Permissions to read auditlog entries via REST API

I’m trying to use the REST API to retrieve auditlog messages. Right now I’m struggling though to figure out which permissions are nessecary to be able to use that endpoint.

I’ve tried giving the user “plugin:read” but according to this it is not even a valid endpoint. An admin user with “*” permissions can access the auditlog endpoint just fine.

What am I doing wrong here?

I’m using Graylog 2.3.2

The only permission a user needs to read audit log messages is auditlog_entry:read.

Thanks, works perfectly!

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.