I am trying to audit all the users issuing Session Relevance calls against the WebReport API or the Root Server REST APi api/query endpoint. I’m running v9.5.13
For WebReports it looks like they are recorded in the \BES Server<date>.log file.
But I know of a script hitting 52311/api/query?output=json&relevance=… but there is no record of that user in the server_audit.log on the Root server, yet that log lists many other “Success log in. (API Connection)” events.
Does the audit_log not record connections for that endpoint?