Access to EAA security events and logs.
Alias: l
- Command description
- View access log in tail mode
- View access log with specific date/time boundaries
- Send access logs to a file
- Audit logs
EAA comes with two types of logs, the user access logs and the administrator audit logs. For detailed description for each event field, refer to the product documentation on https://techdocs.akamai.com.
You can retrieve EAA events one of these ways:
- in near realtime using the argument
-for--tail. If you set-fand date range, the-foption will be ignored. - retrieve a period of time based on EPOCH timestamp in
--startand--end - tune the acceptable delay vs. completeness with
--delay. We recommend 10 minutes delay for full completeness.
You can also export this data feed into your own SIEM with (Akamai Unified Log Streamer)[https://github.com/akamai/uls].
Pull user access logs, block until new logs are received. You can stop using Control+C (Control+Break) or sending a SIG_INT or SIG_TERM signal to the process.
$ akamai eaa log access --tailYou may want a one time chunk of log for a period of time, for example, the last 6 hours:
$ START=$(bc <<< "$(date +%s) - 6 * 60 * 60")
$ akamai eaa log access -s $STARTOn Windows platforms, you can use PowerShell:
PS /home/cli-eaa> $START = (Get-Date -UFormat %s) - 6 * 60 * 60
PS /home/cli-eaa> akamai eaa log access -s $STARTSend the user access events to a file (utf-8 encoding is being used):
$ akamai eaa log access --tail -o /tmp/eaa_access.logPull admin audit events, block till new logs are received
$ akamai eaa log admin --tail