Skip to main content
A newer release of this product is available.

Create an S3 audit configuration

Contributors
PDFs

POST /protocols/audit/{svm.uuid}/object-store

Introduced In: 9.10

Creates an S3 audit configuration.

Required properties

  • log_path - Path in the owning SVM namespace that is used to store audit logs.

Default property values

If not specified in POST, the following default property values are assigned:

  • enabled - true

  • events.data - true

  • events.management - false

  • log.format - json

  • log.retention.count - 0

  • log.retention.duration - PT0S

  • log.rotation.size - 100MB

  • log.rotation.now - false

  • vserver object-store-server audit create

  • vserver object-store-server audit enable

Learn more

Parameters

Name Type In Required Description

return_timeout

integer

query

False

The number of seconds to allow the call to execute before returning. When doing a POST, PATCH, or DELETE operation on a single record, the default is 0 seconds. This means that if an asynchronous operation is started, the server immediately returns HTTP code 202 (Accepted) along with a link to the job. If a non-zero value is specified for POST, PATCH, or DELETE operations, ONTAP waits that length of time to see if the job completes so it can return something other than 202.

  • Default value: 1

  • Max value: 120

  • Min value: 0

svm.uuid

string

path

True

UUID of the SVM to which this object belongs.

Request Body

Name Type Description

enabled

boolean

Specifies whether or not auditing is enabled on the SVM.

events

events

log

s3_log

log_path

string

The audit log destination path where consolidated audit logs are stored.

svm

svm
Example request 
{
  "log": {
    "_links": {
      "self": {
        "href": "/api/resourcelink"
      }
    },
    "format": "string",
    "retention": {
      "duration": "P4DT12H30M5S"
    },
    "rotation": {
      "schedule": {
        "days": [
          "integer"
        ],
        "hours": [
          "integer"
        ],
        "minutes": [
          "integer"
        ],
        "months": [
          "integer"
        ],
        "weekdays": [
          "integer"
        ]
      }
    }
  },
  "log_path": "string",
  "svm": {
    "_links": {
      "self": {
        "href": "/api/resourcelink"
      }
    },
    "name": "svm1",
    "uuid": "02c9e252-41be-11e9-81d5-00a0986138f7"
  }
}

Response

Status: 202, Accepted
Name Type Description

_links

_links

num_records

integer

Number of records

records

array[s3_audit]
Example response 
{
  "_links": {
    "next": {
      "href": "/api/resourcelink"
    },
    "self": {
      "href": "/api/resourcelink"
    }
  },
  "records": [
    {
      "log": {
        "_links": {
          "self": {
            "href": "/api/resourcelink"
          }
        },
        "format": "string",
        "retention": {
          "duration": "P4DT12H30M5S"
        },
        "rotation": {
          "schedule": {
            "days": [
              "integer"
            ],
            "hours": [
              "integer"
            ],
            "minutes": [
              "integer"
            ],
            "months": [
              "integer"
            ],
            "weekdays": [
              "integer"
            ]
          }
        }
      },
      "log_path": "string",
      "svm": {
        "_links": {
          "self": {
            "href": "/api/resourcelink"
          }
        },
        "name": "svm1",
        "uuid": "02c9e252-41be-11e9-81d5-00a0986138f7"
      }
    }
  ]
}

Error

Status: Default

ONTAP Error Response Codes

Error Code Description

140902401

Failed to create an audit configuration for the SVM.

140902402

Audit configuration is already present.

140902402

Audit configuration is already enabled.

140902403

Failed to create staging volume.

140902415

Failed to modify an audit configuration because no audit configuration exists for the SVM.

140902416

Failed to modify audit configuration for SVM.

140902422

Final consolidation is in progress, audit delete failed.

140902423

Failed to delete the audit configuration for the SVM.

140902425

Audit configuration is not available for disabling.

140902430

Audit configuration is not available for enabling.

140902431

Audit enable failed, audit configuration already enabled for the SVM.

140902432

Final consolidation is in progress, audit enable failed.

140902445

Audit disable failed, audit configuration does not exist for the SVM.

140902446

Audit disable failed, audit configuration does not exist for the SVM.

140902447

Audit disable failed.

140902456

The specified log_path does not exist.

140902457

The log_path must be a directory.

140902458

The log_path must be a canonical path in the SVM's namespace.

140902459

The log_path cannot be empty.

140902460

Rotate size must be greater than or equal to 1024 KB.

140902461

The destination path must not contain a symbolic link.

140902470

The log_path exceeds a maximum supported length of characters.

140902471

The log_path contains an unsupported read-only (DP/LS) volume.

140902472

The log_path is not a valid destination for the SVM.

140902474

The log_path contains an unsupported Snaplock volume.

140902478

The log_path validation failed.

140902478

The log_path cannot be accessed for validation.

140902490

Audit configuration is absent for rotate.

140902491

Failed to rotate audit log.

140902492

Cannot rotate audit log, auditing is not enabled for this SVM.

ONTAP Error Response Codes

Error Code Description

9699340

SVM UUID lookup failed

9699407

Additional fields are provided
Name Type Description

error

error
Example error 
{
  "error": {
    "arguments": [
      {
        "code": "string",
        "message": "string"
      }
    ],
    "code": "4",
    "message": "entry doesn't exist",
    "target": "uuid"
  }
}

Definitions

See Definitions

events

Name Type Description

data

boolean

Data events

management

boolean

Management events

href

Name Type Description

href

string

_links

Name Type Description

self

href

retention

Name Type Description

count

integer

Determines how many audit log files to retain before rotating the oldest log file out. This is mutually exclusive with "duration".

duration

string

Specifies an ISO-8601 format date and time to retain the audit log file. The audit log files are deleted once they reach the specified date/time. This is mutually exclusive with "count".

audit_schedule

Rotates the audit logs based on a schedule by using the time-based rotation parameters in any combination. The rotation schedule is calculated by using all the time-related values.

Name Type Description

days

array[integer]

Specifies the day of the month schedule to rotate audit log. Leave empty for all.

hours

array[integer]

Specifies the hourly schedule to rotate audit log. Leave empty for all.

minutes

array[integer]

Specifies the minutes schedule to rotate the audit log.

months

array[integer]

Specifies the months schedule to rotate audit log. Leave empty for all.

weekdays

array[integer]

Specifies the weekdays schedule to rotate audit log. Leave empty for all.

rotation

Audit event log files are rotated when they reach a configured threshold log size or are on a configured schedule. When an event log file is rotated, the scheduled consolidation task first renames the active converted file to a time-stamped archive file, and then creates a new active converted event log file.

Name Type Description

now

boolean

Manually rotates the audit logs. Optional in PATCH only. Not available in POST.

schedule

audit_schedule

Rotates the audit logs based on a schedule by using the time-based rotation parameters in any combination. The rotation schedule is calculated by using all the time-related values.

size

integer

Rotates logs based on log size in bytes.

s3_log

Name Type Description

_links

_links

format

string

Format in which the logs are generated by the consolidation process. Possible values are:

  • json - ONTAP-specific Json log format.

    • Default value: 1

    • enum: ["json"]

    • Introduced in: 9.10

retention

retention

rotation

rotation

Audit event log files are rotated when they reach a configured threshold log size or are on a configured schedule. When an event log file is rotated, the scheduled consolidation task first renames the active converted file to a time-stamped archive file, and then creates a new active converted event log file.

svm

Name Type Description

_links

_links

name

string

The name of the SVM.

uuid

string

The unique identifier of the SVM.

s3_audit

Auditing for NAS events is a security measure that enables you to track and log certain S3 events on SVMs.

Name Type Description

enabled

boolean

Specifies whether or not auditing is enabled on the SVM.

events

events

log

s3_log

log_path

string

The audit log destination path where consolidated audit logs are stored.

svm

svm

_links

Name Type Description

next

href

self

href

error_arguments

Name Type Description

code

string

Argument code

message

string

Message argument

error

Name Type Description

arguments

array[error_arguments]

Message arguments

code

string

Error code

message

string

Error message

target

string

The target parameter that caused the error.