REST API reference
Create an S3 audit configuration
Suggest changes
PDFs
POST /protocols/audit/{svm.uuid}/object-store
Introduced In: 9.10
Creates an S3 audit configuration.
Required properties
-
log_path- Path in the owning SVM namespace that is used to store audit logs.
Default property values
If not specified in POST, the following default property values are assigned:
-
enabled- true -
events.data- true -
events.management- false -
log.format- json -
log.retention.count- 0 -
log.retention.duration- PT0S -
log.rotation.size- 100MB -
log.rotation.now- false
Related ONTAP commands
-
vserver object-store-server audit create -
vserver object-store-server audit enable
Learn more
Parameters
| Name | Type | In | Required | Description |
|---|---|---|---|---|
return_timeout |
integer |
query |
False |
The number of seconds to allow the call to execute before returning. When doing a POST, PATCH, or DELETE operation on a single record, the default is 0 seconds. This means that if an asynchronous operation is started, the server immediately returns HTTP code 202 (Accepted) along with a link to the job. If a non-zero value is specified for POST, PATCH, or DELETE operations, ONTAP waits that length of time to see if the job completes so it can return something other than 202.
|
svm.uuid |
string |
path |
True |
UUID of the SVM to which this object belongs. |
Request Body
| Name | Type | Description |
|---|---|---|
enabled |
boolean |
Specifies whether or not auditing is enabled on the SVM. |
events |
||
log |
||
log_path |
string |
The audit log destination path where consolidated audit logs are stored. |
svm |
Example request
{
"log": {
"_links": {
"self": {
"href": "/api/resourcelink"
}
},
"format": "json",
"retention": {
"duration": "P4DT12H30M5S"
},
"rotation": {
"schedule": {
"days": {
},
"hours": {
},
"minutes": {
},
"months": {
},
"weekdays": {
}
}
}
},
"svm": {
"_links": {
"self": {
"href": "/api/resourcelink"
}
},
"name": "svm1",
"uuid": "02c9e252-41be-11e9-81d5-00a0986138f7"
}
}Response
Status: 202, Accepted| Name | Type | Description |
|---|---|---|
_links |
||
num_records |
integer |
Number of records |
records |
array[s3_audit] |
Example response
{
"_links": {
"next": {
"href": "/api/resourcelink"
},
"self": {
"href": "/api/resourcelink"
}
},
"records": {
"log": {
"_links": {
"self": {
"href": "/api/resourcelink"
}
},
"format": "json",
"retention": {
"duration": "P4DT12H30M5S"
},
"rotation": {
"schedule": {
"days": {
},
"hours": {
},
"minutes": {
},
"months": {
},
"weekdays": {
}
}
}
},
"svm": {
"_links": {
"self": {
"href": "/api/resourcelink"
}
},
"name": "svm1",
"uuid": "02c9e252-41be-11e9-81d5-00a0986138f7"
}
}
}Error
Status: DefaultONTAP Error Response Codes
| Error Code | Description |
|---|---|
140902401 |
Failed to create an audit configuration for the SVM. |
140902402 |
Audit configuration is already present. |
140902402 |
Audit configuration is already enabled. |
140902403 |
Failed to create staging volume. |
140902415 |
Failed to modify an audit configuration because no audit configuration exists for the SVM. |
140902416 |
Failed to modify audit configuration for SVM. |
140902422 |
Final consolidation is in progress, audit delete failed. |
140902423 |
Failed to delete the audit configuration for the SVM. |
140902425 |
Audit configuration is not available for disabling. |
140902430 |
Audit configuration is not available for enabling. |
140902431 |
Audit enable failed, audit configuration already enabled for the SVM. |
140902432 |
Final consolidation is in progress, audit enable failed. |
140902445 |
Audit disable failed, audit configuration does not exist for the SVM. |
140902446 |
Audit disable failed, audit configuration does not exist for the SVM. |
140902447 |
Audit disable failed. |
140902456 |
The specified log_path does not exist. |
140902457 |
The log_path must be a directory. |
140902458 |
The log_path must be a canonical path in the SVM's namespace. |
140902459 |
The log_path cannot be empty. |
140902460 |
Rotate size must be greater than or equal to 1024 KB. |
140902461 |
The destination path must not contain a symbolic link. |
140902470 |
The log_path exceeds a maximum supported length of characters. |
140902471 |
The log_path contains an unsupported read-only (DP/LS) volume. |
140902472 |
The log_path is not a valid destination for the SVM. |
140902474 |
The log_path contains an unsupported Snaplock volume. |
140902478 |
The log_path validation failed. |
140902478 |
The log_path cannot be accessed for validation. |
140902490 |
Audit configuration is absent for rotate. |
140902491 |
Failed to rotate audit log. |
140902492 |
Cannot rotate audit log, auditing is not enabled for this SVM. |
ONTAP Error Response Codes
| Error Code | Description |
|---|---|
9699340 |
SVM UUID lookup failed |
9699407 |
Additional fields are provided |
| Name | Type | Description |
|---|---|---|
error |
Example error
{
"error": {
"arguments": {
"code": "string",
"message": "string"
},
"code": "4",
"message": "entry doesn't exist",
"target": "uuid"
}
}Definitions
See Definitions
events
| Name | Type | Description |
|---|---|---|
data |
boolean |
Data events |
management |
boolean |
Management events |
href
| Name | Type | Description |
|---|---|---|
href |
string |
_links
| Name | Type | Description |
|---|---|---|
self |
retention
| Name | Type | Description |
|---|---|---|
count |
integer |
Determines how many audit log files to retain before rotating the oldest log file out. This is mutually exclusive with "duration". |
duration |
string |
Specifies an ISO-8601 format date and time to retain the audit log file. The audit log files are deleted once they reach the specified date/time. This is mutually exclusive with "count". |
audit_schedule
Rotates the audit logs based on a schedule by using the time-based rotation parameters in any combination. The rotation schedule is calculated by using all the time-related values.
| Name | Type | Description |
|---|---|---|
days |
array[integer] |
Specifies the day of the month schedule to rotate audit log. Leave empty for all. |
hours |
array[integer] |
Specifies the hourly schedule to rotate audit log. Leave empty for all. |
minutes |
array[integer] |
Specifies the minutes schedule to rotate the audit log. |
months |
array[integer] |
Specifies the months schedule to rotate audit log. Leave empty for all. |
weekdays |
array[integer] |
Specifies the weekdays schedule to rotate audit log. Leave empty for all. |
rotation
Audit event log files are rotated when they reach a configured threshold log size or are on a configured schedule. When an event log file is rotated, the scheduled consolidation task first renames the active converted file to a time-stamped archive file, and then creates a new active converted event log file.
| Name | Type | Description |
|---|---|---|
now |
boolean |
Manually rotates the audit logs. Optional in PATCH only. Not available in POST. |
schedule |
Rotates the audit logs based on a schedule by using the time-based rotation parameters in any combination. The rotation schedule is calculated by using all the time-related values. |
|
size |
integer |
Rotates logs based on log size in bytes. |
s3_log
| Name | Type | Description |
|---|---|---|
_links |
||
format |
string |
Format in which the logs are generated by the consolidation process. Possible values are:
|
retention |
||
rotation |
Audit event log files are rotated when they reach a configured threshold log size or are on a configured schedule. When an event log file is rotated, the scheduled consolidation task first renames the active converted file to a time-stamped archive file, and then creates a new active converted event log file. |
svm
| Name | Type | Description |
|---|---|---|
_links |
||
name |
string |
The name of the SVM. |
uuid |
string |
The unique identifier of the SVM. |
s3_audit
Auditing for NAS events is a security measure that enables you to track and log certain S3 events on SVMs.
| Name | Type | Description |
|---|---|---|
enabled |
boolean |
Specifies whether or not auditing is enabled on the SVM. |
events |
||
log |
||
log_path |
string |
The audit log destination path where consolidated audit logs are stored. |
svm |
_links
| Name | Type | Description |
|---|---|---|
next |
||
self |
error_arguments
| Name | Type | Description |
|---|---|---|
code |
string |
Argument code |
message |
string |
Message argument |
error
| Name | Type | Description |
|---|---|---|
arguments |
array[error_arguments] |
Message arguments |
code |
string |
Error code |
message |
string |
Error message |
target |
string |
The target parameter that caused the error. |