REST API reference
Retrieve audit configurations
Suggest changes
PDFs
GET /protocols/audit
Introduced In: 9.6
Retrieves audit configurations.
Related ONTAP commands
-
vserver audit show
Learn more
Parameters
| Name | Type | In | Required | Description |
|---|---|---|---|---|
guarantee |
boolean |
query |
False |
Filter by guarantee
|
log_path |
string |
query |
False |
Filter by log_path |
enabled |
boolean |
query |
False |
Filter by enabled |
log.format |
string |
query |
False |
Filter by log.format |
log.retention.count |
integer |
query |
False |
Filter by log.retention.count |
log.retention.duration |
string |
query |
False |
Filter by log.retention.duration |
log.rotation.schedule.months |
integer |
query |
False |
Filter by log.rotation.schedule.months |
log.rotation.schedule.days |
integer |
query |
False |
Filter by log.rotation.schedule.days |
log.rotation.schedule.hours |
integer |
query |
False |
Filter by log.rotation.schedule.hours |
log.rotation.schedule.minutes |
integer |
query |
False |
Filter by log.rotation.schedule.minutes |
log.rotation.schedule.weekdays |
integer |
query |
False |
Filter by log.rotation.schedule.weekdays |
log.rotation.size |
integer |
query |
False |
Filter by log.rotation.size |
svm.uuid |
string |
query |
False |
Filter by svm.uuid |
svm.name |
string |
query |
False |
Filter by svm.name |
events.authorization_policy |
boolean |
query |
False |
Filter by events.authorization_policy |
events.cifs_logon_logoff |
boolean |
query |
False |
Filter by events.cifs_logon_logoff |
events.user_account |
boolean |
query |
False |
Filter by events.user_account |
events.cap_staging |
boolean |
query |
False |
Filter by events.cap_staging |
events.security_group |
boolean |
query |
False |
Filter by events.security_group |
events.file_operations |
boolean |
query |
False |
Filter by events.file_operations |
events.file_share |
boolean |
query |
False |
Filter by events.file_share |
fields |
array[string] |
query |
False |
Specify the fields to return. |
max_records |
integer |
query |
False |
Limit the number of records returned. |
return_records |
boolean |
query |
False |
The default is true for GET calls. When set to false, only the number of records is returned.
|
return_timeout |
integer |
query |
False |
The number of seconds to allow the call to execute before returning. When iterating over a collection, the default is 15 seconds. ONTAP returns earlier if either max records or the end of the collection is reached.
|
order_by |
array[string] |
query |
False |
Order results by specified fields and optional [asc |
Response
Status: 200, Ok| Name | Type | Description |
|---|---|---|
_links |
||
num_records |
integer |
Number of records |
records |
array[audit] |
Example response
{
"_links": {
"next": {
"href": "/api/resourcelink"
},
"self": {
"href": "/api/resourcelink"
}
},
"records": [
{
"guarantee": "",
"log": {
"_links": {
"self": {
"href": "/api/resourcelink"
}
},
"format": "string",
"retention": {
"duration": "P4DT12H30M5S"
},
"rotation": {
"schedule": {
"days": [
"integer"
],
"hours": [
"integer"
],
"minutes": [
"integer"
],
"months": [
"integer"
],
"weekdays": [
"integer"
]
}
}
},
"log_path": "string",
"svm": {
"_links": {
"self": {
"href": "/api/resourcelink"
}
},
"name": "svm1",
"uuid": "02c9e252-41be-11e9-81d5-00a0986138f7"
}
}
]
}Error
Status: Default, Error| Name | Type | Description |
|---|---|---|
error |
Example error
{
"error": {
"arguments": [
{
"code": "string",
"message": "string"
}
],
"code": "4",
"message": "entry doesn't exist",
"target": "uuid"
}
}Definitions
See Definitions
href
| Name | Type | Description |
|---|---|---|
href |
string |
_links
| Name | Type | Description |
|---|---|---|
next |
||
self |
events
| Name | Type | Description |
|---|---|---|
authorization_policy |
boolean |
Authorization policy change events |
cap_staging |
boolean |
Central access policy staging events |
cifs_logon_logoff |
boolean |
CIFS logon and logoff events |
file_operations |
boolean |
File operation events |
file_share |
boolean |
File share category events |
security_group |
boolean |
Local security group management events |
user_account |
boolean |
Local user account management events |
_links
| Name | Type | Description |
|---|---|---|
self |
retention
| Name | Type | Description |
|---|---|---|
count |
integer |
Determines how many audit log files to retain before rotating the oldest log file out. This is mutually exclusive with duration. |
duration |
string |
Specifies an ISO-8601 format date and time to retain the audit log file. The audit log files are deleted once they reach the specified date/time. This is mutually exclusive with count. |
audit_schedule
Rotates the audit logs based on a schedule by using the time-based rotation parameters in any combination. The rotation schedule is calculated by using all the time-related values.
| Name | Type | Description |
|---|---|---|
days |
array[integer] |
Specifies the day of the month schedule to rotate audit log. Leave empty for all. |
hours |
array[integer] |
Specifies the hourly schedule to rotate audit log. Leave empty for all. |
minutes |
array[integer] |
Specifies the minutes schedule to rotate the audit log. |
months |
array[integer] |
Specifies the months schedule to rotate audit log. Leave empty for all. |
weekdays |
array[integer] |
Specifies the weekdays schedule to rotate audit log. Leave empty for all. |
rotation
Audit event log files are rotated when they reach a configured threshold log size or are on a configured schedule. When an event log file is rotated, the scheduled consolidation task first renames the active converted file to a time-stamped archive file, and then creates a new active converted event log file.
| Name | Type | Description |
|---|---|---|
now |
boolean |
Manually rotates the audit logs. Optional in PATCH only. Not available in POST. |
schedule |
Rotates the audit logs based on a schedule by using the time-based rotation parameters in any combination. The rotation schedule is calculated by using all the time-related values. |
|
size |
integer |
Rotates logs based on log size in bytes. |
log
| Name | Type | Description |
|---|---|---|
_links |
||
format |
string |
The format in which the logs are generated by consolidation process. Possible values are:
|
retention |
||
rotation |
Audit event log files are rotated when they reach a configured threshold log size or are on a configured schedule. When an event log file is rotated, the scheduled consolidation task first renames the active converted file to a time-stamped archive file, and then creates a new active converted event log file. |
svm
| Name | Type | Description |
|---|---|---|
_links |
||
name |
string |
The name of the SVM. |
uuid |
string |
The unique identifier of the SVM. |
audit
Auditing for NAS events is a security measure that enables you to track and log certain CIFS and NFS events on SVMs.
| Name | Type | Description |
|---|---|---|
enabled |
boolean |
Specifies whether or not auditing is enabled on the SVM. |
events |
||
guarantee |
boolean |
Indicates whether there is a strict Guarantee of Auditing |
log |
||
log_path |
string |
The audit log destination path where consolidated audit logs are stored. |
svm |
error_arguments
| Name | Type | Description |
|---|---|---|
code |
string |
Argument code |
message |
string |
Message argument |
error
| Name | Type | Description |
|---|---|---|
arguments |
array[error_arguments] |
Message arguments |
code |
string |
Error code |
message |
string |
Error message |
target |
string |
The target parameter that caused the error. |