Audit Log
GET /audit
List audit log entries with optional filters.
- Auth required: Yes
- Permission:
audit.view_anyto view all users' entries; otherwise returns own entries only
Query parameters
| Param | Type | Description |
|---|---|---|
search | string | Free-text search across event details |
eventType | string | Filter by specific event type |
userId | string | Filter by user ID |
from | ISO8601 | Start of date range |
to | ISO8601 | End of date range |
page | number | Page number (default: 1) |
limit | number | Results per page (default: 25) |
Response
{
"entries": [
{
"id": "audit_abc",
"userId": "user_xyz",
"username": "alice",
"displayName": "Alice",
"eventType": "connection.created",
"target": "Web Server",
"details": { "protocol": "ssh", "host": "10.0.0.1" },
"ipAddress": "1.2.3.4",
"timestamp": "2024-01-01T00:00:00.000Z"
}
],
"pagination": { "page": 1, "limit": 25, "total": 142 }
}
GET /audit/event-types
List all distinct event types that appear in the audit log.
- Auth required: Yes
Response
{
"eventTypes": [
"auth.login",
"auth.logout",
"auth.login_failed",
"auth.mfa_enabled",
"auth.mfa_disabled",
"connection.created",
"connection.updated",
"connection.deleted",
"connection.session_started",
"user.created",
"user.updated",
"user.deleted",
"role.created",
"role.updated",
"role.deleted",
"settings.updated",
"backup.exported",
"backup.imported"
]
}
GET /audit/users
List all users who have entries in the audit log (for filter dropdowns).
- Auth required: Yes
- Permission:
audit.view_any
Response
{
"users": [
{ "id": "user_abc", "username": "alice", "displayName": "Alice" },
{ "id": "user_xyz", "username": "bob", "displayName": "Bob" }
]
}