLRequest ParametersResponse HTTP CodeResponse Parameters for admin event logs (event_category = admin):Response Parameters for Device event logs (event_category = device):Response Parameters for Webhook event logs (event_category = webhook):ExampleHistory