There are many categories of audit events, so you may have to look under a different category to find the data you are looking for. For example, "Query Export events" or "Query update events" may have audit information for the events of interest.

The "Client API Actions" event type is not automatically populated except when errors occur when using the Javascript client (See https://www.labkey.org/download/clientapi_docs/javascript-api/symbols/LABKEY.Utils.html#.onError).

Susan

Thanks for your response Susan.

Perhaps I should explain the source of this question. I just happened to be looking in the audit log for any events logged when we requested a data dump of a table in LabKey via a perl script. We then uploaded new data to another table. I looked through the entire audit log and saw no record of this event for this project.. Perhaps I'm not looking in the right place somehow but I looked under every category in the log. I was surprised hence the inquiry...

Still not clear on that.

Wayne H

Hi Wayne,

That information wouldn't be recorded in the Audit Logs. However, you should be able to check the localhost access logs in Tomcat to see if anyone has accessed the specific API endpoint and the user (provided that you configured your server.xml file to capture that information as outlined here - https://github.com/LabKey/samples/blob/master/ops/config-examples/server.xml). You'll know your server.xml is setup to capture the LabKey user if it is setup like this:

<Valve className="org.apache.catalina.valves.AccessLogValve"
            directory="logs"
            prefix="localhost_access_log."
            suffix=".txt"
            resolveHosts="false"
            pattern="%h %l %u %t &quot;%r&quot; %s %b %D %S &quot;%{Referer}i&quot; &quot;%{User-Agent}i&quot; %{LABKEY.username}s %q" />


For example, if I ran an R query from my standalone version of R against LabKey.org to do a query on issues, it would look like this in the localhost access logs:

123.123.123.123 - - [18/Oct/2017:20:49:13 -0700] "GET /query/Support/selectRows.api?schemaName=issues&query.queryName=SupportTickets&apiVersion=8.3&query.showRows=all&query.Status~eq=open&query.IssueNumber~isblank=&query.Milestone~neqornull=TBD HTTP/1.1" 200 24317 1821 B4F1044AXXXXXXXXXXXXXXXX456 "-" "Rlabkey" myuser@domain.com ?

The logs would show the IP that accessed the server, the date, the HTTP method (GET, POST, etc), the specific page or endpoint with any kind of parameters (if applicable), the HTTP protocol, the response (e.g. 200, 302, 404, 500, etc), the size in bytes, the time in milliseconds it took to process, the User Session ID, the referrer (if applicable), the user-agent (this is where it would indicate a browser or if you're using something like R or Perl), and finally the user who did it.

So although your Audit Logs may not have this, that information is still being captured in the localhost access log to a point. You might not be able to see the payload if it is a POST, but you should at least see something hitting the selectRows.api and insertRows.api endpoints, the user-agent being Perl, and the user that did the actual API call.

Regards,

Jon

Got it

Thanks,
W