Hi,
I am firing the below query to get audit records.
GET /v1/audits/organizations/org_name?expand=true&timeline=week
But, I am only seeing debugsessions for ci and dev environment. In the last week, we have opened debugsessions for other environments also like test and qa. But I dont see any record for this.
Is there any reason, why this should be happening? Am I missing something?
Thanks in advance.
Jaskaran
is it the timeline? can you try timeline=month? - Audits are enabled at the org level, so i don see anything immediately thats missing
I tried month aswell and got the same result. Even for a month duration, the debugsessions I am seeing are only for dev and ci.
Could this be an issue with environment setup?
I am seeing another weird issue. When I call analytics API in the test environment with the custom variables, it gives data access error, whereas for predefined variables (ex. response_status_code) it works fine.
@jaskaran.rm For the AX errors, please make sure AX is onboarded for all your environments. I saw a similar problem earlier and when I onboarded AX for all my environments, it went away. There's already a bug open on this.
Thanks @arghya das . I will raise it with support.
Any thoughts on debugsessions?
Anyone? 🙂
Hey @jaskaran.rm - Do you know for sure that the debug sessions haven't expired (timeout query param on the create API)? Are you able to list them with the list debug sessions API?
My understanding is that list debug sessions will only list active debugsessions, whereas audit api lists all operations on debugsessions.
Your call is for Audits not DebugSessions. You should try:
/environments/{environment_name}/apis/{api_name}/revisions/{revision_number}/debugsessions
instead.
Hi @David Allen -
The API you have mentioned lists the current debug sessions. However, my requirement is for auditing purposes. i.e to check if there are any unauthorized debugsessions created in prod environment.
The Audit API does list the debugsessions that were created along with other audit activities, however it is only retrieving debugsessions for a couple of environments.
For example, below are the 2 of the objects I get from my audit api query -
{ "operation": "CREATE", "request": "''orgName''", "requestUri": "/v1/organizations/orgName/environments/ci/apis/apiName/revisions/519/debugsessions/11111/?session=11111&timeout=600", "responseCode": "201", "timeStamp": 1441944512865, "user": "email@email.com" }, { "operation": "DELETE", "requestUri": "/v1/organizations/orgName/environments/ci/apis/apiName/revisions/519/debugsessions/11111", "responseCode": "200", "timeStamp": 1441944503758, "user": "email@email.com" },
It lists create and delete operations on a debugsession in ci environment. But I dont see this activity for test environment.
My requirement is to monitor debugsessions in prod.
For example, below are the 2 of the objects I get from my audit api query -
{ "operation": "CREATE", "request": "''orgName''", "requestUri": "/v1/organizations/orgName/environments/ci/apis/apiName/revisions/519/debugsessions/11111/?session=11111&timeout=600", "responseCode": "201", "timeStamp": 1441944512865, "user": "email@email.com" }, { "operation": "DELETE", "requestUri": "/v1/organizations/orgName/environments/ci/apis/apiName/revisions/519/debugsessions/11111", "responseCode": "200", "timeStamp": 1441944503758, "user": "email@email.com" },
It lists create and delete operations on a debugsession in ci environment. But I dont see this activity for test environment.
My requirement is to monitor debugsessions in prod.
Hello @jaskaran.rm
You will be able to see other environments by using this API
GET /v1/audits/organizations/orgname/e?expand=true&timeline=week
The only difference would be /e? in your previous call.
I tried the same on your org and got the below output.
{ "clientIP" : "xxxxxxxxxxxxxx", "operation" : "CREATE", "request" : "''yyyyyyy''", "requestUri" : "/v1/organizations/yyyyyyy/environments/test/apis/apiname/revisions/139/debugsessions/1442017983722/?session=1442017983722&timeout=600", "responseCode" : "201", "timeStamp" : 1442018010334, "user" : "xxxxxxxxxxxxxxx", "x-forwarded-for" : "aaaa, zzz" }, { "clientIP" : "xxxxxxxxxxxx", "operation" : "CREATE", "request" : "''yyyyyyy''", "requestUri" : "/v1/organizations/yyyyyy/environments/test/apis/apiname/revisions/91/debugsessions/1442017345623/?session=1442017345623&timeout=600", "responseCode" : "201", "timeStamp" : 1442017363095, "user" : "xxxxxxxxxxxxxxxx", "x-forwarded-for" : "aaaa, zzz" ~
Regards,
Jagjyot.
Thanks Jagjyot. This works perfectly.
Awesome @jaskaran.rm
User | Count |
---|---|
2 | |
1 | |
1 | |
1 | |
1 |