Protocols audit svm.uuid object-store endpoint overview
- PDF of this doc site
Collection of separate PDF docs
Creating your file...
Overview
S3 events auditing is a security measure that enables you to track and log certain S3 events on storage virtual machines (SVMs). You can track potential security problems and provides evidence of any security breaches.
Examples
Creating an S3 audit entry with log rotation size and log retention count
To create an S3 audit entry with log rotation size and log retention count, use the following API. Note the return_records=true query parameter is used to obtain the newly created entry in the response.
# The API: POST /api/protocols/audit/{svm.uuid}/object-store/ # The call: curl -X POST "https://<mgmt-ip>/api/protocols/audit/ec650e97-156e-11e9-abcb-005056bbd0bf/object-store?return_records=true" -H "accept: application/json" -H "Content-Type: application/json" -d "{ \"enabled\": true, \"events\": { \"data\": false, \"management\": false}, \"log\": { \"format\": \"json\", \"retention\": { \"count\": 10 }, \"rotation\": { \"size\": 2048000 }}, \"log_path\": \"/\"}" # The response: { "records": [ { "svm": { "uuid": "ec650e97-156e-11e9-abcb-005056bbd0bf", "name": "vs1" }, "enabled": true, "events": { "data": false, "management": false }, "log": { "format": "json", "rotation": { "size": 2048000 }, "retention": { "count": 10, "duration": "0s" } }, "log_path": "/" } ], "num_records": 1 }
Creating an S3 audit entry with log rotation schedule and log retention duration
To create an S3 audit entry with log rotation schedule and log retention duration, use the following API. Note that the return_records=true query parameter is used to obtain the newly created entry in the response.
# The API: POST /api/protocols/audit/{svm.uuid}/object-store/ # The call: curl -X POST "https://<mgmt-ip>/api/protocols/audit/a8d64674-13fc-11e9-87b1-005056a7ae7e/object-store?return_records=true" -H "accept: application/json" -H "Content-Type: application/json" -d "{ \"enabled\": false, \"events\": { \"data\": true, \"management\": true }, \"log\": { \"format\": \"json\", \"retention\": { \"duration\": \"P4DT12H30M5S\" }, \"rotation\": { \"schedule\": { \"days\": [1, 5, 10, 15], \"hours\": [0, 1, 6, 12, 18, 23], \"minutes\": [10, 15, 30, 45, 59], \"months\": [0], \"weekdays\": [0, 2, 5] } } }, \"log_path\": \"/\"}" # The response: { "records": [ { "svm": { "uuid": "a8d64674-13fc-11e9-87b1-005056a7ae7e", "name": "vs3" }, "enabled": true, "events": { "data": true, "management": true }, "log": { "format": "json", "rotation": { "schedule": { "minutes": [ 10, 15, 30, 45, 59 ], "hours": [ 0, 1, 6, 12, 18, 23 ], "weekdays": [ 0, 2, 5 ], "days": [ 1, 5, 10, 15 ], "months": [ 0 ] } }, "retention": { "count": 0, "duration": "P4DT12H30M5S" } }, "log_path": "/" } ], "num_records": 1 }
Retrieving an S3 audit configuration for all SVMs in the cluster
# The API: GET /api/protocols/audit/{svm.uuid}/object-store/ # The call: curl -X GET "https://<mgmt-ip>/api/protocols/audit/*/object-store?fields=*&return_records=true&return_timeout=15" -H "accept: application/json" # The response: { "records": [ { "svm": { "uuid": "ec650e97-156e-11e9-abcb-005056bbd0bf", "name": "vs1" }, "enabled": true, "events": { "data": false, "management": false }, "log": { "format": "json", "rotation": { "size": 2048000 }, "retention": { "count": 10, "duration": "0s" } }, "log_path": "/" }, { "svm": { "uuid": "a8d64674-13fc-11e9-87b1-005056a7ae7e", "name": "vs3" }, "enabled": true, "events": { "data": true, "management": true }, "log": { "format": "json", "rotation": { "schedule": { "minutes": [ 10, 15, 30, 45, 59 ], "hours": [ 0, 1, 6, 12, 18, 23 ], "weekdays": [ 0, 2, 5 ], "days": [ 1, 5, 10, 15 ], "months": [ 0 ] } }, "retention": { "count": 0, "duration": "P4DT12H30M5S" } }, "log_path": "/" } ], "num_records": 2 }
Retrieving specific entries with event list as data and management event for an SVM
The configuration returned is identified by the events in the list of S3 audit configurations of an SVM.
# The API: GET /api/protocols/audit/{svm.uuid}/object-store/ # The call: curl -X GET "https://<mgmt-ip>/api/protocols/audit/*/object-store?events.data=true&events.management=true&return_records=true&return_timeout=15" -H "accept: application/json" # The response: { "records": [ { "svm": { "uuid": "ec650e97-156e-11e9-abcb-005056bbd0bf", "name": "vs1" }, "events": { "data": true, "management":true } }, { "svm": { "uuid": "a8d64674-13fc-11e9-87b1-005056a7ae7e", "name": "vs3" }, "events": { "data": true, "management": true } } ], "num_records": 2 }
Retrieving a specific S3 audit configuration of an SVM
The configuration returned is identified by the UUID of its SVM.
# The API: GET /api/protocols/audit/{svm.uuid}/object-store/ # The call: curl -X GET "https://<mgmt-ip>/api/protocols/audit/ec650e97-156e-11e9-abcb-005056bbd0bf/object-store/" -H "accept: application/json" # The response: { "svm": { "uuid": "ec650e97-156e-11e9-abcb-005056bbd0bf", "name": "vs1" }, "enabled": true, "events": { "data": false, "management": false }, "log": { "format": "json", "rotation": { "size": 2048000 }, "retention": { "count": 10, "duration": "0s" } }, "log_path": "/" }
Updating a specific S3 audit configuration of an SVM
The configuration is identified by the UUID of its SVM and the provided information is updated.
# The API: PATCH /api/protocols/audit/{svm.uuid}/object-store/ # The call: curl -X PATCH "https://<mgmt-ip>/api/protocols/audit/ec650e97-156e-11e9-abcb-005056bbd0bf/object-store/" -H "accept: application/json" -H "Content-Type: application/json" -d "{ \"enabled\": false}"
Deleting a specific S3 audit configuration of an SVM
The entry to be deleted is identified by the UUID of its SVM.
# The API: DELETE /api/protocols/audit/{svm.uuid}/object-store/ # The call: curl -X DELETE "https://<mgmt-ip>/api/protocols/audit/ec650e97-156e-11e9-abcb-005056bbd0bf/object-store" -H "accept: application/json"