Azure DevOps审核日志下载剩余api在给定月份内未下载经过过滤的数据 [英] Azure DevOps audit logs download rest api not downloading filtered data for given months

问题描述

您好，我无法在上述持续时间内下载数据，它会下载所有日志.

  $ outfile ="/logs.csv"$ connectionToken =".$ base64AuthInfo = [System.Convert] :: ToBase64String([System.Text.Encoding] :::ASCII.GetBytes(:$($ connectionToken)"))$ AuditLogURL =" https://auditservice.dev.azure.com/{og_name}/_apis/audit/downloadlog?格式= csv& startTime = 2020-09-04T00.00.00& endTime = 2020-10-05T00.00.00& api-version = 6.1-预览.1"$ AuditInfo = Invoke-RestMethod -Uri $ AuditLogURL -Headers @ {authorization ="Basic$ base64AuthInfo"}-方法Get –OutFile $ outfile 

在这里，我已经提到开始日期为第9个月，但我仍然可以看到第8个月的日志.

这是Microsoft的网址-GET

此外，这是在样本中使用日期格式时仍然得到空文件的原因. startTime = 2019-03-04T14:05:59.928Z& endTime = 2019-03-05T14:05:59.928Z .这是因为事件会存储90天，然后将其删除.:

访问，导出和过滤审核日志:

默认情况下，所有Azure DevOps服务的审核都处于打开状态组织.您无法关闭审核功能，这可以确保您千万不要错过一个可行的事件.事件存储90天，然后它们已被删除.但是，您可以将审核事件备份到外部数据保存时间超过90天的位置.

Hi I am not able able to download data for mentioned duration , It downloads all the logs.

$outfile = "/logs.csv"

$connectionToken=""

$base64AuthInfo= [System.Convert]::ToBase64String([System.Text.Encoding]::  
ASCII.GetBytes(":$($connectionToken)"))

$AuditLogURL = "https://auditservice.dev.azure.com/{og_name}/_apis/audit/downloadlog?  
format=csv&startTime=2020-09-04T00.00.00&endTime=2020-10-05T00.00.00&api-version=6.1-  
preview.1" 

$AuditInfo = Invoke-RestMethod -Uri $AuditLogURL -Headers @{authorization = "Basic    
$base64AuthInfo"} -Method Get –OutFile $outfile

Here I have metioned start date as month 9 still I can see logs from month 8 as-well.

This is the url from Microsoft - GET https://auditservice.dev.azure.com/{organization}/_apis/audit/downloadlog?format=json&startTime=2020-09-04T14:05:59.928Z&endTime=2020-10-05T14:05:59.928Z&api-version=6.0-preview.1

I tried using this same format for date - startTime=2019-03-04T14:05:59.928Z&endTime=2019-03-05T14:05:59.928Z then it returns empty file

How can I download filtered data for only selected month and time?

Thank you.

解决方案

How can I download filtered data for only selected month and time?

The reason for your issue is that you are using . in stead of : in your date format.

The correct date format should be:

startTime=2020-09-04T00:00:00&endTime=2020-10-05T00:00:00

The time format has strict requirements, such as yyyy-MM-dd'T'HH:mm:ss.SSSz:

yyyy: Year
MM: Month
dd: Day
HH: Hour
mm: Minute
ss: Second
SSS: Millisecond
z: Time zone

For your request, we can even ignore the detailed time and only keep the date:

startTime=2020-09-04&endTime=2020-10-05

Besides, the reason why you still get the empty file when you use the format for date in the sample. startTime=2019-03-04T14:05:59.928Z&endTime=2019-03-05T14:05:59.928Z. That because Events get stored for 90 days and then they’re deleted.：

Access, export, and filter audit logs:

Auditing is turned on by default for all Azure DevOps Services organizations. You can't turn auditing off, which ensures that you never miss an actionable event. Events get stored for 90 days and then they’re deleted. However, you can back up audit events to an external location to keep the data for longer than the 90-day period.

这篇关于Azure DevOps审核日志下载剩余api在给定月份内未下载经过过滤的数据的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！