Solved: API to get the event data from Cluster Management to fetch the logged in users

AntonioSousa · ‎23 Apr 2020

It seems that it is possible to get the Managed "Audit Log" through API, despite still not having used it:

https://www.dynatrace.com/support/help/extend-dynatrace/dynatrace-api/environment-api/audit-logs/get...

Does anyone know if it's possible to get the "Event Log" from the CSC in Managed?

Antonio Sousa

Radoslaw_Szulgo · ‎26 May 2020

Audit logs in the environment are not the same as Audit in Cluster Management Console. However they overlap in major part.

There’s no Cluster REST API currently to get cluster changes. To fetch them to an external tool, you can pull and process audit logs from the node. You are interested in :

Audit.user.log - log ins and log outs
Audit.config.change.log - all configuration changes

hope this helps. REST API will be maybe available late this year or early next year.

Senior Product Manager,
Dynatrace Managed expert

mrgrvs · ‎23 Mar 2021

hi!
Do you have information on this functionality?

thanks!

auke_wesselink · ‎24 Jun 2021

Do you have more information about this question?

We really want the CMC events pulled from the cluster with the API, but I couldn't find this.

Also for the CMC audit logs we would like this!

fstekelenburg · ‎21 Feb 2022

Adding as a note to Linux users, since filenames are case sensitive, make sure to to search for audit.user and audit config. Especially handy when you have the mlocate package installed.

# locate udit.user
/var/opt/dynatrace-managed/log/nodekeeper/audit.user.0.0.log
/var/opt/dynatrace-managed/log/nodekeeper/audit.user.0.0.log.lck
/var/opt/dynatrace-managed/log/security-Gateway/audit.user.0.0.log
/var/opt/dynatrace-managed/log/security-Gateway/audit.user.0.0.log.lck
/var/opt/dynatrace-managed/log/server/audit.user.0.0.log
/var/opt/dynatrace-managed/log/server/audit.user.0.0.log.lck

# locate udit.config
/var/opt/dynatrace-managed/log/server/audit.config.change.0.0.log
/var/opt/dynatrace-managed/log/server/audit.config.change.0.0.log.lck
/var/opt/dynatrace-managed/log/server/audit.config.change.0.1.log

Kind regards, Frans Stekelenburg Certified Dynatrace Associate | measure.works, Dynatrace Partner

fstekelenburg · ‎29 Mar 2023

Original question was: "it's possible to get the 'Event Log' from the CSC in Managed?"

Although Audit logs have been discussed, the Events log seems yet unanswered.
The Cluster API does not show this information.
Cluster API - Authentication | Dynatrace Docs

The necessity is also indicated in RFE - Managed Cluster - Notification/send alert of cluster severe and warning events - Dynatrace Com...

Kind regards, Frans Stekelenburg Certified Dynatrace Associate | measure.works, Dynatrace Partner

fstekelenburg · ‎13 Apr 2023

If somebody has a work around, please share.
Like a (3rd party?) log forwarder to Dynatrace environment. Checking for Cluster Events in the audit.cluster.event.0.0.log, residing in /var/opt/dynatrace-managed/log/server.

Kind regards, Frans Stekelenburg Certified Dynatrace Associate | measure.works, Dynatrace Partner

purva_bundela · ‎24 Apr 2019

API to get the event data from Cluster Management to fetch the logged in users

purva_bundela · ‎25 Apr 2019

can you please help in this query. We need to figure out the data of active users, utilizing the Dynatrace environment

purva_bundela · ‎26 Apr 2019

Any update in this?

fstekelenburg · ‎29 Mar 2023

See Solved: Cluster "Event Log" through API? - Dynatrace Community

Kind regards, Frans Stekelenburg Certified Dynatrace Associate | measure.works, Dynatrace Partner