Permissions to read auditlog entries via REST API

sash · June 1, 2018, 10:28am

I’m trying to use the REST API to retrieve auditlog messages. Right now I’m struggling though to figure out which permissions are nessecary to be able to use that endpoint.

I’ve tried giving the user “plugin:read” but according to this it is not even a valid endpoint. An admin user with “*” permissions can access the auditlog endpoint just fine.

What am I doing wrong here?

I’m using Graylog 2.3.2

jochen · June 1, 2018, 11:35am

The only permission a user needs to read audit log messages is auditlog_entry:read.

sash · June 1, 2018, 11:50am

Thanks, works perfectly!

system · June 15, 2018, 11:53am

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Allow non-admin user to see all input logs Graylog Central (peer support)	5	1855	April 22, 2019
Graylog 4 User permission via REST api distinguished from user interface? Graylog Central (peer support)	1	624	February 15, 2021
Restrict read to access streams Graylog Central (peer support) documentation	4	652	November 17, 2022
REST API Search authorization Graylog Central (peer support)	2	3887	May 24, 2017
User with stream edit permission able to get all log messages Graylog Central (peer support)	2	522	November 21, 2017

Permissions to read auditlog entries via REST API

Related topics