GET /events/audit

Use this method to return audit events in the audit log. If no query parameters are specified, all audit events are returned.

Authentication

Authentication with username and password is required.

Request URL

GET https://{management_server_IP}/events/audit

Query parameters

Parameters	Required / Optional	Description
filterWith=`{filter}`	Optional	Returns only the events that apply to the specified filters, where `{filter}` is a JSON object in the following format. `{ "filterType": "{filter_type}", "fields": [{ "field": "{filter}", "operation": "{operation}", "value": "{value}" }] }` For more information, see Filtering events.
sort=`{event_field}`	Optional	Returns events that are sorted by the specified event field. To sort in descending order, add a dash (-) to the event field.
type=excluded	Optional	Returns only exclude events
translations=`{JSON_filter}`	Optional	Returns translated events based on the criteria that is specified using encoded JSON format (see GET /events?translations={JSON_filter})
escapeHTML=`{Boolean}`	Optional	Indicates whether to replace escape characters in the message with special characters (for example, "). This can be one of the following values. true. Replaces escape characters with special characters in the returned message. false. Does not replaces escape characters in the returned message. Note Escape characters must be included in arguments when there is HTML in message descriptions.

The following example returns a list of excluded events sorted by the local log sequence and replaces escape characters in the message with special characters:

GET https://192.0.2.0/events/audit?sort=localLogSequence&type=excluded&escapeHTML=true

Request header

Attributes	Required / Optional	Description
Range	Optional	Request the events with the given range of sequence numbers. If the range goes beyond the actual available sequence numbers, the start of the range through the last sequence number is returned. For example: `GET /events Range: item=0-24 -------- Response Header: Content-Range: 0-24/3000` Note When retrieving events from Lenovo XClarity Administrator, use the sequence numbers to verify that no events are missing. If the sequence number of an event is not sequential with that last event that you retrieved for the target device, perform another GET /events to request the events that are associated with all the sequence numbers that you missed.

Response codes

Code	Description	Comments
200	OK	The request completed successfully.
400	Bad Request	A query parameter or request attribute is missing or not valid, or the operation is not supported. A descriptive error message is returned in the response body.
401	Unauthorized	The user cannot be authenticated. Authentication has not been provided or has failed. A descriptive error message is returned in the response body.
404	Not found	A specified resource cannot be found. A descriptive error message is returned in the response body.
500	Internal Server Error	An internal error occurred. A descriptive error message is returned in the response body.

Response body

Attributes	Type	Description
action	Integer	Action category. This can be one of the following values. 100. NONE 200. TOPOLOGY 300. IP 400. INVENTORY If not available, an empty string is returned.
args	Array of string	List of dynamic arguments in the event message string. If not available, an empty string is returned. If not available, an empty string is returned.
bayText	String
chassisText	String
cn	String	Event Sequence number. It is the order in which the events were processed.
commonEventID	String	Common event ID.
componentID	Array of string	Unique ID of the component on which the event occurred. If not available, an empty string is returned.
componentIdentifierText	String	The component description. This can be one of the following values. Canister/Appliance Client Data Storage Device Cooling Device Driver Display Hypervisor I/O connectivity Interconnect (Fabric) Interconnect (Interfaces) Interconnect (Networking) Interconnect (PCI Manager) Interconnect (PIE) Interconnect (Utilities / Infrastructure) Memory OS OS/Hypervisor Interface Power Processing Storage RAID System board Systems Management Time Reference Unknown Vendor Events VPD
decriptionArgs	Array of strings	List of dynamic arguments in the event message description. If not available, an empty string is returned.
eventClass	Integer	The source of the event. This can be one of the following values. 50. Unknown 200. Audit 300. Cooling 400. Power 500. Disks (storage) 600. Memory 700. Processor 800. Rack or tower server 900. Test 1000. Adapter card 1100. Expansion board 1200. Flex System switch 1300. Flex System server 1400. switch If not available, an empty string is returned.
eventDate	String	Time and date that the event was created on source system. This is the time and date from the managed system and might be quite different from timeStamp, which is when the event was processed by the Lenovo XClarity Administrator. The string is in ISO-8601 format: `yyyy-MM-dd'T'HH:mm:ss'Z'`
eventID	String	Event ID is a unique identifier for each event supported by a product.
eventSourceText	String
failFRUNames	Array of strings	For hardware fault events, includes names of one or more FRUs that are associated with the fault. If not available, an empty string is returned.
failFRUPartNumbers	Array of strings	For hardware fault events, includes part numbers for one or more FRUs that are associated with the fault. If not available, an empty string is returned.
failFRUs	Array of strings	For hardware fault events, includes FRU numbers for one or more FRUs that are associated with the fault. If not available, an empty string is returned.
failFRUUUIDs	Array of strings	For hardware fault events, includes UUIDs for one or more FRUs that are associated with the fault. If not available, an empty string is returned.
failSNs	Array of strings	For hardware fault events, includes serial numbers for one or more FRUs that are associated with the fault. If not available, an empty string is returned.
flags	Array of strings	Proprietary event flag definitions. This can be one of the following values. Hidden. The event not to be displayed in normal log views. It is displayed only for diagnostic views. Historical. The event occurred while the management server was down and can be ignored by EventActions. Ignored. The event is ignored. Recovered. The event was involved in the reliable event recovery process. Unsequenced. Switch system traps are not sequenced. Reliable event recovery is skipped. VM. VM Migration (Blade "Trust the Source Logging Model") If not available, an empty string is returned.
fruSerialNumberText	String
groupName	Array of strings	List of resource-groups, by name, to which the source of the event belongs. If the source does not belong to a resource group, the value is Not Available.
groupUUID	Array of strings	List of resource-groups, by UUID, to which the source of the event belongs.
localLogID	String	Log type. This can be one of the following values. AUDIT. Audit events EVENT. All other events.
localLogSequence	Integer	Log Sequence Number, which uniquely identifies this event on the audit or event log If not available, an empty string is returned.
location	String	Location information for event association in the format of Slot#01.
msg	String	Event message string.
msgID	String	Event message ID.
mtm	String	System machine type and model of the managed system on which the event occurred.
originatorUUID	String	The unique ID of the managed system on which the event occurred.
Attributes	Object	Reserved. If not available, an empty string is returned.
senderUUID	String
serialnum	String	Serial number of system generating the event (event source). Not set for internal events.
service	Integer	Identifer that specifies how service is performed. It can be one of the following. 100. Not Serviceable. 200. Serviceable by Lenovo (called home) 300. Serviceable by the customer If not available, an empty string is returned.
serviceabilityText	String
severity	Integer	Severity. This can be one of the following values. 100. Unknown. The severity is unknown. 200. Informational. Informational 300. Warning. User can decide if action is needed. 400. Minor. Action is needed, but the situation is not serious at this time. 500. Major. Action is needed now. 600. Critical. Action is needed now and the scope is broad (perhaps an imminent outage to a critical resource will result). 700. Fatal. A non-recoverable error has occurred. If not available, an empty string is returned.
severityText	String	Severity text. This can be one of the following values. Unknown. The severity is unknown. Informational. Informational Warning. User can decide if action is needed. Minor. Action is needed, but the situation is not serious at this time. Major. Action is needed now. Critical. Action is needed now and the scope is broad (perhaps an imminent outage to a critical resource will result). Fatal. A non-recoverable error has occurred. If not available, an empty string is returned.
sourceID	String	System UUID for the system or device that is/was the event source (raiser/owner)
sourceLogID	String	Identifier of log of event source system. System may have multiple logs for events and this identifier is used with the System Log Sequence Number for reliable event support.
sourceLogSequence	Integer	Source Log Sequence Number, uniquely identifies this event in source Log ID
systemFruNumberText	String
systemName	String	System identifier. It correlates to the display name used for the device on the CMM.
systemSerialNumberText	String
systemText	String
systemTypeModelText	String
systemTypeText	String
timeStamp	String	Time and date of when the log entry was created for the Lenovo XClarity Administrator log. The string is in ISO-8601 format (for example, yyyy-MM-dd'T'HH:mm:ss'Z').
typeText	String
userActionArgs	Array of strings	List of dynamic arguments in the event message action If not available, an empty string is returned.
userid	String	For internal audit events, this is the associated user ID. This is not available for external events.
userIDIndex	Integer

The following example is returned if the request is successful.

[{
   "action": 100,
   "args": ["USERID", "10.38.106.229"], 
   "bayText": "Not Available",
   "chassisText": "Not Available",
   "cn": "25",
   "commonEventID": "FQXHMSE0200I",
   "componentID": "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF",
   "componentIdentifierText": "Systems Management",
   "decriptionArgs": "",
   "eventClass": 200,
   "eventDate": "2017-07-31T14:30:03Z",
   "eventID": "FQXHMSE0200I",
   "eventSourceText": "Management",
   "flags": "",
   "failFRUs": "",
   "failSNs": "",
   "fruSerialNumberText": "Not Available",
   "localLogID": "",
   "localLogSequence": "",
   "location": "",
   "msg": "The login was successful for user ID USERID at IP address 10.38.106.229.",
   "msgID": "",
   "mtm": "",
   "originatorUUID": "",
   "parameters": {   },
   "senderUUID": "",
   "serialnum": "",
   "service": 100,
   "serviceabilityText": "Not Required",
   "severity": 200,
   "severityText": "Informational",
   "sourceID": "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF",
   "sourceLogID": "",
   "sourceLogSequence": 0,
   "systemFruNumberText": "Not Available",
   "systemName": "Management Server",
   "systemSerialNumberText": "Not Available",
   "systemText": "Management Server",
   "systemTypeModelText": "Not Available",
   "systemTypeText": "Management",
   "timeStamp": "2017-07-31T14:30:03Z",
   "typeText": "System",
   "userActionArgs": "",
   "userid": "USERID",
   "userIDIndex": 1
}]

Give documentation feedback

GET /events/audit

Authentication​

Request URL​

Query parameters​

Request header​

Response codes​

Response body​