Cloud Administration System Event Log API
The Cloud Administration System Event Log API is a REST-based web services interface that allows administration system log events to be retrieved from Cloud Access Service (CAS). You can use this REST API to download to a Cloud Administration System Event Log API client sofware. For example, you can import the system log events into your security information and event management (SIEM) solution, such as NetWitness, you can write your own custom Administration System Event Log API client software, or use the Java or Python utilities or curl commands in the Admin Rest API package on the RSA Downloads page (RSA Community login is required).
Events are retrieved in chronological order in batches, and do not contain duplicates. They can be filtered by date range. All system events are retained in CAS for 90 days and then purged, so events from the last 90 days are available for download using this API.
For information on audit log messages that describe Helpdesk Administrator and Super Administrator activities, see System Event Monitor Messages for Cloud Access Service.
For information about managing access to this API, see Accessing the Cloud Administration APIs.
Authentication
System Event Log API requests require an HTTP Authorization header with a bearer token to authenticate to CAS. The bearer token must be created as described in Authentication for the Cloud Administration APIs.
Software Developer Kit
You can download the API Software Developer Kit (SDK) as the RSA SecurID Access Administration REST API. It is available from the RSA ID Plus Downloads page (RSA Community login is required).
Request Requirements
Use the following method, request URL, body response, response body type, and response codes to retrieve administration events from CAS and deliver them to your API client.
| Method | Request URL | Response Body | Response Body Type | Response Codes |
|---|---|---|---|---|
| GET | /AdminInterface/restapi/v1/systemlog/exportlogs | Metadata plus array of System log events | application/json | 200, 400, 403, 429 |
Request Parameters
The System Event Log API allows the following optional parameters.
Note: The request query parameter values may contain reserve characters that need to be URL encoded. Otherwise, the server may send a 400 Bad Request error. For example, the ISO 8601 Date and Time format may contain the + character if the specific time zone has an offset from UTC, such as+05:30. The + character needs to be encoded as %2B.
| Name | Description | Type | Default Value | Example |
|---|---|---|---|---|
| startTimeAfter | Start time of log events. | ISO 8601 Date Time | Current time - 1 day | 2018-05-01T11:22:12.828-05:30 |
| endTimeOnOrBefore | End time of log events. | ISO 8601 Date Time | Current time | 2018-05-09T21:06:33.125-05:30 |
| pageNumber | The pageNumber parameter will be validated when it exceeds the application's maximum limit of 10,737,417. If this limit is crossed, the system returns an HTTP 400 response. | Integer | 0 | 5 |
| pageSize | Number of records to return in a page (or batch). Value between 1-100. Any value specified outside of this range will be treated as 100. | Integer | 100 | 50 |
Request Examples
The following example displays a REST API request with no parameters.
GET /AdminInterface/restapi/v1/systemlog/exportlogs
Accept: application/json
Authorization: Bearer <bearer token>
The following example shows a REST API request with a specified start time.
GET /AdminInterface/restapi/v1/systemlog/exportlogs?startTimeAfter=2018-05-01T11:22:12.828-05:30
Accept: application/json
Authorization: Bearer <bearer token>
Responses
The following table shows response metadata.
| Parameter | Description | Type |
|---|---|---|
| totalPages | Total number of pages (or batches) of results. | Integer |
| totalElements | Total number of results | Integer |
| pageSize | Number of results returned in a page (or batch) | Integer |
| currentpage | Page number associated with the results returned in the response. Pages are numbered from 0 to (totalPages - 1). | Integer |
The following example shows sample response metadata with 684 total results and a default page size of 100.
{
"totalPages": 7,
"totalElements": 684,
"pageSize": 100,
"currentPage": 0,
"elements": [
{
......
}
]
}
The following table shows API response data.
| Parameter | Description | Type |
|---|---|---|
| eventId | Identifies the event. | String |
| eventAt | Date and time when the user event was logged, in the UTC time zone. Example: 2018-05-13T16:29:59.000 UTC | ISO 8601 Date Time |
| logLevel | Event log severity level (for example, notice or error). | String |
| descriptorId | System event code. | String |
| category | System event type. | String |
| description | Description of the system event. | String |
| organizationId | Unique identifier of the organization’s deployment. | UUID in String |
| organizationName | Name of the organization’s deployment. | String |
| tenantId | Identifies the customer's deployment. | UUID in String |
| tenant | Name of the customer’s deployment. | String |
| serverIp | IP Address of the user who generated user events. | IP Address in String |
| additionalText | User identifier. | String |
| verboseFlag | Indicates if verbose details are included. | Boolean |
| createdAt | Date and time when the system event was created. | ISO 8601 Date Time |
| updatedAt | Date and time when the system event was last updated. | ISO 8601 Date Time |
Example Response
{
"totalPages": 1,
"totalElements": 2,
"pageSize": 100,
"currentPage": 0,
"elements": [
{
"eventId": "4791a6cc-1194-3af9-6af2-4cbe89040d1b",
"eventAt": "2025-12-09T11:29:20.653Z",
"logLevel": "notice",
"descriptorId": 20150,
"category": "Identity Router",
"description": "Identity router successfully connected to Authentication Manager.",
"organizationId": "ae0dc2e1-c512-4ce1-ad11-636a8dabcd1b",
"organizationName": "dak-br01-ngx-02",
"tenantId": "ae0dc2e1-c512-4ce1-ad11-636a8dabcd1b",
"tenant": "dak-br01-ngx-02",
"serverIp": "172.24.28.59",
"additionalText": "AM Agent=AM-EC, AM MFA Rest URL =https://dak-am-primary.access.pontus.rsa.com:5555, EC Host Id=39b18e65-987b-4652-9d97-ed4b7342d2b3",
"verboseFlag": false,
"createdAt": "2025-12-09T11:29:20.653Z",
"updatedAt": "2025-12-09T11:29:20.653Z"
},
{
"eventId": "2beb4ee6-3e1d-e140-d006-606d753318e3",
"eventAt": "2025-12-09T11:30:50.657Z",
"logLevel": "notice",
"descriptorId": 20150,
"category": "Identity Router",
"description": "Identity router successfully connected to Authentication Manager.",
"organizationId": "ae0dc2e1-c512-4ce1-ad11-636a8dabcd1b",
"organizationName": "dak-br01-ngx-02",
"tenantId": "ae0dc2e1-c512-4ce1-ad11-636a8dabcd1b",
"tenant": "dak-br01-ngx-02",
"serverIp": "172.24.28.59",
"additionalText": "AM Agent=AM-EC, AM MFA Rest URL =https://dak-am-primary.access.pontus.rsa.com:5555, EC Host Id=39b18e65-987b-4652-9d97-ed4b7342d2b3",
"verboseFlag": false,
"createdAt": "2025-12-09T11:30:50.657Z",
"updatedAt": "2025-12-09T11:30:50.657Z"
}
]
}Response Codes
The following table shows response codes and descriptions for this API.
| Code | Description |
|---|---|
| 200 | The request was successful. |
| 400 | Invalid or missing request parameters. |
| 403 | Not authorized to perform the request. |
| 429 | Too many requests. |
Related Articles
Maintain Authentication Agent Associations in a Duplicated User Group Number of Views Log Rotation Policy for the Appliance Logs Number of Views Replacing the Default Virtual Host Certificate Number of Views Select an Integration Path for Authentication Manager and Cloud Access Service Number of Views Monitor System Events in the Cloud Administration Console Number of Views
Trending Articles
Artifacts to gather in RSA Identity Governance & Lifecycle How to install the jTDS JDBC driver on WildFly for use with Data Collections in RSA Identity Governance & Lifecycle Oracle 12c TEMP_UNDO_ENABLED parameter for managing GTT UNDO activity in RSA Identity Governance & Lifecycle RSA announces the availability of the RSA SecurID Hardware Appliance 230 based on the Dell PowerEdge R240 Server RSA Authentication Manager 8.8 Setup and Configuration Guide
