Example: Use the API to Retrieve Traffic Logs

Follow these steps to use the API retrieve traffic logs.
  1. Create a job to retrieve all traffic logs that occurred after a certain time:
    curl -X GET "https://<firewall>/api/?key=<apikey>type=log&log-type=traffic&query=(receive_time geq '2012/06/22 08:00:00')"
    Code copied to clipboard
    Unable to copy due to lack of browser support.
    A web-browser will automatically URL encode the parameters, but when using cURL, the query parameter must be URL encoded.
    Response:
    <response status="success" code="19"> <result> <msg> <line>query job enqueued with jobid 18</line> </msg> <job>18</job> </result> </response>
    Code copied to clipboard
    Unable to copy due to lack of browser support.
  2. Retrieve traffic log data using the following request using the job ID as the value returned in the previous response:
    curl -X GET "https://<firewall>/api/?key=<apikey>type=log&action=get&job-id=<id>"
    Code copied to clipboard
    Unable to copy due to lack of browser support.
  3. Confirm that the XML response looks similar to the following:
    <response status="success""> <result> <job>...</job> <log> <logs count="20" progress="100n> <entry logid="5753304543500710425"> <domain>1</domain> <receive_time>2012/06/13 15:43:17</receive_time> <serial>001606000117</serial> <segno>6784588</segno> <actionflags>0x0</actionflags> <type>TRAFFIC</type> <subtype>start</subtype> <config_ver>1</config_ver> <time_generated>2012/06/13 15:43:17</time_generated> <src>172.16.1.2</src> <dst>10.0.0.246</dst> <natsrc>10.16.0.96</natsrc> <natdst>10.0.0.246</natdst> <rule>default allow</rule>
    Code copied to clipboard
    Unable to copy due to lack of browser support.
    When the job status is FIN (finished), the response automatically includes all the logs in the XML data response. The
    <log>
    node in XML is not present when the job status is still pending. After successful log data retrieval, the system automatically deletes the job.
  4. (
    Optional
    ) Delete and active log retrieval job.To delete an active log retrieval job, run the following query:
    curl -X GET "https://<firewall>/api/?key=<apikey>type=log&action=finish&job-id=<id>"
    Code copied to clipboard
    Unable to copy due to lack of browser support.
    A successful completion returns a job ID.

Recommended For You