Skip to main content

GET /events/audit

Use this method to return audit events in the audit log. If no query parameters are specified, all audit events are returned.

Authentication

Authentication with username and password is required.

Request URL

GET https://{management_server_IP}/events/audit

Query parameters

ParametersRequired / OptionalDescription
filterWith={filter}OptionalReturns only the events that apply to the specified filters, where {filter} is a JSON object in the following format.
{
"filterType": "{filter_type}",
"fields": [{
"field": "{filter}",
"operation": "{operation}",
"value": "{value}"
}]
}

For more information, see Filtering events.

sort={event_field}OptionalReturns events that are sorted by the specified event field. To sort in descending order, add a dash (-) to the event field.
type=excludedOptionalReturns only exclude events
translations={JSON_filter}OptionalReturns translated events based on the criteria that is specified using encoded JSON format (see GET /events?translations={JSON_filter})
escapeHTML={Boolean}OptionalIndicates whether to replace escape characters in the message with special characters (for example, "). This can be one of the following values.
  • true. Replaces escape characters with special characters in the returned message.

  • false. Does not replaces escape characters in the returned message.

Note
Escape characters must be included in arguments when there is HTML in message descriptions.
The following example returns a list of excluded events sorted by the local log sequence and replaces escape characters in the message with special characters:
GET https://192.0.2.0/events/audit?sort=localLogSequence&type=excluded&escapeHTML=true

Request header

AttributesRequired / OptionalDescription
RangeOptionalRequest the events with the given range of sequence numbers. If the range goes beyond the actual available sequence numbers, the start of the range through the last sequence number is returned. For example:
GET /events
Range: item=0-24
--------
Response Header:
Content-Range: 0-24/3000
Note
When retrieving events from Lenovo XClarity Administrator, use the sequence numbers to verify that no events are missing. If the sequence number of an event is not sequential with that last event that you retrieved for the target device, perform another GET /events to request the events that are associated with all the sequence numbers that you missed.

Response codes

CodeDescriptionComments
200OKThe request completed successfully.
400Bad RequestA query parameter or request attribute is missing or not valid, or the operation is not supported. A descriptive error message is returned in the response body.
401UnauthorizedThe user cannot be authenticated. Authentication has not been provided or has failed. A descriptive error message is returned in the response body.
404Not foundA specified resource cannot be found. A descriptive error message is returned in the response body.
500Internal Server ErrorAn internal error occurred. A descriptive error message is returned in the response body.

Response body

AttributesTypeDescription
actionIntegerAction category. This can be one of the following values.
  • 100. NONE
  • 200. TOPOLOGY
  • 300. IP
  • 400. INVENTORY

If not available, an empty string is returned.

argsArray of stringList of dynamic arguments in the event message string. If not available, an empty string is returned.

If not available, an empty string is returned.

bayTextString 
chassisTextString 
cnStringEvent Sequence number. It is the order in which the events were processed.
commonEventIDStringCommon event ID.
componentIDArray of stringUnique ID of the component on which the event occurred.

If not available, an empty string is returned.

componentIdentifierTextStringThe component description. This can be one of the following values.
  • Canister/Appliance

  • Client Data Storage Device

  • Cooling

  • Device Driver

  • Display

  • Hypervisor

  • I/O connectivity

  • Interconnect (Fabric)

  • Interconnect (Interfaces)

  • Interconnect (Networking)

  • Interconnect (PCI Manager)

  • Interconnect (PIE)

  • Interconnect (Utilities / Infrastructure)

  • Memory

  • OS

  • OS/Hypervisor Interface

  • Power

  • Processing

  • Storage RAID

  • System board

  • Systems Management

  • Time Reference

  • Unknown

  • Vendor Events

  • VPD

decriptionArgsArray of stringsList of dynamic arguments in the event message description.

If not available, an empty string is returned.

eventClassIntegerThe source of the event. This can be one of the following values.
  • 50. Unknown
  • 200. Audit
  • 300. Cooling
  • 400. Power
  • 500. Disks (storage)
  • 600. Memory
  • 700. Processor
  • 800. Rack or tower server
  • 900. Test
  • 1000. Adapter card
  • 1100. Expansion board
  • 1200. Flex System switch
  • 1300. Flex System server
  • 1400. Switch
  • 1500. Other
  • 1600. Backplane
  • 1700. Chassis
  • 1800. Drive
  • 1900 External drive
  • 2000. Fan
  • 2100. M2 adapter
  • 2200. M2 drive
  • 3200. OCP adapter
  • 2400. PCIE adapter
  • 2500. Power supply unit
  • 2600. Retimer
  • 2700. Riser
  • 2800. 7MM drive
  • 2900. Pump

If not available, an empty string is returned.

eventDateStringTime and date that the event was created on source system. This is the time and date from the managed system and might be quite different from timeStamp, which is when the event was processed by the Lenovo XClarity Administrator. The string is in ISO-8601 format:
yyyy-MM-dd'T'HH:mm:ss'Z'
eventIDStringEvent ID is a unique identifier for each event supported by a product.
eventSourceTextString 
failFRUNamesArray of stringsFor hardware fault events, includes names of one or more FRUs that are associated with the fault.

If not available, an empty string is returned.

failFRUPartNumbersArray of stringsFor hardware fault events, includes part numbers for one or more FRUs that are associated with the fault.

If not available, an empty string is returned.

failFRUsArray of stringsFor hardware fault events, includes FRU numbers for one or more FRUs that are associated with the fault.

If not available, an empty string is returned.

failFRUUUIDsArray of stringsFor hardware fault events, includes UUIDs for one or more FRUs that are associated with the fault.

If not available, an empty string is returned.

failSNsArray of stringsFor hardware fault events, includes serial numbers for one or more FRUs that are associated with the fault.

If not available, an empty string is returned.

flagsArray of stringsProprietary event flag definitions. This can be one of the following values.
  • Hidden. The event not to be displayed in normal log views. It is displayed only for diagnostic views.
  • Historical. The event occurred while the management server was down and can be ignored by EventActions.
  • Ignored. The event is ignored.
  • Recovered. The event was involved in the reliable event recovery process.
  • Unsequenced. Switch system traps are not sequenced. Reliable event recovery is skipped.
  • VM. VM Migration (Blade "Trust the Source Logging Model")

If not available, an empty string is returned.

fruSerialNumberTextString 
groupNameArray of stringsList of resource-groups, by name, to which the source of the event belongs. If the source does not belong to a resource group, the value is Not Available.
groupUUIDArray of stringsList of resource-groups, by UUID, to which the source of the event belongs.
localLogIDStringLog type. This can be one of the following values.
  • AUDIT. Audit events
  • EVENT. All other events.
localLogSequenceIntegerLog Sequence Number, which uniquely identifies this event on the audit or event log

If not available, an empty string is returned.

locationStringLocation information for event association in the format of Slot#01.
msgStringEvent message string.
msgIDStringEvent message ID.
mtmStringSystem machine type and model of the managed system on which the event occurred.
originatorUUIDStringThe unique ID of the managed system on which the event occurred.
AttributesObjectReserved.

If not available, an empty string is returned.

senderUUIDString 
serialnumStringSerial number of system generating the event (event source). Not set for internal events.
serviceIntegerIdentifer that specifies how service is performed. It can be one of the following.
  • 100. Not Serviceable.
  • 200. Serviceable by Lenovo (called home)
  • 300. Serviceable by the customer

If not available, an empty string is returned.

serviceabilityTextString 
severityIntegerSeverity. This can be one of the following values.
  • 100. Unknown. The severity is unknown.
  • 200. Informational. Informational
  • 300. Warning. User can decide if action is needed.
  • 400. Minor. Action is needed, but the situation is not serious at this time.
  • 500. Major. Action is needed now.
  • 600. Critical. Action is needed now and the scope is broad (perhaps an imminent outage to a critical resource will result).
  • 700. Fatal. A non-recoverable error has occurred.

If not available, an empty string is returned.

severityTextStringSeverity text. This can be one of the following values.
  • Unknown. The severity is unknown.
  • Informational. Informational
  • Warning. User can decide if action is needed.
  • Minor. Action is needed, but the situation is not serious at this time.
  • Major. Action is needed now.
  • Critical. Action is needed now and the scope is broad (perhaps an imminent outage to a critical resource will result).
  • Fatal. A non-recoverable error has occurred.

If not available, an empty string is returned.

sourceIDStringSystem UUID for the system or device that is/was the event source (raiser/owner)
sourceLogIDStringIdentifier of log of event source system. System may have multiple logs for events and this identifier is used with the System Log Sequence Number for reliable event support.
sourceLogSequenceIntegerSource Log Sequence Number, uniquely identifies this event in source Log ID
systemFruNumberTextString 
systemNameStringSystem identifier. It correlates to the display name used for the device on the CMM.
systemSerialNumberTextString 
systemTextString 
systemTypeModelTextString 
systemTypeTextString 
timeStampStringTime and date of when the log entry was created for the Lenovo XClarity Administrator log. The string is in ISO-8601 format (for example, yyyy-MM-dd'T'HH:mm:ss'Z').
typeTextString 
userActionArgsArray of stringsList of dynamic arguments in the event message action

If not available, an empty string is returned.

useridStringFor internal audit events, this is the associated user ID. This is not available for external events.
userIDIndexInteger 
The following example is returned if the request is successful.
[{
"action": 100,
"args": ["USERID", "10.38.106.229"],
"bayText": "Not Available",
"chassisText": "Not Available",
"cn": "25",
"commonEventID": "FQXHMSE0200I",
"componentID": "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF",
"componentIdentifierText": "Systems Management",
"decriptionArgs": "",
"eventClass": 200,
"eventDate": "2017-07-31T14:30:03Z",
"eventID": "FQXHMSE0200I",
"eventSourceText": "Management",
"flags": "",
"failFRUs": "",
"failSNs": "",
"fruSerialNumberText": "Not Available",
"localLogID": "",
"localLogSequence": "",
"location": "",
"msg": "The login was successful for user ID USERID at IP address 10.38.106.229.",
"msgID": "",
"mtm": "",
"originatorUUID": "",
"parameters": { },
"senderUUID": "",
"serialnum": "",
"service": 100,
"serviceabilityText": "Not Required",
"severity": 200,
"severityText": "Informational",
"sourceID": "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF",
"sourceLogID": "",
"sourceLogSequence": 0,
"systemFruNumberText": "Not Available",
"systemName": "Management Server",
"systemSerialNumberText": "Not Available",
"systemText": "Management Server",
"systemTypeModelText": "Not Available",
"systemTypeText": "Management",
"timeStamp": "2017-07-31T14:30:03Z",
"typeText": "System",
"userActionArgs": "",
"userid": "USERID",
"userIDIndex": 1
}]