Skip to main content
A newer release of this product is available.

Define the remote syslog or splunk server information

Contributors

POST /security/audit/destinations

Introduced In: 9.6

Configures remote syslog/splunk server information.

Required properties

All of the following fields are required for creating a remote syslog/splunk destination

  • address

Optional properties

All of the following fields are optional for creating a remote syslog/splunk destination

  • port

  • ipspace

  • protocol

  • facility

  • verify_server (Can only be "true" when protocol is "tcp_encrypted")

  • message_format (Can be either "legacy-netapp" or "rfc-5424")

  • timestamp_format_override (Can be either "no-override", "rfc-3164", "iso-8601-utc" or "iso-8601-local-time")

  • hostname_format_override (Can be either "no-override", "fqdn" or "hostname-only")

Parameters

Name Type In Required Description

force

boolean

query

False

Skip the Connectivity Test

  • Default value:

return_timeout

integer

query

False

The number of seconds to allow the call to execute before returning. When doing a POST, PATCH, or DELETE operation on a single record, the default is 0 seconds. This means that if an asynchronous operation is started, the server immediately returns HTTP code 202 (Accepted) along with a link to the job. If a non-zero value is specified for POST, PATCH, or DELETE operations, ONTAP waits that length of time to see if the job completes so it can return something other than 202.

  • Default value: 1

  • Max value: 120

  • Min value: 0

return_records

boolean

query

False

The default is false. If set to true, the records are returned.

  • Default value:

Request Body

Name Type Description

address

string

Destination syslog|splunk host to forward audit records to. This can be an IP address (IPv4|IPv6) or a hostname.

facility

string

This is the standard Syslog Facility value that is used when sending audit records to a remote server.

hostname_format_override

string

Syslog Hostname Format Override

ipspace

ipspace

message_format

string

Syslog message format to be used. legacy_netapp format (variation of RFC-3164) is default message format.

port

integer

Destination Port. The default port depends on the protocol chosen: For un-encrypted destinations the default port is 514. For encrypted destinations the default port is 6514.

protocol

string

Log forwarding protocol

timestamp_format_override

string

Syslog Timestamp Format Override.

verify_server

boolean

This is only applicable when the protocol is tcp_encrypted. This controls whether the remote server's certificate is validated. Setting "verify_server" to "true" will enforce validation of remote server's certificate. Setting "verify_server" to "false" will not enforce validation of remote server's certificate.

Example request
{
  "address": "string",
  "facility": "string",
  "hostname_format_override": "string",
  "ipspace": {
    "_links": {
      "self": {
        "href": "/api/resourcelink"
      }
    },
    "name": "exchange",
    "uuid": "1cd8a442-86d1-11e0-ae1c-123478563412"
  },
  "message_format": "string",
  "protocol": "string",
  "timestamp_format_override": "string"
}

Response

Status: 202, Accepted
Name Type Description

_links

_links

num_records

integer

Number of records

records

array[security_audit_log_forward]

Example response
{
  "_links": {
    "next": {
      "href": "/api/resourcelink"
    },
    "self": {
      "href": "/api/resourcelink"
    }
  },
  "num_records": 1,
  "records": [
    {
      "address": "string",
      "facility": "string",
      "hostname_format_override": "string",
      "ipspace": {
        "_links": {
          "self": {
            "href": "/api/resourcelink"
          }
        },
        "name": "exchange",
        "uuid": "1cd8a442-86d1-11e0-ae1c-123478563412"
      },
      "message_format": "string",
      "protocol": "string",
      "timestamp_format_override": "string"
    }
  ]
}

Headers

Name Description Type

Location

Useful for tracking the resource location

string

Error

Status: Default

ONTAP Error Response Codes

Error Code Description

15661

The object specified could not be found

13114

Internal error

13115

Invalid input

4522285

Server verification cannot be enabled because it requires a protocol with encryption. Encryption can be selected using the protocol field.

9240603

Cannot ping destination host. Verify connectivity to desired host or skip the connectivity check with the -force parameter.

327698

Failed to create RPC client to destination host

9240609

Cannot connect to destination host.

9240604

Cannot resolve the destination host.

Name Type Description

error

error

Example error
{
  "error": {
    "arguments": [
      {
        "code": "string",
        "message": "string"
      }
    ],
    "code": "4",
    "message": "entry doesn't exist",
    "target": "uuid"
  }
}

Definitions

See Definitions

href

Name Type Description

href

string

Name Type Description

self

href

ipspace

Name Type Description

_links

_links

name

string

IPspace name

uuid

string

IPspace UUID

security_audit_log_forward

Name Type Description

address

string

Destination syslog|splunk host to forward audit records to. This can be an IP address (IPv4|IPv6) or a hostname.

facility

string

This is the standard Syslog Facility value that is used when sending audit records to a remote server.

hostname_format_override

string

Syslog Hostname Format Override

ipspace

ipspace

message_format

string

Syslog message format to be used. legacy_netapp format (variation of RFC-3164) is default message format.

port

integer

Destination Port. The default port depends on the protocol chosen: For un-encrypted destinations the default port is 514. For encrypted destinations the default port is 6514.

protocol

string

Log forwarding protocol

timestamp_format_override

string

Syslog Timestamp Format Override.

verify_server

boolean

This is only applicable when the protocol is tcp_encrypted. This controls whether the remote server's certificate is validated. Setting "verify_server" to "true" will enforce validation of remote server's certificate. Setting "verify_server" to "false" will not enforce validation of remote server's certificate.

Name Type Description

next

href

self

href

error_arguments

Name Type Description

code

string

Argument code

message

string

Message argument

error

Name Type Description

arguments

array[error_arguments]

Message arguments

code

string

Error code

message

string

Error message

target

string

The target parameter that caused the error.