API for logs manpage

From cpwiki.net
Jump to: navigation, search
Check Point Profressional Services

Contents

 [hide

For a new logs query

mgmt_cli show-logs new-query.filter product:<product name> new-query.time-frame 


filter - The filter as entered in SmartConsole/SmartView. Type: String

time-frame - Specify the time frame to query logs. Type: String

  Valid values: last-7-days last-hour today last-24-hours yesterday this-week this-month last-30-days all-time custom Default: last-7-days

custom-start - Must be in ISO861 format. Type: String

custom-end - Must be in ISO861 format. Type: String

max-logs-per-request - Valid values: 1-100 Default: 10 Type: String

type - Type of logs to return. Valid values: logs, audit. Default: logs

log-servers - List of IPs of log servers to query. Default: all

To get results for top statistics

mgmt_cli show-logs new-query.filter product:<product name> new-query.top.field blades new-query.top.count <number> --format json -r true

count - Valid values: 1-50

field - Valid values: sources destinations services actions blades origins users applications

To get more results for an existing query

mgmt_cli show-logs query-id <query-id> --session-id <session-id>

query-id - Get the next page of the last run query with a specified limit.

ignore-warnings - Ignore warnings if they exist. Type: Boolean

Limitations

The parameter "time-frame" in the API command does not accept this format as input:

   yyyymmddThhmmssZ

The command does not support non-index mode log queries.