search
Ctrlk

Audit Log Report Command

hashtag
Audit Log

This command/function helps to exports Keeper enterprise audit events to external systems or local files. It supports record-backed configuration and incremental export state, similar to Python Commander.

chevron-rightDotNet CLIhashtag

coming soon

chevron-rightDotNet SDKhashtag

Comming Soon

chevron-rightPowerCommanderhashtag

Command: Export-KeeperAuditLog

Alias: kal

Parameter:

  • -Target Export destination: json, syslog, splunk, sumo, azure-la, syslog-port

  • -Record Keeper record title or UID used to store export configuration and incremental state

  • -FilePath Output file path for json and syslog

  • -Url Endpoint URL for splunk and sumo

  • -Token Splunk HEC token, Required for splunk.

  • -SyslogHost Remote syslog server host for syslog-port

  • -SyslogPort Remote syslog server port for syslog-port t

  • -SyslogProtocol tcp or udp for syslog-port

  • -UseSsl Use TLS for syslog-port over TCP

  • -OctetCounting Use RFC 5425 framing for syslog-port

  • -WorkspaceId Azure Log Analytics workspace ID

  • -WorkspaceKey Azure Log Analytics workspace key

  • -SharedFolderUid Filter by shared folder UID

  • -NodeId Filter by enterprise node ID

  • -Days Export only events from the last N days

  • -LastEventTime Resume export from a previous Unix timestamp

  • -Anonymize Replace usernames and emails with enterprise user IDs

  • -IgnoreCertificateErrors Ignore certificate validation errors for splunk, sumo, and azure-la

Examples:

PS > Export-KeeperAuditLog -Target json -FilePath "audit_events.json" -Days 7
Exported 4271 audit event(s).                                                                                 

ExportedCount LastEventTime Target Success
------------- ------------- ------ -------
         4271    1774947466 json      True
chevron-rightPython CLIhashtag

Comming Soon

chevron-rightPython SDKhashtag

Comming Soon

PreviousAging Report CommandNextAudit Report Command

Last updated

Was this helpful?