Retrieve the administrative audit log viewer
Suggest changes
PDFs
GET /security/audit/messages
Introduced In: 9.6
Retrieves the administrative audit log viewer.
Parameters
| Name | Type | In | Required | Description |
|---|---|---|---|---|
node.uuid |
string |
query |
False |
Filter by node.uuid |
node.name |
string |
query |
False |
Filter by node.name |
command_id |
string |
query |
False |
Filter by command_id |
scope |
string |
query |
False |
Filter by scope |
session_id |
string |
query |
False |
Filter by session_id |
message |
string |
query |
False |
Filter by message |
input |
string |
query |
False |
Filter by input |
location |
string |
query |
False |
Filter by location |
index |
integer |
query |
False |
Filter by index |
timestamp |
string |
query |
False |
Filter by timestamp |
state |
string |
query |
False |
Filter by state |
application |
string |
query |
False |
Filter by application |
user |
string |
query |
False |
Filter by user |
svm.name |
string |
query |
False |
Filter by svm.name |
fields |
array[string] |
query |
False |
Specify the fields to return. |
max_records |
integer |
query |
False |
Limit the number of records returned. |
return_timeout |
integer |
query |
False |
The number of seconds to allow the call to execute before returning. When iterating over a collection, the default is 15 seconds. ONTAP returns earlier if either max records or the end of the collection is reached.
|
return_records |
boolean |
query |
False |
The default is true for GET calls. When set to false, only the number of records is returned.
|
order_by |
array[string] |
query |
False |
Order results by specified fields and optional [asc |
Response
Status: 200, Ok| Name | Type | Description |
|---|---|---|
_links |
||
num_records |
integer |
Number of records |
records |
array[security_audit_log] |
Example response
{
"_links": {
"next": {
"href": "/api/resourcelink"
},
"self": {
"href": "/api/resourcelink"
}
},
"num_records": 1,
"records": [
{
"_links": {
"self": {
"href": "/api/resourcelink"
}
},
"application": "string",
"command_id": "string",
"index": 0,
"input": "string",
"location": "string",
"message": "string",
"node": {
"_links": {
"self": {
"href": "/api/resourcelink"
}
},
"name": "node1",
"uuid": "1cd8a442-86d1-11e0-ae1c-123478563412"
},
"scope": "string",
"session_id": "string",
"state": "string",
"svm": {
"name": "string"
},
"timestamp": "string",
"user": "string"
}
]
}Error
Status: Default, Error| Name | Type | Description |
|---|---|---|
error |
Example error
{
"error": {
"arguments": [
{
"code": "string",
"message": "string"
}
],
"code": "4",
"message": "entry doesn't exist",
"target": "uuid"
}
}Definitions
See Definitions
href
| Name | Type | Description |
|---|---|---|
href |
string |
_links
| Name | Type | Description |
|---|---|---|
next |
||
self |
_links
| Name | Type | Description |
|---|---|---|
self |
node
Node where the audit message resides.
| Name | Type | Description |
|---|---|---|
_links |
||
name |
string |
|
uuid |
string |
svm
This is the SVM through which the user connected.
| Name | Type | Description |
|---|---|---|
name |
string |
security_audit_log
| Name | Type | Description |
|---|---|---|
_links |
||
application |
string |
This identifies the "application" by which the request was processed. |
command_id |
string |
This is the command ID for this request. Each command received on a CLI session is assigned a command ID. This enables you to correlate a request and response. |
index |
integer |
Internal index for accessing records with the same time and node. This is a 64-bit unsigned value that is used to order the audit log messages before they are displayed. If multiple entries for the same node and timestamp occur simultaneously, the index assigns an order to ensure logical consistency. |
input |
string |
The request. |
location |
string |
This identifies the location of the remote user. This is an IP address or "console". |
message |
string |
This is an optional field that might contain "error" or "additional information" about the status of a command. |
node |
Node where the audit message resides. |
|
scope |
string |
Set to "svm" when the request is on a data SVM; otherwise set to "cluster". |
session_id |
string |
This is the session ID on which the request is received. Each SSH session is assigned a session ID. Each http/ontapi/snmp request is assigned a unique session ID. |
state |
string |
State of of this request. |
svm |
This is the SVM through which the user connected. |
|
timestamp |
string |
Log entry timestamp. Valid in URL |
user |
string |
Username of the remote user. |
error_arguments
| Name | Type | Description |
|---|---|---|
code |
string |
Argument code |
message |
string |
Message argument |
returned_error
| Name | Type | Description |
|---|---|---|
arguments |
array[error_arguments] |
Message arguments |
code |
string |
Error code |
message |
string |
Error message |
target |
string |
The target parameter that caused the error. |