It’s been a while since I’ve posted. Way too long. I’ve had this script for quite a while that I wanted to share with the world. LogicMonitor is releasing a new REST API which requires some session based login. This script helps you obtain that session and download the audit log for the last hour. You’ll have to modify your timezone settings (in the AddHours lines, currently set for EST).

Here’s the script:

$user = "username"
$pass= "P@ssw0rd"

#get epoch time for current and x hours before
$date1 = Get-Date -Date "01/01/1970"
#get start time
$date2 = (Get-Date).AddHours(4)
$epochStart= (New-TimeSpan -Start $date1 -End $date2).TotalSeconds
#get end time
$date2 = (Get-Date).AddHours(5)
$epochEnd= (New-TimeSpan -Start $date1 -End $date2).TotalSeconds
#round the time to not have decimals
$epochStart= [math]::Round($epochStart)
$epochEnd= [math]::Round($epochEnd)

$filter = "_all~update" #check LM documentation on filters
$fields = "username,happenedOnLocal,description"
#build uri for access logs
$uri = "https://{account}.logicmonitor.com/santaba/rest/setting/accesslogs?sort=-happenedOn&filter=$filter,happenedOn>:$epochStart&fields=$fields"
#build base64Auth for the header
$base64AuthInfo = [Convert]::ToBase64String([Text.Encoding]::ASCII.GetBytes(("{0}:{1}" -f $user,$pass)))
#get the events
$events = Invoke-RestMethod -Headers @{Authorization=("Basic {0}" -f $base64AuthInfo)} -Uri $uri
$events #display events that were gathered