Exploring Octopus audit trail

ashubhatte · 17 July 2019 12:11

Octopus has complete audit trail for each and every activities.

But it will be time consuming to find out the changes that happened to a variable or a single process.

Is there any easy way using PopwerShell or REST APIs or any other method how we can easily make use of Octopus audit trail.

Justin_Walsh · 17 July 2019 15:42

Hi @ashubhatte

You can use our REST API to query the audit log, and drill down for specific changes! You will want to query the Events endpoint. For example, if you wanted to find all of the times variables have been modified in the past 90 days, you could use a request like:

YOUR_OCTOPUS_SERVER/api/events?eventCategories=Modified&from=2019-04-18T00%3A00%3A00-04%3A00&to=2019-07-18T00%3A00%3A00-04%3A00&documentTypes=variableset&spaces=Spaces-1&includeSystem=false

Octopus is an “API-first” application, meaning that anything you can do in the web UI, you can do with API calls. We ship Octopus with a SwaggerUI, accessible at YOUR_OCTOPUS_SERVER/swaggerUI which lists and documents all of the endpoints, as well as allows you to run test calls against your instance.

I hope this helps!

ashubhatte · 19 July 2019 10:28

Yes Thank you very much. I will get back to you if I have any questions regarding this.

ashubhatte · 30 July 2019 10:16

Hi Justin,
How you were able to frame the above API query can you please elobrate.

Justin_Walsh · 30 July 2019 16:57

Hi @ashubhatte

Being API-first, as I mentioned in the first response, means that you can easily monitor the Octopus UI and see which API calls it is making. One of the best ways I’ve found of modelling an API call is to run it in the audit log within the Octopus web UI with the network pane of the developer tools open, and looking at the call being made. From there, you can use that as a reference/base for you own calls.

ashubhatte · 2 August 2019 11:31

Thank you Justin,
I am able to browse the API which you have give directly through browser but from powershell script I am getting following 401 Unauthorized error.

Justin_Walsh · 2 August 2019 23:11

Hi @ashubhatte!

You will generally see this due to a couple of common scenarios:

Using the ApiKey parameter in your query, instead of using the X-Octopus-ApiKey header value.
Doing the REST call with an API key that may not have access to view the event endpoint.

If you would like some sample powershell scripts, please feel free to take a look at our Octopus API repo here: https://github.com/OctopusDeploy/OctopusDeploy-Api/tree/master/REST/PowerShell

ashubhatte · 7 August 2019 14:54

Hi Justin,
I have rescently made changes in the variable set to test if the above Rest-API is it works properly. I am not able to find the changes done by me.

Justin_Walsh · 7 August 2019 14:59

Hi @ashubhatte!

When did you make the changes? The timestamp on that query is only until midnight, so if it’s been since then, you’ll want to adjust your to= timestamp to be current time or day+1 to include the current day’s events.

I hope this helps!

ashubhatte · 7 August 2019 15:24

Thank you Justin it works with giving current day +1

system · 8 September 2019 01:07

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.