Disclaimer: Please be advised that some of the information in this article is maintained for legacy reasons, and should not be utilized as the primary source of Log Extract examples. Please contact Support to access the most up-to-date Log Extract package
The code samples provided below is for reference only. Authentic8 strongly recommends developing a custom script using practices that are best suited for your organization. Logs are stored in the Authentic8 database, and can be manually exported from the Logs section of the Admin Console or programmatically via the Log Extract API
An Authentication Token is a security credential required for programmatic access to the Log Extract API. Authentication tokens are issued by the Authentic8 Support team. Please have your organizations Silo Administrator reach out to Support to obtain a Log Extract API token
Important: Effective March 30 2020, Authentic8 endpoints will only support TLS 1.2 connections and will cease support for TLS 1.1. If you use one of our native applications, please ensure their version meets the minimum requirement to support
Log Extraction Reference (Unencrypted Logs)
For the Clear Text — Log Extract sample scripts below, the parameters are:
-o — org name
-t — API token
-i <start_sequence_id>
-I <end_sequence_id>
-d <start date>
-D <end date>
One of -i or -d is used to specify the starting point of the log extraction. Optionally, -I or -D can be used to specify the end point of the log extraction. It is strongly recommended that the sequence id is used to determine the log records retrieved to avoid any data loss or duplication
Supported Log Types are: URL, DOWNLOAD, UPLOAD, SESSION, AUTH (authentication logs for Silo session ONLY), ADMIN_AUDIT, LOCATION CHANGE, BLOCKED URL, TRANSLATION, & A8SS
The result is a JSON object, which has three keys at the top level
is_more: a boolean which is true if more log files are available
next_seq: a sequence number to use with -i for the next set of log files
logs: a list of JSON objects representing the log lines
cURL Log Extract Example for Clear Text logs:
curl -k -X POST https://extapi.authentic8.com/api/ \
-H "Content-Type: application/json" \
-d '[
{"command": "setauth", "data": "<api_token>"},
{"command": "extractlog", "start_seq": 0, "org": "<org_name>", "type": "URL"}
]'
Python 3.x Log Extract for Clear Text logs (Reference Only):
import json
import sys
import urllib.request
import urllib.error
import urllib.parse
from getopt import getopt
def usage_abort(extra=''):
sys.exit(extra + '''
Usage: log_extract -o <org_name> -t <api_token>
[ -i <start id> | -d <start date> ]
[ -I <end id> | -D <end date> ]
Example:
log_extract -o "org_name" -t auth.txt -d "2025-01-01 12:00:00"''')
opt_array, args = getopt(sys.argv[1:], 'd:i:D:I:l:o:t:')
if args:
usage_abort(' '.join(args) + ' would be ignored')
opts = dict(opt_array)
ea_host = 'extapi.authentic8.com'
if '-o' in opts:
org = opts['-o']
else:
usage_abort('Missing org')
cmd = {
'command': 'extractlog',
'org': org,
'type': 'URL'
}
if '-i' in opts:
cmd['start_seq'] = int(opts['-i'])
if '-d' in opts:
cmd['start_time'] = opts['-d']
if '-I' in opts:
cmd['end_seq'] = int(opts['-I'])
if '-D' in opts:
cmd['end_time'] = opts['-D']
if not ('start_seq' in cmd or 'start_time' in cmd):
cmd['start_seq'] = 0
if '-l' in opts:
cmd['limit'] = int(opts['-l'])
with open(opts['-t'], 'r', encoding='utf-8') as t:
auth_data = t.read().strip()
auth_cmd = {
'command': 'setauth',
'data': auth_data
}
req_data = json.dumps([auth_cmd, cmd]).encode('utf-8')
req = urllib.request.Request(
f'https://{ea_host}/api/',
data=req_data,
headers={'Content-Type': 'application/json'}
)
try:
with urllib.request.urlopen(req) as reader:
res = json.loads(reader.read().decode('utf-8'))
except urllib.error.URLError as e:
sys.exit(f"Error: {e}")
assert len(res) == 2
if 'result' in res[1]:
print(json.dumps(res[1]['result'], indent=2, ensure_ascii=False))
else:
print('Failure')
import pprint
pprint.pprint(res[1].get('error', {}))
Log Extraction (Encrypted Logs)
Extracting and decrypting encrypted logs requires configuring a log encryption policy within Authentic8, and uses the free SECCURE ECC public key encryption toolset, which is licensed under the GNU Lesser General Public License v3 (LGPL)
Source packages and documentations can be found at: http://point-at-infinity.org/seccure/
Also see the installation instructions for the Python SECCURE library at:
https://github.com/bwesterb/py-seccure
General Log Encryption information is available here for review
The following are the parameters for the sample scripts below:
-o — org name
-t — API token
-p — passphrase
-i <start_sequence_id>
-I <end_sequence_id>
-d <start date>
-D <end date>
One of -i or -d is used to specify the starting point of the log extraction. Optionally, -I or -D can be used to specify the end point of the log extraction
Supported Log Type is ENC only for encrypted logs
After extraction and decryption, the regular Authentic8 log types (e.g., AUTH, SESSION) may be identified, as well as additional POST DATA and COOKIES log types. POST DATA and COOKIES log types are only available when using log encryption
The result is a JSON object, which has three keys at the top level:
is_more: a boolean which is true if more log files are available
next_seq: a number to use with -i for the next set of log files
logs: a list of JSON objects representing the log lines.
cURL Log Extract Example for Encrypted logs:
curl -k -X POST https://extapi.authentic8.com/api/ \
-H "Content-Type: application/json" \
-d '[
{"command": "setauth", "data": "<api_token>"},
{"command": "extractlog", "start_seq": 0, "org": "<org_name>", "type": "ENC"}
]'
Best Practice: For Windows systems, Cygwin can be installed in order to utilize the cURL command-line tool
Python 3.x Log Extract for Encrypted logs (Reference Only):
#!/usr/bin/env python3
import base64
import json
import sys
import urllib.request
import urllib.error
import urllib.parse
import argparse
import seccure
def usage_abort(extra=''):
sys.exit(extra + '''\n
Usage: enc_log_extract -o <org name> -t <api_token> -p <passphrase>
[ -i <start id> | -d <start date> ]
[ -I <end id> | -D <end date> ]
Example:
enc_log_extract -o "org_name" -t auth.txt -p passphrase.txt -d "2025-07-01 14:00:00"''')
# Argument parsing
parser = argparse.ArgumentParser()
parser.add_argument('-o', required=True, help='org_name')
parser.add_argument('-t', required=True, help='api_token')
parser.add_argument('-p', required=True, help='passphrase')
parser.add_argument('-i', type=int, help='Start ID')
parser.add_argument('-d', help='Start date')
parser.add_argument('-I', type=int, help='End ID')
parser.add_argument('-D', help='End date')
parser.add_argument('-l', type=int, help='Limit')
args = parser.parse_args()
ea_host = 'extapi.authentic8.com'
# Construct command
cmd = {
'command': 'extractlog',
'org': args.o,
'type': 'ENC'
}
if args.i:
cmd['start_seq'] = args.i
if args.d:
cmd['start_time'] = args.d
if args.I:
cmd['end_seq'] = args.I
if args.D:
cmd['end_time'] = args.D
if 'start_seq' not in cmd and 'start_time' not in cmd:
cmd['start_seq'] = 0
if args.l:
cmd['limit'] = args.l
# Read authentication token
with open(args.t, 'r', encoding='utf-8') as t:
auth_cmd = {
'command': 'setauth',
'data': t.read().strip()
}
# Read passphrase
with open(args.p, 'r', encoding='utf-8') as p:
passphrase = p.read().strip()
# Send request
req = urllib.request.Request(
f'https://{ea_host}/api/',
data=json.dumps([auth_cmd, cmd]).encode('utf-8'),
headers={'Content-Type': 'application/json'}
)
try:
with urllib.request.urlopen(req) as response:
res = json.load(response)
except urllib.error.URLError as e:
sys.exit(f'Error connecting to API: {e}')
assert len(res) == 2
if 'result' in res[1]:
for l in res[1]['result']['logs']:
l['clear'] = json.loads(
seccure.decrypt(base64.b64decode(l['enc']), passphrase, curve='secp256r1/nistp256')
)
print(json.dumps(res[1]['result'], indent=2, ensure_ascii=False))
else:
print('Failure')
import pprint
pprint.pprint(res[1]['error'])