Hello all,
I’m trying to find a way to download all IDM logs and create reports from them (eg all logins 30, 60, 90, x days, failed logins, locked accounts, etc).
I’ve looked through the IDM docs and all I can find are basic curl commands and instructions to hit monitoring/logs endpoints.
Is there a way to download these logs? Or do I even need to download them to create reports? Any help would be greatly appreciated!
Relevant information to collect logs from Identity Cloud is effectively documented at Get audit and debug logs :: ForgeRock Identity Cloud Docs. . This endpoint is intended to be used to integrate with an SIEM (such as Splunk) - from there you can then produce the desirable report.
Regards
Patrick
Thank you for your response. I have looked into that doc but I need to create a POC report generated using JS scripting for now. I am unsure if my team will be allowed to use Splunk for now.
Is there a way to make api calls to the logs via scripting in JS?
Look into frodo-lib as an example: https://github.com/rockcarver/frodo-lib/blob/f1668595c7440161bed631e4739a9b33fd2f4f97/src/ops/cloud/LogOps.ts#L552C30-L552C30
I recommend you use fetch rather than tail as with the latter, logs could be missed, or duplicates generated.
Regards
Patrick