Logging

you can view swimlane logs on the swimlane settings, logging page you control the level at which logs are reported logging levels are progressive in the order seen in the table below for example, if you have set the logging level to info, you will receive the logging details for the info level, as well as those for debug, warn, and error if you have set the logging level to warn, you will only receive the logging details for warn and error logging levels include true left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type use the messages from logs when contacting swimlane support regarding an error viewing logs to view logs from the navigation menu, click logging on logging, the log data displays true left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type configuring logging levels you need to update the configuration for your deployment in order to set the levels for logging configuration is done via the spi admin console to configure environment variables for logging levels navigate to the spi admin console and open the configuration tab navigate to the swimlane settings section on the configuration page and update the swimlane logging level text field by default, the value is set to warn see the logging levels table above for more information about how levels report back as logs optionally, enable audit logging it is required that the swimlane logging level is set to info so that all audit logs show up navigate to the bottom of the page and save your changes, you will be prompted to deploy the new configuration immediately or you can deploy it in the version history tab at a later point in time in the version history tab, the latest sequence id should correspond to the sequence id shown on the pop up when you save the configuration changes using an external api to forward logs as an orchestrator, sometimes you may need to forward swimlane logs to use in other technology the process outlined here shows you how to forward the logs via an external api swimlane has developed a reporting api that can report on log events the reporting occurs in the order of this priority list authentication events logins, logoffs, failed logins direct logins as well as via saml failed multi factor authentication (mfa), password changes, mfa changes (e g , switching it off) saml authentication settings authentication configuration changes modification of mfa, saml settings authorization events (users, groups, roles) changes (add, modify, delete) to users, groups, and roles changes to group and role membership fine grained permission changes on groups, roles, objects functional changes (add, modify, delete) to application settings, playbook configurations, workflows integrations application record deletions or manual modification by user (excluding data ingested by integrations or updated by playbooks) settings events changes to login, authentication and password policy settings, proxy settings changes to advanced configuration settings email settings logging asset events creation updates deletion here is the outline of the api endpoint to get logs for a specific time period post /logging/bulk { "limit" \<logs limit in response>, "pagenumber" \<page number>, "level" \<list of log level(s)>, "from" "\<from date>", "to" "\<to date>", "relativetime" "\<specific value of range>", "searchvalue" \<search value of the log message> } use this table to further understand the payload details true left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type at this time, there is no way to separate the audit logs from the other logs you will get error logs and other logs along with audit logs example api payload { "level" \[ "info",”warn” ], "relativetime" "1w", "searchvalue" "", "from" "2023 07 17t18 30 00 000z", "to" "2023 07 29t18 30 00 000z", "limit" 1000, "pagenumber" 3 }