Skip to main content
A newer release of this product is available.

Creates security trace filter entries

Contributors

POST /protocols/file-access-tracing/filters

Introduced In: 9.8

Creates security trace filter entries.

  • vserver security trace filter create

Parameters

Name Type In Required Description

return_records

boolean

query

False

The default is false. If set to true, the records are returned.

  • Default value:

Request Body

Name Type Description

client_ip

string

Specifies the IP address from which the client accesses the file or directory.

enabled

boolean

Specifies whether to enable or disable the filter. Filters are enabled by default and are deleted after 60 mins.

index

integer

Position of the file access tracing filter.

path

string

Specifies the path for which permission tracing can be applied. The value can be complete path from root of CIFS share or root of volume for NFS.

protocol

string

Specifies the protocol for which permission trace is required.

svm

svm_reference

SVM, applies only to SVM-scoped objects.

trace_allowed_ops

boolean

Specifies if the filter can trace file access denied and allowed events. The value of trace-allow is false by default, and it traces access denied events. The value is set to true for tracing access allowed events.

unix_user

string

Specifies the UNIX username whose access requests you want to trace. The filter would match only if the request is received with this user.

windows_user

string

Specifies the Windows username whose access requests you want to trace. The filter would match only if the request is received with this user.

Example request
{
  "client_ip": "10.140.68.143",
  "index": 1,
  "path": "/dir1/dir2",
  "protocol": "string",
  "svm": {
    "_links": {
      "self": {
        "href": "/api/resourcelink"
      }
    },
    "name": "svm1",
    "uuid": "02c9e252-41be-11e9-81d5-00a0986138f7"
  },
  "unix_user": "root",
  "windows_user": "cifs1/administrator"
}

Response

Status: 201, Created
Name Type Description

_links

collection_links

num_records

integer

Number of records

records

array[file_access_filter]

Example response
{
  "_links": {
    "next": {
      "href": "/api/resourcelink"
    },
    "self": {
      "href": "/api/resourcelink"
    }
  },
  "records": [
    {
      "client_ip": "10.140.68.143",
      "index": 1,
      "path": "/dir1/dir2",
      "protocol": "string",
      "svm": {
        "_links": {
          "self": {
            "href": "/api/resourcelink"
          }
        },
        "name": "svm1",
        "uuid": "02c9e252-41be-11e9-81d5-00a0986138f7"
      },
      "unix_user": "root",
      "windows_user": "cifs1/administrator"
    }
  ]
}

Error

Status: Default, Error
Name Type Description

error

error

Example error
{
  "error": {
    "arguments": [
      {
        "code": "string",
        "message": "string"
      }
    ],
    "code": "4",
    "message": "entry doesn't exist",
    "target": "uuid"
  }
}

Definitions

See Definitions

href

Name Type Description

href

string

Name Type Description

self

href

svm_reference

SVM, applies only to SVM-scoped objects.

Name Type Description

_links

_links

name

string

The name of the SVM.

uuid

string

The unique identifier of the SVM.

file_access_filter

ONTAP allows creation of filters for file access tracing for both CIFS and NFS. These filters have protocols, path, username and client IP based on which file access operations are logged.

Name Type Description

client_ip

string

Specifies the IP address from which the client accesses the file or directory.

enabled

boolean

Specifies whether to enable or disable the filter. Filters are enabled by default and are deleted after 60 mins.

index

integer

Position of the file access tracing filter.

path

string

Specifies the path for which permission tracing can be applied. The value can be complete path from root of CIFS share or root of volume for NFS.

protocol

string

Specifies the protocol for which permission trace is required.

svm

svm_reference

SVM, applies only to SVM-scoped objects.

trace_allowed_ops

boolean

Specifies if the filter can trace file access denied and allowed events. The value of trace-allow is false by default, and it traces access denied events. The value is set to true for tracing access allowed events.

unix_user

string

Specifies the UNIX username whose access requests you want to trace. The filter would match only if the request is received with this user.

windows_user

string

Specifies the Windows username whose access requests you want to trace. The filter would match only if the request is received with this user.

Name Type Description

next

href

self

href

error_arguments

Name Type Description

code

string

Argument code

message

string

Message argument

error

Name Type Description

arguments

array[error_arguments]

Message arguments

code

string

Error code

message

string

Error message

target

string

The target parameter that caused the error.