Skip to main content
A newer release of this product is available.

Retrieve administrative audit log viewer

Contributors

GET /security/audit/messages

Introduced In: 9.6

Retrieves the administrative audit log viewer.

Parameters

Name Type In Required Description

session_id

string

query

False

Filter by session_id

message

string

query

False

Filter by message

scope

string

query

False

Filter by scope

svm.name

string

query

False

Filter by svm.name

timestamp

string

query

False

Filter by timestamp

command_id

string

query

False

Filter by command_id

state

string

query

False

Filter by state

node.uuid

string

query

False

Filter by node.uuid

node.name

string

query

False

Filter by node.name

application

string

query

False

Filter by application

input

string

query

False

Filter by input

user

string

query

False

Filter by user

location

string

query

False

Filter by location

index

integer

query

False

Filter by index

fields

array[string]

query

False

Specify the fields to return.

max_records

integer

query

False

Limit the number of records returned.

return_timeout

integer

query

False

The number of seconds to allow the call to execute before returning. When iterating over a collection, the default is 15 seconds. ONTAP returns earlier if either max records or the end of the collection is reached.

  • Default value: 1

  • Max value: 120

  • Min value: 0

return_records

boolean

query

False

The default is true for GET calls. When set to false, only the number of records is returned.

  • Default value: 1

order_by

array[string]

query

False

Order results by specified fields and optional [asc

Response

Status: 200, Ok
Name Type Description

_links

_links

num_records

integer

Number of records

records

array[security_audit_log]

Example response
{
  "_links": {
    "next": {
      "href": "/api/resourcelink"
    },
    "self": {
      "href": "/api/resourcelink"
    }
  },
  "records": [
    {
      "_links": {
        "self": {
          "href": "/api/resourcelink"
        }
      },
      "application": "string",
      "command_id": "string",
      "index": 0,
      "input": "string",
      "location": "string",
      "message": "string",
      "node": {
        "_links": {
          "self": {
            "href": "/api/resourcelink"
          }
        },
        "name": "node1",
        "uuid": "1cd8a442-86d1-11e0-ae1c-123478563412"
      },
      "scope": "string",
      "session_id": "string",
      "state": "string",
      "svm": {
        "name": "string"
      },
      "timestamp": "string",
      "user": "string"
    }
  ]
}
JSON

Error

Status: Default, Error
Name Type Description

error

error

Example error
{
  "error": {
    "arguments": [
      {
        "code": "string",
        "message": "string"
      }
    ],
    "code": "4",
    "message": "entry doesn't exist",
    "target": "uuid"
  }
}
JSON

Definitions

See Definitions

href

Name Type Description

href

string

Name Type Description

next

href

self

href

Name Type Description

self

href

node

Node where the audit message resides.

Name Type Description

_links

_links

name

string

uuid

string

svm

This is the SVM through which the user connected.

Name Type Description

name

string

security_audit_log

Name Type Description

_links

_links

application

string

This identifies the "application" by which the request was processed.

command_id

string

This is the command ID for this request. Each command received on a CLI session is assigned a command ID. This enables you to correlate a request and response.

index

integer

Internal index for accessing records with same time/node. This is a 64 bit unsigned value.

input

string

The request.

location

string

This identifies the location of the remote user. This is an IP address or "console".

message

string

This is an optional field that might contain "error" or "additional information" about the status of a command.

node

node

Node where the audit message resides.

scope

string

Set to "svm" when the request is on a data SVM; otherwise set to "cluster".

session_id

string

This is the session ID on which the request is received. Each SSH session is assigned a session ID. Each http/ontapi/snmp request is assigned a unique session ID.

state

string

State of of this request.

svm

svm

This is the SVM through which the user connected.

timestamp

string

Log entry timestamp. Valid in URL

user

string

Username of the remote user.

error_arguments

Name Type Description

code

string

Argument code

message

string

Message argument

error

Name Type Description

arguments

array[error_arguments]

Message arguments

code

string

Error code

message

string

Error message

target

string

The target parameter that caused the error.