Searching for record 'Audit History" information like timestamp, action, message via WAPI

dtomic · ‎09-28-2017

Hi Infoblox,

I am using Ruby (httparty gem) to communicate with Infoblox WAPI. Trying to get a list of all hosts in specific VLAN and would like to get 'Audit History' info.

Please help...

Thanks

MattR · ‎10-02-2017

The Audit details are available in the Audit Log which is a separate file. It is available through WAPI but you would need to pull that file and search through it separately. It's a three part operation, first we generate and get a link to the downloadable file. This example downloads it but you would want to ingest it in your script instead:

curl -k1 -u admin:infoblox -X POST \
'https://192.168.1.2/wapi/v2.6/fileop?_function=get_log_files' \
-H "Content-Type: application/json" \
-d '{"member": "gm.example.org","node_type": "ACTIVE","log_type": "AUDITLOG"}'

This is what the response looks like:

{ "token": "eJylUEFuwyAQ...",
"url": "https://192.168.1.2/http_direct_file_io/req_id-DOWNLOAD-5095/auditLog.tar.gz" }

Downloading the file:

curl -k1 -u admin:infoblox -H "Content-type:application/force-download" -O \
'https://192.168.1.2/http_direct_file_io/req_id-DOWNLOAD-5095/auditLog.tar.gz'

And then close the file using the token from the first query:

curl -k1 -u admin:infoblox -X POST 'https://192.168.1.2/wapi/v2.6/fileop?_function=downloadcomplete' \
-H "Content-Type: application/json" -d '{ "token": "eJylUEFuwyAQ..."}'

Discovery data is available for IP addresses, the data is stored on the host ip address sub-objects (not the host object).

for example:

curl -k -u admin:infoblox -X GET 'https://192.168.1.2/wapi/v2.3/record:host_ipv4addr' -d 'ipv4addr=192.168.1.201&_return_fields%2b=discovered_data'

here’s the response:

[
    {
        "_ref": "record:host_ipv4addr/ZG5zLmhvc3RfYWRkcmVzcyQuX2RlZmF1bHQubmV0d29yay5yaWNoYXJkLnByaW50ZXIuMTAuOS4xNi41Lg:192.168.1.201/printer.example.org/Internal",
        "configure_for_dhcp": false,
        "discovered_data": {
            "device_type": "Printer",
            "device_vendor": "HP",
            "discovered_name": "NPI1A2B3C",
            "discoverer": "Network Insight",
            "first_discovered": 1475162675,
            "last_discovered": 1506910079,
            "mac_address": "00:0e:7f:1a:2b:3c",
            "mgmt_ip_address": "192.168.1.201",
            "netbios_name": "NPI1A2B3C      ",
            "open_ports": "TCP:21,23,80,443,515,9100 UDP:",
            "os": "29.20",
            "port_speed": "Unknown"
        },
        "host": "printer.example.org",
        "ipv4addr": "192.168.1.201"
    }
]

dtomic · ‎10-10-2017

Thanks for your respond Richard, I really appreciate it.

What I am looking is Audit History, where I can get info from:

Timestam;

Action;

Object type;

Object Name;

Admin name;

Message

Is that possible via WAPI?

Screen Shot 2017-10-10 at 3.06.37 PM.png

MattR · ‎10-11-2017

Sorry no, the audit history is not available for individual objects. It's only available as a file you can download.

daxesh123 · ‎11-15-2018

Hey Richard, Can we filter the logs based on timestamp (like last 1 Days) while generating the audit file using API?

THE GAME HAS CHANGED

API Examples

Searching for record 'Audit History" information like timestamp, action, message via WAPI

Re: Searching for record 'Audit History" information like timestamp, action, message via WAPI

Re: Searching for record 'Audit History" information like timestamp, action, message via WAPI

Re: Searching for record 'Audit History" information like timestamp, action, message via WAPI

Re: Searching for record 'Audit History" information like timestamp, action, message via WAPI