Logging

you can view swimlane logs on the swimlane settings, logging page you control the level at which logs are reported logging levels are progressive in the order seen in the table below for example, if you have set the logging level to info, you will receive the logging details for the info level, as well as those for debug, warn, and error if you have set the logging level to warn, you will only receive the logging details for warn and error logging levels include logging level what the level includes info audit information such as when and what user saved or updated an application or record and all levels below debug detailed internal system information used for problem resolution and all levels below warn warnings and all levels below error errors when something does not complete successfully use the messages from logs when contacting swimlane support regarding an error viewing logs to view logs from the navigation menu, click logging on logging, the log data displays log item description timestamp lists the date and the time of the logged event hover over the timestamp to see the server and local/user time of the logged event level displays the logging level of the event message displays the swimlane message for the logged event expanded message expands the view of the swimlane message jump to date opens a calendar from which you can select a specific date to view logs from filter by level allows you to filter the logs by level you can select more than one level fetch fetches the latest logs configuring logging levels you need to update the configuration for your deployment in order to set the levels for logging configuration is done via the spi admin console to configure environment variables for logging levels navigate to the spi admin console and open the configuration tab navigate to the swimlane settings section on the configuration page and update the swimlane logging level text field by default, the value is set to warn see the logging levels table above for more information about how levels report back as logs optionally, enable audit logging it is required that the swimlane logging level is set to info so that all audit logs show up navigate to the bottom of the page and save your changes, you will be prompted to deploy the new configuration immediately or you can deploy it in the version history tab at a later point in time in the version history tab, the latest sequence id should correspond to the sequence id shown on the pop up when you save the configuration changes using an external api to forward logs as an orchestrator, sometimes you may need to forward swimlane logs to use in other technology the process outlined here shows you how to forward the logs via an external api swimlane has developed a reporting api that can report on log events the reporting occurs in the order of this priority list authentication events logins, logoffs, failed logins direct logins as well as via saml failed multi factor authentication (mfa), password changes, mfa changes (e g , switching it off) saml authentication settings authentication configuration changes modification of mfa, saml settings authorization events (users, groups, roles) changes (add, modify, delete) to users, groups, and roles changes to group and role membership fine grained permission changes on groups, roles, objects functional changes (add, modify, delete) to application settings, playbook configurations, workflows integrations application record deletions or manual modification by user (excluding data ingested by integrations or updated by playbooks) settings events changes to login, authentication and password policy settings, proxy settings changes to advanced configuration settings email settings logging asset events creation updates deletion here is the outline of the api endpoint to get logs for a specific time period { "limit" \<logs limit in response>, "pagenumber" \<page number>, “level” \<list of log level(s)>, "from" "\<from date>", "to" "\<to date>", "relativetime" "\<specific value of range>", "searchvalue" \<search value of the log message> } use this table to further understand the payload details field definition available values "limit" limits the number of records that return for a specific page the default is 1000 the max limit is also 1000 (optional) a numeric value "pagenumber" based on the limit and the total number of records the report return the number of pages required to get all the records for that particular time period you can choose which pagenumber you want to get the data from if no pagenumber is specified, the report returns the first page a numeric value "level" allows you to type of logs they want to get into the third party technology info, error, warn, debug (info and warn are the default values) "from" and "to" date time in zulu time (utc time zone) utc time format xx\ xx\ xxz either "from" and "to" or "relativetime" must be specified "relativetime" time relative to the current time 1m = last 1 minute, 1h = last 1 hour, or 1d = last 2 day, or 1w = last 1 week and so on either "from" and "to" or "relativetime" must be specified "searchvalue" you can search for logs with specific keywords if you don't specify a searchvalue all records are returned if searchvalue is present the logs will be filtered to those specific keywords application id or record id at this time, there is no way to separate the audit logs from the other logs you will get error logs and other logs along with audit logs example api payload