Skip to main content
This log contains records about events related to the addition, deletion, and other changes made to user permissions. The logging of security events is disabled by default. This feature can only be enabled by the system administrator directly in a FlexiCapture database. For detailed information about various events recorded in the log and how to enable it, please see the Security event log article in the Administration and Monitoring Console help.
Only users with System Administrator permissions can download security event logs from System Monitor. A System Administrator is the Administrator of a default tenant.
To download this log, use a POST request. 
POST https://<server address>/FlexiCapture12/Monitoring/Tenant/GetSecurityEventsCSV

Request parameters

  1. All parameters are required. Make sure that they are specified correctly.
  2. The search in Oracle Database is case sensitive. Please, take it into account if you are using Oracle Database.

Name

Type

Description

filter

string

Sets the filter parameters. As a result, only logs that satisfy the filter conditions will be recorded. Only the AND and OR operators can be used to combine the conditions. Operators are specified in GeneralOperator parameter. Sample filter parameters:

filter={
“GeneralOperator”: “AND”,
“FilterItems”: [
{
“PropertyKey”: “Date”,
“PropertyOperator”: “BETWEEN”,
“PropertyValues”: [
“2021-08-28”,
“00:00:00”,
“2023-09-28”,
“23:59:59”
]
}
]
}

You can find necessary values for PropertyKey and PropertyOperator parameters by creating desired filter in Administration and Monitoring Console. To do this:

  1. In browser menu click More tools -> Developer tools and go to the Network tab.
  2. Launch the Administration and Monitoring Console, go to System Monitor → Security event log, and click the button.
  3. Specify filtering criteria and click Apply.
  4. Click on GetFilteredSecurityEvent request. Filtering parameters will be listed on Payload tab.

columnsOrder

string

List of columns that should be added to the report. Possible values are:

  • ID
  • Date
  • EventType
  • Details
  • RemoteHost
  • Principal
  • TenantName
  • Writer
  • WriterTenantName

sortColumnindex

int

Specifies the column that will be used to sort the records in the log.

sortOrder

bool

Specifies the order in which the records will be sorted:

  • true will sort the records in descending order,
  • false will sort the records in ascending order.

tenantId

int

Specifies the tenants for which records should be included into the event log. Possible values are:

  • -1 – records for all available tenants will be included into the log.
  • 0 – records for the default tenant will be included into the log.
  • 1 and greater – records for the tenant with the specified ID only will be included into the log.
You can find the example of using this API in the script. Download the script here or use the script code provided below.
The parameters in this script should be replaced with your server address and your own credentials.
# parameters

$server = "https://<server address>"

$user = "<user name>"

$password = "<password>"

#path to folder where the log will be saved

$folder = "C:\Temp\Logs\Stage"

$reportFileName = "Tenant_SecurityEvents-{0:yyMMdd-HHmmss}.csv" -f (Get-Date)

# log parameters

$requestBody = @"

filter={

"Name": "Filter",

"GeneralOperator": "AND",

"FilterItems": [

{

"PropertyKey": "Date",

"PropertyOperator": "BETWEEN",

"PropertyValues": [

"2021-08-28",

"00:00:00",

"2023-09-28",

"23:59:59"

]

}

]

}

&columnsOrder=Id,Date,EventType,Details,RemoteHost,Principal,TenantName,Writer,WriterTenantName,

&sortColumnindex=1

&sortOrder=true

&tenantId=-1

"@

#------------------------------------------------------------------------------

$tenant = "" # Only default tenant

$methodUri = "/Tenant/GetSecurityEventsCSV"

$authServer = $server

$ServerSitePath = "/FlexiCapture12/Monitoring"

function Write-Line($str, $color = "White")

{

Write-Host $str -ForegroundColor $color

}

function Join-Uri

{

param([Parameter(Mandatory, ValueFromPipeline)] [string]$parent, [string]$child)

if ($parent -eq "") {return $child;}

if ($child -eq ""){return $parent}

if ($parent.endswith("/") -or $parent.endswith("\\")) {$parent = $parent.substring(0,$parent.Length-1)}

if ($child.startswith("/") -or $child.startswith("\\")) {$child = $child.substring(1,$child.Length-1)}

return "$parent/$child"

}

function Get-AuthTicket($server, $user, $password, $tenant)

{

$tenantSuffix=""

if ($tenant -ne ''){ $tenantSuffix = "?tenant=$tenant"}

$URL = Join-Uri $authServer "/FlexiCapture12/Server/FCAuth/API/Soap$tenantSuffix"

$SOAPRequest = '<?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"><soap:Body><FindUser xmlns="urn:http://www.abbyy.com/FlexiCapture"><userLogin>user</userLogin></FindUser></soap:Body></soap:Envelope>'

$Headers = @{

'SOAPAction' = '"#FindUser"'

'Content-Type' = 'text/xml; charset=utf-8'

'Authorization' = "Basic $([System.Convert]::ToBase64String([System.Text.Encoding]::ASCII.GetBytes("$($user):$($password)")))"}

try

{

$response1 = Invoke-WebRequest -Uri $URL -Headers $Headers -Body $SOAPRequest -Method 'POST'

return $response1.Headers['AuthTicket']

}

catch{

Write-Line -str "Couldn't get 'AuthTicket': $_" -color "Red"

return ""

}

}

function Download-CSVReport($server, $tenant, $authTicket, $methodUri, $requestBody, $folder, $reportFileName)

{

$reportFullFilePath = Join-Path $folder $reportFileName

#create folder silent (if not exist)

New-Item -ItemType Directory -Force -Path $folder | Out-Null

if ($authTicket -eq "" -or $authTicket -eq $null)

{

Write-Line -str "Couldn't get 'CSV-Report'" -color "Red"

}

else

{

$header = @{ "Accept" = "*/*"}

$session = [Microsoft.PowerShell.Commands.WebRequestSession]::new()

$session.Cookies.Add($server, [System.NET.Cookie]::new('FlexiCaptureTmpPrn', "Ticket=$authTicket"))

$tenantInUrl=""

if ($tenant -ne '') { $tenantInUrl = "/$tenant"}

$uri = Join-Uri $server $ServerSitePath | Join-Uri -child $tenantInUrl | Join-Uri -child $methodUri

try{

$response = Invoke-WebRequest -Uri $uri -Method 'POST' -Headers $header -WebSession $session -Body $requestBody -OutFile $reportFullFilePath -MaximumRedirection 0 -ErrorAction Ignore -PassThru

if ($response.StatusCode -lt 300)

{

Write-Line "CSV-Report done: $reportFullFilePath" "Green"

}

else

{

Write-Line -str "HttpStatus $($response.StatusCode) in getting CSV-Report." -color "Red"

}

}

catch{

Write-Line -str "Couldn't get CSV-Report: $_" -color "Red"

return ""

}

}

}

$authTicket = Get-AuthTicket -server $server -user $user -password $password -tenant $tenant

Download-CSVReport -server $server -tenant $tenant -authTicket $authTicket -methodUri $methodUri -requestBody $requestBody -folder $folder -reportFileName $reportFileName