auditlog.v1
Available Services
arista/auditlog.v1/auditlog.proto
Attributes
Attributes are fields that make up the audit log.
| Field Name | Type | Description |
|---|---|---|
| user | google.protobuf.StringValue | user is the CloudVision user to which the log corresponds to. |
| timestamp | google.protobuf.Timestamp | timestamp at which the log was generated. eg: 2006-01-02T15:04:05.000Z |
| severity | Severity | severity is level of importance or urgency of the audit log message. eg: Debug, Info, Error |
| device_name | google.protobuf.StringValue | device_name of the device for which audit log is sent. |
| service | google.protobuf.StringValue | service name for which audit log is added. eg: aaa, accesscontrol, inventory |
| message | google.protobuf.StringValue | message in the audit log. eg: "user logged in" |
| tags | fmp.MapStringString | tags associated with the audit log. eg: |
Auditlog
Auditlog contains the different fields as well as the formatted log.
| Field Name | Type | Description |
|---|---|---|
| key | AuditlogKey | key is the unique key for each message. |
| attributes | Attributes | attributes are the different fields that make up the audit log. |
| log | google.protobuf.StringValue | log is the formatted log message containing the different attributes including timestamp, serviceName, severity , userName in addition to the message. May 17 12:50:54 host service Message: user logged in, User: abc |
AuditlogKey
AuditlogKey is the unique key for each message.
| Field Name | Type | Description |
|---|---|---|
| id | google.protobuf.StringValue | id is the unique uuid for an audit log. |
Category
Category organizes audit logs into different groups using the CategoryType and the identifier
eg: filter:[{category:{type:CATEGORY_TYPE_INVENTORY,identifier:abc}}]
filters all logs associated with the service "inventory" and device abc
| Field Name | Type | Description |
|---|---|---|
| type | CategoryType | type of the category. |
| identifier | google.protobuf.StringValue | identifier is the object with which we want to filter the category. eg: fetch all logs from the device with id abc Here the category is inventory and the identifier is abc. |
| custom_type | google.protobuf.StringValue | custom_type is a custom category that can be created by the user. this is used if none of the existing categories can support the users's usecase. |
Filter
Filter are the different filters that can be applied.
| Field Name | Type | Description |
|---|---|---|
| category | Category | category filters based on category of the logs. eg:
filters all logs associated with the service abc. |
| queries | fmp.RepeatedString | queries is the list of strings that should be present in the log. eg: logs containing the string abc. |
| tags | fmp.MapStringString | tags filters based on tags associated with the log. eg: searches for all logs associates with the tag id:xyz. |
| severity | Severity | severity is level of importance or urgency of the audit log message. |
| user | google.protobuf.StringValue | user filters the audit logs by given username across categories. |
CategoryType
CategoryType is the type of the category
| Name | Number | Description |
|---|---|---|
| CATEGORY_TYPE_UNSPECIFIED | 0 | CATEGORY_TYPE_UNSPECIFIED categoryType |
| CATEGORY_TYPE_INVENTORY | 1 | CATEGORY_TYPE_INVENTORY categoryType the identifier for this category is the deviceId |
| CATEGORY_TYPE_CONFIGLET | 2 | CATEGORY_TYPE_CONFIGLET categoryType the identifier for this category is a custom identifier defined by the user. |
| CATEGORY_TYPE_IMAGE | 3 | CATEGORY_TYPE_IMAGE categoryType the identifier for this category is a custom identifier defined by the user. |
| CATEGORY_TYPE_LABEL | 4 | CATEGORY_TYPE_LABEL categoryType the identifier for this category is a custom identifier defined by the user. |
| CATEGORY_TYPE_USER | 5 | CATEGORY_TYPE_USER categoryType the identifier for this category is a custom identifier defined by the user. |
| CATEGORY_TYPE_CHANGECONTROL | 6 | CATEGORY_TYPE_CHANGECONTROL categoryType the identifier for this category is a custom identifier defined by the user. |
| CATEGORY_TYPE_ROLE | 7 | CATEGORY_TYPE_ROLE categoryType the identifier for this category is a custom identifier defined by the user. |
| CATEGORY_TYPE_SNAPSHOT | 8 | CATEGORY_TYPE_SNAPSHOT categoryType the identifier for this category is a custom identifier defined by the user. |
| CATEGORY_TYPE_EXECACTION | 9 | CATEGORY_TYPE_EXECACTION categoryType the identifier for this category is a custom identifier defined by the user. |
| CATEGORY_TYPE_ACCESSCONTROL | 10 | CATEGORY_TYPE_ACCESSCONTROL categoryType the identifier for this category is a custom identifier defined by the user. |
Severity
Severity is the level of criticality of the log.
| Name | Number | Description |
|---|---|---|
| SEVERITY_UNSPECIFIED | 0 | SEVERITY_UNSPECIFIED severity |
| SEVERITY_EMERGENCY | 1 | SEVERITY_EMERGENCY severity |
| SEVERITY_ALERT | 2 | SEVERITY_ALERT severity |
| SEVERITY_CRITICAL | 3 | SEVERITY_CRITICAL severity |
| SEVERITY_ERROR | 4 | SEVERITY_ERROR severity |
| SEVERITY_WARNING | 5 | SEVERITY_WARNING severity |
| SEVERITY_NOTICE | 6 | SEVERITY_NOTICE severity |
| SEVERITY_INFO | 7 | SEVERITY_INFO severity |
| SEVERITY_DEBUG | 8 | SEVERITY_DEBUG severity |
arista/auditlog.v1/services.gen.proto
AuditlogRequest
| Field Name | Type | Description |
|---|---|---|
| key | AuditlogKey | Key uniquely identifies a Auditlog instance to retrieve. This value must be populated. |
| time | google.protobuf.Timestamp | Time indicates the time for which you are interested in the data. If no time is given, the server will use the time at which it makes the request. |
AuditlogResponse
| Field Name | Type | Description |
|---|---|---|
| value | Auditlog | Value is the value requested. This structure will be fully-populated as it exists in the datastore. If optional fields were not given at creation, these fields will be empty or set to default values. |
| time | google.protobuf.Timestamp | Time carries the (UTC) timestamp of the last-modification of the Auditlog instance in this response. |
AuditlogSomeRequest
| Field Name | Type | Description |
|---|---|---|
| keys | AuditlogKey[...] | |
| time | google.protobuf.Timestamp | Time indicates the time for which you are interested in the data. If no time is given, the server will use the time at which it makes the request. |
AuditlogSomeResponse
| Field Name | Type | Description |
|---|---|---|
| value | Auditlog | Value is the value requested. This structure will be fully-populated as it exists in the datastore. If optional fields were not given at creation, these fields will be empty or set to default values. |
| error | google.protobuf.StringValue | Error is an optional field. It should be filled when there is an error in the GetSome process. |
| time | google.protobuf.Timestamp | Time carries the (UTC) timestamp of the last-modification of the Auditlog instance in this response. |
AuditlogStreamRequest
| Field Name | Type | Description |
|---|---|---|
| filter | Filter[...] | For each Auditlog in the list, all populated fields are considered ANDed together as a filtering operation. Similarly, the list itself is ORed such that any individual filter that matches a given Auditlog is streamed to the user. |
| time | arista.time.TimeBounds | TimeRange allows limiting response data to within a specified time window. If this field is populated, at least one of the two time fields are required. For GetAll, the fields start and end can be used as follows: * end: Returns the state of each Auditlog at end. * Each Auditlog response is fully-specified (all fields set). * start: Returns the state of each Auditlog at start, followed by updates until now. * Each Auditlog response at start is fully-specified, but updates may be partial. * start and end: Returns the state of each Auditlog at start, followed by updates until end. * Each Auditlog response at start is fully-specified, but updates until end may be partial. |
AuditlogStreamResponse
| Field Name | Type | Description |
|---|---|---|
| value | Auditlog | Value is a value deemed relevant to the initiating request. This structure will always have its key-field populated. Which other fields are populated, and why, depends on the value of Operation and what triggered this notification. |
| time | google.protobuf.Timestamp | Time holds the timestamp of this Auditlog's last modification. |
| type | arista.subscriptions.Operation | Operation indicates how the Auditlog value in this response should be considered. Under non-subscribe requests, this value should always be INITIAL. In a subscription, once all initial data is streamed and the client begins to receive modification updates, you should not see INITIAL again. |
MetaResponse
| Field Name | Type | Description |
|---|---|---|
| time | google.protobuf.Timestamp | Time holds the timestamp of the last item included in the metadata calculation. |
| type | arista.subscriptions.Operation | Operation indicates how the value in this response should be considered. Under non-subscribe requests, this value should always be INITIAL. In a subscription, once all initial data is streamed and the client begins to receive modification updates, you should not see INITIAL again. |
| count | google.protobuf.UInt32Value | Count is the number of items present under the conditions of the request. |
AuditlogService
| Method Name | Request Type | Response Type | Description |
|---|---|---|---|
| GetOne | AuditlogRequest | AuditlogResponse | |
| GetSome | AuditlogSomeRequest | AuditlogSomeResponse stream | |
| GetAll | AuditlogStreamRequest | AuditlogStreamResponse stream | |
| Subscribe | AuditlogStreamRequest | AuditlogStreamResponse stream | |
| GetMeta | AuditlogStreamRequest | MetaResponse | |
| SubscribeMeta | AuditlogStreamRequest | MetaResponse stream |