menlo-audit-logs
Get audit logs from Menlo Security service.
menlo-audit-logs [profile=PROFILE] [duration=NUM{mon|w|d|h|m|s}] [from=yyyyMMddHHmmss] [to=yyyyMMddHHmmss]
- profile=PROFILE
- Menlo Security connect profile code
- duration=NUM{mon|w|d|h|m|s}
- Scan only recent data. You should use s(second), m(minute), h(hour), d(day), mon(month) time unit. For example,
10smeans data from 10 seconds earlier. - from=yyyyMMddHHmmss
- Start time of range. yyyyMMddHHmmss format. If you omit time part, it will be padded by zero.
- to=yyyyMMddHHmmss
- End time of range. yyyyMMddHHmmss format. If you omit time part, it will be padded by zero.
Output Fields
| Field | Type | Name | Description |
|---|---|---|---|
| _time | Date | Time | |
| src_ip | IP address | Source IP | |
| user | String | User | Email format |
| roles | String | Roles | e.g. Default |
| req_type | String | Request type | e.g. authentication |
| sub_event_type | String | Event type | e.g. login, logout |
| action | String | Action | e.g. login, logout |
| details | String | Details | JSON format |
| rev_id | String | Revision ID | |
| vendor | String | Vendor | e.g. Menlo Security |
| product | String | Product | e.g. MSIP |
| version | String | Version | e.g. 2.0 |