Feeds User Access Events

Use the Feeds user access events feed operations to get information about user access events for the Rackspace Cloud Feeds service.

Get feed for Cloud Feeds events

GET /feeds_access/events/{tid}

This operation obtains the most recent events for this product's feed.

Request

The following table shows the header parameters for the request:

NameTypeDescription
ACCEPTAcceptheadertype (Required)Specifies the type of Accept header to be used in the request.

The following table shows the URI parameters for the request:

NameTypeDescription
{tid}StringSpecifies the tenant Id.

The following table shows the query parameters for the request:

NameTypeDescription
markerAnyuri (Optional)Specifies the entry from which the feed is read. If no value is specified, forward is used by default.
limitInt (Optional)Specifies the number of entries to return. By default the limit is set to 25. The minimum limit is 1 and the maximum limit is 1,000.
directionString (Optional)Valid values for this parameter are either backward or forward.

This operation does not accept a request body.

Response

The following table shows the possible response codes for this
operation.

Response CodeNameDescription
200OKThe request succeeded.
400Bad RequestThe request is missing one or more elements, or the values of some elements are invalid.
401UnauthorizedAuthentication failed, or the user does not have permissions for a requested operation.
404Not FoundThe requested resource was not found.
429Rate LimitedToo many requests. Wait and retry.
500Internal Server ErrorThe server encountered an unexpected condition which prevented it from fulfilling the request.
503Service UnavailableService is not available. Try again later.

Get Feeds access event by ID

GET /feeds_access/events/{tid}/entries/{id}

This http request fetches one particular event whose ID is listed in the
URI.

Request

The following table shows the header parameters for the request:

NameTypeDescription
ACCEPTAcceptheadertype (Required)

The following table shows the URI parameters for the request:

NameTypeDescription
{tid}StringSpecifies the tenant Id.
{id}Anyuri<urn:uuid:676f3860-447c-> 40a3-8f61-9791819cc82f

This operation does not accept a request body.

Message samples

The following examples show the XML and JSON messages for each event
message type.

User access event message

Specifies the message for a user access event.

The following table describes attributes for the event message.

Element NameDescriptionTypeOptionality
regionIdentifies the region, for example, DFW. If the value of the element is empty GLOBAL will be assumed.stringRequired
datacenterIdentifies the datacenter of the event, for example, DFW3. If the value of the element is empty GLOBAL will be assumed.stringRequired
methodLabelAn optional field to indicate the method used for the request.stringOptional
requestURLRequest url with any query string truncated.stringRequired
queryStringAn optional field. Query string is the part of a uri containing data which is added to a base uri.stringOptional
tenantIdIdentifies the tenant ID.stringRequired
responseMessageAn optional field containing the response message.stringOptional
userNameThe username that the initiator is acting on behalf of (which might be themselves)stringRequired
rolesComma separated list of rolesstringRequired

XML Sample

<?xml version="1.0" encoding="UTF-8"?>
<?atom feed="feeds_access/events functest1/events"?>
<atom:entry xmlns:atom="http://www.w3.org/2005/Atom"
      xmlns:xsd="http://www.w3.org/2001/XMLSchema"
      xmlns="http://www.w3.org/2001/XMLSchema">
  <atom:title>UserAccessEvent</atom:title>
  <atom:content type="application/xml">
    <cadf:event xmlns:cadf="http://schemas.dmtf.org/cloud/audit/1.0/event"
          xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance'
          xmlns:ua="http://feeds.api.rackspacecloud.com/cadf/user-access-event"
          id="6fa234aea93f38c26fa234aea93f38c4"
          eventType="activity"
          typeURI="http://schemas.dmtf.org/cloud/audit/1.0/event"
          eventTime="2015-03-12T13:20:00-05:00"
          action="read/get"
          outcome="success">
      <!--racker -->
      <cadf:initiator id="10.1.2.3" typeURI="network/node" name="jackhandy">
        <cadf:host address="10.1.2.3" agent="curl/7.8 (i386-redhat-linux-gnu) libcurl 7.8" />
      </cadf:initiator>
      <cadf:target id="ord.feeds.api.rackspacecloud.com" typeURI="service" name="feeds" >
        <cadf:host address="ord.feeds.api.rackspacecloud.com" />
      </cadf:target>
      <cadf:attachments>
        <cadf:attachment name="auditData" contentType="ua:auditData">
          <cadf:content>
            <ua:auditData version="1">
              <ua:region>DFW</ua:region>
              <ua:dataCenter>DFW1</ua:dataCenter>
              <ua:methodLabel>usage</ua:methodLabel>
              <ua:requestURL>https://ord.feeds.api.rackspacecloud.com/sites/events</ua:requestURL>
              <ua:queryString>limit=10</ua:queryString>
              <ua:tenantId>123456</ua:tenantId>
              <ua:responseMessage>OK</ua:responseMessage>
              <ua:userName>jackhandy</ua:userName>
              <ua:roles>cloudfeeds-observer</ua:roles>
            </ua:auditData>
          </cadf:content>
        </cadf:attachment>
      </cadf:attachments>
      <cadf:observer id="feeds-1-1" name="repose-7.1.1.1" typeURI="service/security">
        <cadf:host address="repose" />
      </cadf:observer>
      <cadf:reason reasonCode="200"
             reasonType="http://www.iana.org/assignments/http-status-codes/http-status-codes.xml"/>
    </cadf:event>
  </atom:content>
</atom:entry>

JSON Sample

{
  "entry": {
    "@type": "http:\/\/www.w3.org\/2005\/Atom",
    "category": [
      {
        "term": "tid:5821027"
      },
      {
        "term": "rgn:DFW"
      },
      {
        "term": "dc:DFW1"
      },
      {
        "term": "username:jackhandy"
      }
    ],
    "content": {
      "event": {
        "action": "read\/get",
        "attachments": [
          {
            "content": {
              "auditData": {
                "dataCenter": "DFW1",
                "methodLabel": "usage",
                "queryString": "limit=10",
                "region": "DFW",
                "requestURL": "https:\/\/ord.feeds.api.rackspacecloud.com\/sites\/events",
                "responseMessage": "OK",
                "roles": "cloudfeeds-observer",
                "tenantId": "5821027",
                "userName": "jackhandy",
                "version": "1"
              }
            },
            "contentType": "ua:auditData",
            "name": "auditData"
          }
        ],
        "eventTime": "2015-03-12T13:20:00-05:00",
        "eventType": "activity",
        "id": "6fa234aea93f38c26fa234aea93f38c4",
        "initiator": {
          "host": {
            "address": "10.1.2.3",
            "agent": "curl\/7.8 (i386-redhat-linux-gnu) libcurl 7.8"
          },
          "id": "10.1.2.3",
          "name": "jackhandy",
          "typeURI": "network\/node"
        },
        "observer": {
          "host": {
            "address": "repose"
          },
          "id": "feeds-1-1",
          "name": "repose-7.1.1.1",
          "typeURI": "service\/security"
        },
        "outcome": "success",
        "reason": {
          "reasonCode": 200,
          "reasonType": "http:\/\/www.iana.org\/assignments\/http-status-codes\/http-status-codes.xml"
        },
        "target": {
          "host": {
            "address": "ord.feeds.api.rackspacecloud.com"
          },
          "id": "ord.feeds.api.rackspacecloud.com",
          "name": "feeds",
          "typeURI": "service"
        },
        "typeURI": "http:\/\/schemas.dmtf.org\/cloud\/audit\/1.0\/event"
      }
    },
    "id": "urn:uuid:6fa234aea93f38c26fa234aea93f38c4",
    "link": [
      {
        "href": "https:\/\/dfw.feeds.api.rackspacecloud.com\/feeds_access\/events\/entries\/urn:uuid:6fa234aea93f38c26fa234aea93f38c4",
        "rel": "self"
      }
    ],
    "published": "2015-04-22T17:22:53.094Z",
    "title": {
      "@text": "UserAccessEvent",
      "type": "text"
    },
    "updated": "2015-04-22T17:22:53.094Z"
  }
}

Response

The following table shows the possible response codes for this
operation.

Response CodeNameDescription
200OKThe request completed successfully
400Bad RequestThe request is missing one or more elements, or the values of some elements are invalid.
401UnauthorizedAuthentication failed, or the user does not have permissions for a requested operation.
429Rate LimitedToo many requests. Wait and retry.
500Internal Server ErrorThe server encountered an unexpected condition which prevented it from fulfilling the request.
503Service UnavailableService is not available. Try again later.