Get New Log Entries main.eventlog.tail
If you are developing integrations for Bitrix24 using AI tools (Codex, Claude Code, Cursor), connect to the MCP server so that the assistant can utilize the official REST documentation.
Scope:
mainWho can execute the method: administrator
The method main.eventlog.tail returns new log entries that appeared after the specified cursor reference point, considering the filter.
Method Parameters
Required parameters are marked with *
|
Name |
Description |
|
select |
List of fields to return in the response. Available fields:
|
|
filter |
Conditions for filtering records in the format:
Available fields are similar to those in |
|
cursor |
Reference point for retrieving new records:
|
Code Examples
How to Use Examples in Documentation
The new API call differs by adding the /api/ parameter in the request:
https://{installation_address}/rest/api/{user_id}/{webhook_token}/main.eventlog.tail
curl -X POST \
-H "Content-Type: application/json" \
-H "Accept: application/json" \
-d '{"select":["id","timestampX","severity","auditTypeId","moduleId","itemId","userId","description"],"filter":[],"cursor":{"field":"id","value":446313,"order":"ASC"}}' \
https://**put_your_bitrix24_address**/rest/api/**put_your_user_id_here**/**put_your_webhook_here**/main.eventlog.tail
curl -X POST \
-H "Content-Type: application/json" \
-H "Accept: application/json" \
-d '{"select":["id","timestampX","severity","auditTypeId","moduleId","itemId","userId","description"],"filter":[],"cursor":{"field":"id","value":446313,"order":"ASC"},"auth":"**put_access_token_here**"}' \
https://**put_your_bitrix24_address**/rest/api/main.eventlog.tail
The SDK does not yet support the /rest/api/ address in calls. Use direct HTTP requests, such as via curl or fetch.
try
{
const response = await $b24.callMethod(
'main.eventlog.tail',
{
select: [
'id',
'timestampX',
'severity',
'auditTypeId',
'moduleId',
'itemId',
'userId',
'description'
],
filter: [],
cursor: {
field: 'id',
value: 446313,
order: 'ASC'
}
}
);
const result = response.getData().result;
console.log('Event log tail:', result);
}
catch( error )
{
console.error('Error:', error);
}
The SDK does not yet support the /rest/api/ address in calls. Use direct HTTP requests, such as via curl or fetch.
try {
$response = $b24Service
->core
->call(
'main.eventlog.tail',
[
'select' => [
'id',
'timestampX',
'severity',
'auditTypeId',
'moduleId',
'itemId',
'userId',
'description'
],
'filter' => [],
'cursor' => [
'field' => 'id',
'value' => 446313,
'order' => 'ASC'
]
]
);
$result = $response
->getResponseData()
->getResult();
echo 'Success: ' . print_r($result, true);
} catch (Throwable $e) {
error_log($e->getMessage());
echo 'Error: ' . $e->getMessage();
}
The SDK does not yet support the /rest/api/ address in calls. Use direct HTTP requests, such as via curl or fetch.
BX24.callMethod(
'main.eventlog.tail',
{
select: [
'id',
'timestampX',
'severity',
'auditTypeId',
'moduleId',
'itemId',
'userId',
'description'
],
filter: [],
cursor: {
field: 'id',
value: 446313,
order: 'ASC'
}
},
function(result){
console.info(result.data());
console.log(result);
}
);
The SDK does not yet support the /rest/api/ address in calls. Use direct HTTP requests, such as via curl or fetch.
require_once('crest.php');
$result = CRest::call(
'main.eventlog.tail',
[
'select' => [
'id',
'timestampX',
'severity',
'auditTypeId',
'moduleId',
'itemId',
'userId',
'description'
],
'filter' => [],
'cursor' => [
'field' => 'id',
'value' => 446313,
'order' => 'ASC'
]
]
);
echo '<PRE>';
print_r($result);
echo '</PRE>';
Response Handling
HTTP Status: 200
{
"result": {
"items": [
{
"id": 446315,
"timestampX": "2026-01-30T14:05:38+02:00",
"severity": "SECURITY",
"auditTypeId": "USER_AUTHORIZE",
"moduleId": "main",
"itemId": "1463",
"userId": 1463,
"description": "{\"userId\":1463,\"applicationId\":\"mobile\",\"applicationPasswordId\":977,\"requestId\":\"1649cc2c8540e12c1f3aeb1e670c13f8\\\"-\\\"0\",\"method\":\"appPassword\"}"
},
// ....
{
"id": 446325,
"timestampX": "2026-01-30T15:03:02+02:00",
"severity": "SECURITY",
"auditTypeId": "USER_AUTHORIZE",
"moduleId": "rest",
"itemId": "971",
"userId": 971,
"description": "{\"userId\":971,\"method\":\"rest\",\"applicationType\":\"apauth\",\"applicationId\":383,\"timePeriod\":\"2026-01-30 15\"}"
}
]
},
"time": {
"start": 1769774582,
"finish": 1769774583.014603,
"duration": 1.0146028995513916,
"processing": 0,
"date_start": "2026-01-30T15:03:02+02:00",
"date_finish": "2026-01-30T15:03:03+02:00",
"operating_reset_at": 1769775183,
"operating": 0
}
}
Returned Data
|
Name |
Description |
|
result |
Object with response data |
|
items |
Array of log entry objects |
|
items[] |
Log entry object |
|
id |
Log entry identifier |
|
timestampX |
Date and time of the event |
|
severity |
Importance level of the event |
|
auditTypeId |
Event type |
|
moduleId |
Module identifier |
|
itemId |
Object identifier |
|
remoteAddr |
IP address |
|
userAgent |
Request User-Agent |
|
requestUri |
Request URI |
|
siteId |
Site identifier |
|
userId |
User identifier |
|
guestId |
Guest identifier |
|
description |
Event description |
|
time |
Information about the request execution time |
Error Handling
HTTP Status: 400
{
"error": {
"code": "BITRIX_REST_V3_EXCEPTION_INVALIDFILTEREXCEPTION",
"message": "Unable to recognize filter expression `Cursor field id cannot be used at filter.`"
}
}
|
Name |
Description |
|
error.code |
String error code. Use it to identify the type of exception |
|
error.message |
Text description of the error |
|
error.validation |
Array with error details. Present only in data validation errors |
|
error.validation[].field |
Name of the field where the validation error occurred |
|
error.validation[].message |
Description of the error related to the specified field |
Possible Error Codes
Access Errors
Error Code: BITRIX_REST_V3_EXCEPTION_ACCESSDENIEDEXCEPTION
|
Field |
Error Description |
How to Fix |
|
|
Access denied |
No administrator rights or missing scope main |
Filtering Errors
Error Code: BITRIX_REST_V3_EXCEPTION_INVALIDFILTEREXCEPTION
|
Field |
Error Description |
How to Fix |
|
|
Unable to recognize filter expression |
Remove the field specified in |
Pagination Errors
Error Code: BITRIX_REST_V3_EXCEPTION_INVALIDPAGINATIONEXCEPTION
|
Field |
Error Description |
How to Fix |
|
|
Unable to recognize pagination parameter |
Provide a numeric |
Statuses and System Error Codes
HTTP Status: 20x, 40x, 50x
The errors described below may occur when calling any method.
|
Status |
Code |
Description |
|
|
|
An internal server error has occurred. Please contact the server administrator or Bitrix24 technical support |
|
|
|
An internal server error has occurred. Please contact the server administrator or Bitrix24 technical support |
|
|
|
The request intensity limit has been exceeded |
|
|
|
The current method is not permitted for calls using batch |
|
|
|
The maximum length of parameters passed to the batch method has been exceeded |
|
|
|
Invalid access token or webhook code |
|
|
|
The HTTPS protocol is required for method calls |
|
|
|
The REST API is blocked due to overload. This is a manual individual block; please contact Bitrix24 technical support to lift it |
|
|
|
The REST API is only available on commercial plans |
|
|
|
The user associated with the access token or webhook used to call the method lacks the necessary permissions |
|
|
|
The manifest is not available |
|
|
|
The request requires higher privileges than those provided by the webhook token |
|
|
|
The provided access token has expired |
|
|
|
The user does not have access to the application. This means that the application is installed, but the portal administrator has restricted access to this application to specific users only |
|
|
|
The public part of the site is closed. To open the public part of the site on an on-premise installation, disable the "Temporary closure of the public part of the site" option. Path to the setting: Desktop > Settings > Product Settings > Module Settings > Main Module > Temporary closure of the public part of the site |
Continue Learning
- Get the list of event log entries main.eventlog.list
- Get Event Log Entry main.eventlog.get
- Event Log: Overview of Methods