Define remote syslog or splunk server information
- PDF of this doc site
Collection of separate PDF docs
Creating your file...
POST /security/audit/destinations
Introduced In: 9.6
Configures remote syslog/splunk server information.
Required properties
All of the following fields are required for creating a remote syslog/splunk destination
-
address
Optional properties
All of the following fields are optional for creating a remote syslog/splunk destination
-
port
-
ipspace
-
protocol
-
facility
-
verify_server
(Can only be "true" when protocol is "tcp_encrypted")
Parameters
Name | Type | In | Required | Description |
---|---|---|---|---|
force |
boolean |
query |
False |
Skip the Connectivity Test
|
return_timeout |
integer |
query |
False |
The number of seconds to allow the call to execute before returning. When doing a POST, PATCH, or DELETE operation on a single record, the default is 0 seconds. This means that if an asynchronous operation is started, the server immediately returns HTTP code 202 (Accepted) along with a link to the job. If a non-zero value is specified for POST, PATCH, or DELETE operations, ONTAP waits that length of time to see if the job completes so it can return something other than 202.
|
return_records |
boolean |
query |
False |
The default is false. If set to true, the records are returned.
|
Request Body
Name | Type | Description |
---|---|---|
address |
string |
Destination syslog|splunk host to forward audit records to. This can be an IP address (IPv4|IPv6) or a hostname. |
facility |
string |
This is the standard Syslog Facility value that is used when sending audit records to a remote server. |
ipspace |
||
port |
integer |
Destination Port. The default port depends on the protocol chosen: For un-encrypted destinations the default port is 514. For encrypted destinations the default port is 6514. |
protocol |
string |
Log forwarding protocol |
verify_server |
boolean |
This is only applicable when the protocol is tcp_encrypted. This controls whether the remote server's certificate is validated. Setting "verify_server" to "true" will enforce validation of remote server's certificate. Setting "verify_server" to "false" will not enforce validation of remote server's certificate. |
Example request
{
"address": "string",
"facility": "string",
"ipspace": {
"_links": {
"self": {
"href": "/api/resourcelink"
}
},
"name": "exchange",
"uuid": "1cd8a442-86d1-11e0-ae1c-123478563412"
},
"protocol": "string"
}
Response
Status: 202, Accepted
Name | Type | Description |
---|---|---|
_links |
||
num_records |
integer |
Number of records |
records |
array[security_audit_log_forward] |
Example response
{
"_links": {
"next": {
"href": "/api/resourcelink"
},
"self": {
"href": "/api/resourcelink"
}
},
"num_records": 1,
"records": [
{
"address": "string",
"facility": "string",
"ipspace": {
"_links": {
"self": {
"href": "/api/resourcelink"
}
},
"name": "exchange",
"uuid": "1cd8a442-86d1-11e0-ae1c-123478563412"
},
"protocol": "string"
}
]
}
Headers
Name | Description | Type |
---|---|---|
Location |
Useful for tracking the resource location |
string |
Error
Status: Default
ONTAP Error Response Codes
Error Code | Description |
---|---|
15661 |
The object specified could not be found |
13114 |
Internal error |
13115 |
Invalid input |
4522285 |
Server verification cannot be enabled because it requires a protocol with encryption. Encryption can be selected using the protocol field. |
9240603 |
Cannot ping destination host. Verify connectivity to desired host or skip the connectivity check with the -force parameter. |
327698 |
Failed to create RPC client to destination host |
9240609 |
Cannot connect to destination host. |
9240604 |
Cannot resolve the destination host. |
Name | Type | Description |
---|---|---|
error |
Example error
{
"error": {
"arguments": [
{
"code": "string",
"message": "string"
}
],
"code": "4",
"message": "entry doesn't exist",
"target": "uuid"
}
}
Definitions
See Definitions
href
Name | Type | Description |
---|---|---|
href |
string |
_links
Name | Type | Description |
---|---|---|
self |
ipspace
Name | Type | Description |
---|---|---|
_links |
||
name |
string |
IPspace name |
uuid |
string |
IPspace UUID |
security_audit_log_forward
Name | Type | Description |
---|---|---|
address |
string |
Destination syslog|splunk host to forward audit records to. This can be an IP address (IPv4|IPv6) or a hostname. |
facility |
string |
This is the standard Syslog Facility value that is used when sending audit records to a remote server. |
ipspace |
||
port |
integer |
Destination Port. The default port depends on the protocol chosen: For un-encrypted destinations the default port is 514. For encrypted destinations the default port is 6514. |
protocol |
string |
Log forwarding protocol |
verify_server |
boolean |
This is only applicable when the protocol is tcp_encrypted. This controls whether the remote server's certificate is validated. Setting "verify_server" to "true" will enforce validation of remote server's certificate. Setting "verify_server" to "false" will not enforce validation of remote server's certificate. |
_links
Name | Type | Description |
---|---|---|
next |
||
self |
error_arguments
Name | Type | Description |
---|---|---|
code |
string |
Argument code |
message |
string |
Message argument |
error
Name | Type | Description |
---|---|---|
arguments |
array[error_arguments] |
Message arguments |
code |
string |
Error code |
message |
string |
Error message |
target |
string |
The target parameter that caused the error. |