GET Audit Download

The GET /Audit/Download method returns a comma-delimited list of all audit entries matching the requested filters appropriate for output to a CSV file. Query parameters enable filtering using defined criteria, and customization of sorting based on specified fields and order. This method returns HTTP 200 OK on a success with the information requested in comma-delimited form with the property names at the start of the list and then the values.

Important:  A large data set can result in long processing time and heavy resource loads on your Keyfactor Command server. Use the QueryString parameterClosed A parameter or argument is a value that is passed into a function in an application. to limit the records to be returned.
Tip:  The following permissions (see Security Roles and Claims) are required to use this feature:

/auditing/read/

Table 287: GET Audit Download Input Parameters

Name In Description
QueryString Query

A string containing a query to limit the results (e.g., field1 -eq value1 AND field2 -gt value2). The default is to return all records. Fields available for querying through the API for the most part match those that appear in the Keyfactor Command Management Portal search dropdowns for the same feature. For querying guidelines, refer to: Using the Audit Log Search Feature. The query fields supported for this endpoint are:
SortField Query

A string containing the property by which the results should be sorted. Fields available for sorting through the API include:

  • Category

  • Level

  • Operation

  • Timestamp

Available sort fields are affected by the query provided in QueryString. The default sort field is Timestamp.
SortAscending Query An integer that sets the sort order on the returned results. A value of 0 sorts results in ascending order while a value of 1 sorts results in descending order. The default is ascending.

Table 288: GET Audit Download Response Data

Name

Description
Id The ID of the specified audit log entry.
TimeStamp The timestamp (UTC) on the audit log entry indicating when the action performed occurred.
Message The message as displayed in the Keyfactor Command Management Portal.
Operation

A string identifying the operation of the audit entry. ClosedShow audit operations.
Level

A string indicating the alert level of the audit log entry. ClosedShow audit levels.
User The user who performed the audit event in DOMAIN\username format.
Category The category of the object being audited (e.g., Template, Certificate).
Name An identifier of the object being audited (e.g., the template name for a template, the CN for a certificate). It is important to note that this is a value that is typically used for easy identification of an object, but is not necessarily unique, and is subject to change.
XMLMessage XML data on the audit event.
Tip:  See the Keyfactor API Reference and Utility which provides a utility through which the Keyfactor APIClosed An API is a set of functions to allow creation of applications. Keyfactor offers the Keyfactor API, which allows third-party software to integrate with the advanced certificate enrollment and management features of Keyfactor Command. endpoints can be called and results returned. It is intended to be used primarily for validation, testing and workflowClosed A workflow is a series of steps necessary to complete a process. In Keyfactor Command, it refers to the workflow builder, which allows you to automate event-driven tasks such as when a certificate is requested, revoked or found in a certificate store. development. It also serves secondarily as documentation for the API. The link to the Keyfactor API Reference and Utility is in the dropdown from the help icon () at the bottom of the Management Portal side menu.