GET /api/securitylog

This function returns a log of actions performed through the QUANTIL portal and API including logins and changes made to domains and other settings. Unlike our other APIs, this one simply returns the log as plain text, one event per line, instead of XML tags. Request parameters allow you to specify a time period. The time period must be within the past six months.

Request Details

Request Headers

Header	Description	Required
Authorization	Authorization string for the request	Yes
Host	URI for the QUANTIL SDK (i.e., api.quantil.com)	Yes
Date	The date and time of the request.	Yes
Accept	Indicates the accepted format (i.e., application/xml)	Yes

Request Parameters

Parameter	Description	Required
datefrom	RFC3339 formatted date indicating the starting date. Example: 2013-01-01T22:30:00+08:00. If unspecified, all events in the past 6 months will be returned.	No
dateto	RFC3339 formatted date indicating the ending date. Example: 2013-01-01T22:30:00+08:00. If unspecified, all events in the past 6 months will be returned.	No

Request Body Elements

This request does not include an XML document in the request body.

Request Syntax:

GET /api/securitylog HTTP/1.1

Authorization: <authorization string>

Host: api.quantil.com

Date: <date>

Accept: application/xml

Here is the structure of a request using the curl utility.

curl -i --url https://api.quantil.com/api/securitylog?datefrom = {date from} & dateto = {date to}

-X GET

-u {user}: {password}

-H 'Date: Fri, 26 Oct 2012 06:33:26 GMT'

-H 'Accept: application/xml'

Sample Request:

curl -i --url 'https://api.quantil.com/api/securitylog?datefrom=2015-12-01T15:00:00%2D08:00&dateto=2015-12-05T23:5959%2D08:00' -X GET -u test:w+HpWTxTsNRqoLNg3KK74n1vctQ= -H 'Date: Tue, 08 Dec 2015 09:21:51 PST' -H 'Accept: applcation/xml'

Response Details:

Response Headers:

HTTP/1.1 200 OK

Date: <date>

Content-Type: application/xml; charset = utf-8

x-cnc-request-id: {id string auto generated by the QUANTIL server}

Response Body Elements

No XML is returned. Plain text is returned with each line representing an event.

Log entry format:

[date_added] Quantil [account_name] [event_id] :: [message] :: [variable_name]=[variable_value], [variable_name]=[variable_value],...

Field	Description
date_added	day, time, and timezone
account_name	portal username if the event is associated with a portal user.
event_id	unique ID
message	brief explanation of the event that occurred.
variable_name=variable_value	One of more of these can appear in a comma separated list. The variable_name and variable_value depend on the event. Refer to the table below for examples of events. Some variables are associated with all events. Most are limited to particular events.

General

The following variables may appear for all events.

Variable Name	Description	Example	Type
local_username	username if a portal user triggered the event. This variable does not appear if the event is triggered by calling one of our APIs.	local_username=maria	Optional
local_userId	a unique ID representing the portal user	local_userId=3991	Optional
event_name	Name of the event that occurred	event_name=addDomain	Required
event_result	Indicates if the operation was successful or not	event_result=successful	Required
failure_reason	If the operation failed (i.e., event_result=failed), the value will indicate the reason.	failure_reason=The specified domain does not exist.	Optional

Authentication Events

The following variables are associated with QUANTIL portal logins.

Variable Name	Description	Example	Applicable Events
src_ip	Client IP address	src_ip=118.230.152.233	passwordAuthentication, twoFactorAuthentication,logoff, setup2FAKey,sendPasswordResetEmail,verifyPasswordResetCode,finishPasswordReset
object_username	name of portal user whose account is affected by the event.	object_username=harold	deleteUser,addUser,editUser,unlockAccount,force2FAInitialSetup
object_userid	ID of the portal user whose account is affected by the event	object_userid=123456	deleteUser,addUser,editUser,unlockAccount,force2FAInitialSetup
dst_role	Indicates a new role for a portal user. It can be one of: viewer, Group contact, or Administrator	dst_role=viewer	editUser,addUser
dst_password	Indicates a portal user's password has been changed. The password itself will not appear in the log.	dst_password=	editUser
dst_iprestriction	Indicates the company's IP whitelist or a portal user's IP whitelist has changed.	dst_iprestriction=12.11.10.9	editUser,addUser editCompanySetting
dst_2fa	It indicates when a company has enabled or disabled two factor authentication	dst_2fa=enable	editCompanySetting
dst_accountname	Indicates the new name of a portal user account that has been renamed.	dst_accountname=JoeUser	editUser
dst_email	Indicates a portal user's email address has been changed	dst_email=joe_user@domain.com	editUser,editContactInfo
dst_apply_to_existing_contacts	Indicates a change to the portal setting of applying the IP whitelist to existing contacts.	dst_apply_to_existing_contacts=true	editCompanySetting

Domain Related Events

The following variables are associated with changes to domains, domain groups, or domain sets. Domain groups and domain sets are only available in the QUANTIL portal. Please refer to the portal's online help for more details.

Variable Name	Description	Example	Applicable Events
domain_id	Unique ID of the domain	domain_id=123	addDomain, deleteDomain, editDomain, enableDomain, disableDomain, cancelDomain, purge
domain_name	One or more domain names separated by semicolons. These are the domains affected by the event.	domain_name=mydomain.com	addDomain, deleteDomain, editDomain, enableDomain, disableDomain, cancelDomain, purge, prefetch
group_name	Name of the group associated with group related events. Groups are only supported within the QUANTIL portal. They allow you to limit access to specific domains.	group_name=mygroup	addGroup, editGroup, deleteGroup, changeDomainsInGroup
dst_privilege_user	A semicolon separated list of users with access to the group along with their privileges. The format is: <username>-<user id>-<privilege>	read-55-joeuser;write-99-janeDoe	editGroup,addGroup
dst_group_name	Indicates the new name of a group when the group name has changed	dst_group_name=webDevelopers	editGroup
group_domains	semicolon separated list of domains if the group's domains has changed	group_domains=domain1.com;domain2.com	changeDomainsInGroup
group_domainSets	semicolon separated list of domain sets in a group. Domain sets are only available in the QUANTIL portal.	group_domainSets=domainSet1.com;domainSet2.com	changeDomainsInGroup

SSL Related Events

Variable Name

Description

Example

Applicable Events

certificate_id

Unique ID of an SSL certificate

certificate_id=123456

addCertificate,

editCertificate,

deleteCertificate

certificate_name

Name of the certificate.

certificate_name=my certificate

addCertificate,

editCertificate,

deleteCertificate

Sample Response:

HTTP/1.1 200 OK

Content-Disposition: attachment; filename=security.log

Date: Tue, 08 Dec 2015 18:53:55 GMT

Accept-Ranges: bytes

Server: WS-web-server

x-cnc-request-id: 22037890

Content-Type: application/xml;charset=UTF-8

Transfer-Encoding: chunked

2015-12-08T10:01-0800 Quantil carlos 19015::User carlos attempted log in successful::local_username=carlos,local_userId=666,event_name=passwordAuthentication,event_result= successful,src_ip=118.230.152.233

2015-12-08T10:14-0800 Quantil maria 19016::User maria attempted log in successful::local_username=maria,local_userId=3991,event_name=passwordAuthentication,event_result= successful,src_ip=0:0:0:0:0:0:0:1

2015-12-08T10:15-0800 Quantil maria 19017::User maria add Domain {domain-name} failed::local_username=maria,local_userId=3991,event_name=addDomain,event_result= failed,domain_name={domain-name},failure_reason=Invalid domain:{domain-name},src_ip=0:0:0:0:0:0:0:1

2015-12-08T10:37-0800 Quantil harold 19018::User harold logged out successful::local_username=harold,local_userId=6,event_name=logoff,event_result= successful,src_ip=83.108.119.82

2015-12-08T10:52-0800 Quantil harold 19019::User harold attempted log in successful::local_username=harold,local_userId=6,event_name=passwordAuthentication,event_result= successful,src_ip=83.108.119.82

2015-12-08T10:53-0800 Quantil maria 19020::User maria attempted log in successful::local_username=maria,local_userId=3991,event_name=passwordAuthentication,event_result= successful,src_ip=0:0:0:0:0:0:0:1

2015-12-08T10:53-0800 Quantil carlos 19021::User carlos attempted log in successful::local_username=carlos,local_userId=666,event_name=passwordAuthentication,event_result= successful,src_ip=83.108.119.82

2015-12-08T10:53-0800 Quantil harold 19022::User harold edit Domain :haroldstagetest.com successful::local_username=harold,local_userId=6,event_name=editDomain,event_result= successful,domain_id=67086,domain_name=haroldstagetest.com

Error List

Error	Description	HTTP status code
InvalidDatePeriod	The date specified is invalid.	400

Get Security Log - GET /api/securitylog