问题
Hi I am not able able to download data for mentioned duration , It downloads all the logs.
$outfile = "/logs.csv"
$connectionToken=""
$base64AuthInfo= [System.Convert]::ToBase64String([System.Text.Encoding]::
ASCII.GetBytes(":$($connectionToken)"))
$AuditLogURL = "https://auditservice.dev.azure.com/{og_name}/_apis/audit/downloadlog?
format=csv&startTime=2020-09-04T00.00.00&endTime=2020-10-05T00.00.00&api-version=6.1-
preview.1"
$AuditInfo = Invoke-RestMethod -Uri $AuditLogURL -Headers @{authorization = "Basic
$base64AuthInfo"} -Method Get –OutFile $outfile
Here I have metioned start date as month 9 still I can see logs from month 8 as-well.
This is the url from Microsoft - GET https://auditservice.dev.azure.com/{organization}/_apis/audit/downloadlog?format=json&startTime=2020-09-04T14:05:59.928Z&endTime=2020-10-05T14:05:59.928Z&api-version=6.0-preview.1
I tried using this same format for date - startTime=2019-03-04T14:05:59.928Z&endTime=2019-03-05T14:05:59.928Z then it returns empty file
How can I download filtered data for only selected month and time?
Thank you.
回答1:
How can I download filtered data for only selected month and time?
The reason for your issue is that you are using . in stead of : in your date format.
The correct date format should be:
startTime=2020-09-04T00:00:00&endTime=2020-10-05T00:00:00
The time format has strict requirements, such as yyyy-MM-dd'T'HH:mm:ss.SSSz:
yyyy: Year
MM: Month
dd: Day
HH: Hour
mm: Minute
ss: Second
SSS: Millisecond
z: Time zone
For your request, we can even ignore the detailed time and only keep the date:
startTime=2020-09-04&endTime=2020-10-05
Besides, the reason why you still get the empty file when you use the format for date in the sample. startTime=2019-03-04T14:05:59.928Z&endTime=2019-03-05T14:05:59.928Z. That because Events get stored for 90 days and then they’re deleted.:
Access, export, and filter audit logs:
Auditing is turned on by default for all Azure DevOps Services organizations. You can't turn auditing off, which ensures that you never miss an actionable event. Events get stored for 90 days and then they’re deleted. However, you can back up audit events to an external location to keep the data for longer than the 90-day period.
回答2:
If you omit the time (see the first invocation below), it seems to defaults to midnight.
The issue that I think you're having is that you were using . rather than : (see the second invocation below).
Regarding your last question about .928Z, I am not sure why that didn't work, you may want to check if there's some other issue in the script, it works fine for me (see the third invocation below).
Here's some PowerShell that I wrote that will make it easier to see the issue:
function Export-AzureDevOpsAuditLog {
param (
[Parameter(Mandatory = $true)]
[String] $Outfile,
[Parameter(Mandatory = $true)]
[String] $PersonalToken,
[Parameter(Mandatory = $true)]
[String] $Organization,
[Parameter(Mandatory = $true)]
[String] $StartTime,
[Parameter(Mandatory = $true)]
[String] $EndTime
)
$api_version = '6.1-preview.1'
$token = [System.Convert]::ToBase64String([System.Text.Encoding]::ASCII.GetBytes(":$($PersonalToken)"))
$headers = @{authorization = "Basic $token" }
$uri = "https://auditservice.dev.azure.com/$Organization/_apis/audit/downloadlog?format=csv&startTime=$StartTime&endTime=$EndTime&api-version=$api_version"
$result = Invoke-RestMethod -uri $uri -Headers $headers -Method Get -OutFile $Outfile
}
$organization = 'REDACTED'
$outfile1 = '.\AzureDevOpsAuditLog-1.csv'
$outfile2 = '.\AzureDevOpsAuditLog-2.csv'
$outfile3 = '.\AzureDevOpsAuditLog-3.csv'
$personalToken = 'REDACTED'
Export-AzureDevOpsAuditLog -Outfile $outfile1 -PersonalToken $personalToken -Organization $organization -StartTime '2020-10-23' -EndTime '2020-10-24'
Export-AzureDevOpsAuditLog -Outfile $outfile2 -PersonalToken $personalToken -Organization $organization -StartTime '2020-10-24T02:00:00' -EndTime '2020-10-24T05:00:00'
Export-AzureDevOpsAuditLog -Outfile $outfile3 -PersonalToken $personalToken -Organization $organization -StartTime '2020-10-24T02:00:00.928Z' -EndTime '2020-10-24T05:00:00.928Z'
来源:https://stackoverflow.com/questions/64510841/azure-devops-audit-logs-download-rest-api-not-downloading-filtered-data-for-give