Example: Use the API to Retrieve Traffic Logs

Follow these steps to use the API retrieve traffic logs.
  1. Create a job to retrieve all traffic logs that occurred after a certain time:
    https://
    <firewall>
    /api/?key=
    <apikey>
    &type=log&log-type=traffic&query=(receive_time geq '2012/06/22 08:00:00')
    A web-browser will automatically URL encode the parameters, but when using cURL, the query parameter must be URL encoded.
    Response:
    <response status="success" code="19"> <result> <msg> <line>query job enqueued with jobid 18</line> </msg> <job>18</job> </result> </response>
  2. Retrieve traffic log data using the following request using the job ID as the value returned in the previous response:
    https://
    <firewall>
    /api/?key=
    <apikey>
    &type=log&action=get&job-id=<id>
  3. Confirm that the XML response looks similar to the following:
    <response status="success""> <result> <job>...</job> <log> <logs count="20" progress="100n> <entry logid="5753304543500710425"> <domain>1</domain> <receive_time>2012/06/13 15:43:17</receive_time> <serial>001606000117</serial> <segno>6784588</segno> <actionflags>0x0</actionflags> <type>TRAFFIC</type> <subtype>start</subtype> <config_ver>1</config_ver> <time_generated>2012/06/13 15:43:17</time_generated> <src>172.16.1.2</src> <dst>10.0.0.246</dst> <natsrc>10.16.0.96</natsrc> <natdst>10.0.0.246</natdst> <rule>default allow</rule>
    When the job status is FIN (finished), the response automatically includes all the logs in the XML data response. The
    <log>
    node in XML is not present when the job status is still pending. After successful log data retrieval, the system automatically deletes the job.
  4. (
    Optional
    ) Delete and active log retrieval job.To delete an active log retrieval job, run the following query:
    https://
    <firewall>
    /api/?key=
    <apikey>
    &type=log&action=finish&job-id=
    <id>
    A successful completion returns a job ID.

Recommended For You