Update an S3 audit configuration for an SVM
Suggest changes
PDFs
PATCH /protocols/audit/{svm.uuid}/object-store
Introduced In: 9.10
Updates an S3 audit configuration for an SVM.
Important notes
-
events- Not specifying either data or management is equivalent to setting it to false.
Related ONTAP commands
-
vserver object-store-server audit modify
Learn more
Parameters
| Name | Type | In | Required | Description |
|---|---|---|---|---|
return_timeout |
integer |
query |
False |
The number of seconds to allow the call to execute before returning. When doing a POST, PATCH, or DELETE operation on a single record, the default is 0 seconds. This means that if an asynchronous operation is started, the server immediately returns HTTP code 202 (Accepted) along with a link to the job. If a non-zero value is specified for POST, PATCH, or DELETE operations, ONTAP waits that length of time to see if the job completes so it can return something other than 202.
|
svm.uuid |
string |
path |
True |
UUID of the SVM to which this object belongs. |
Request Body
| Name | Type | Description |
|---|---|---|
enabled |
boolean |
Specifies whether or not auditing is enabled on the SVM. |
events |
||
log |
||
log_path |
string |
The audit log destination path where consolidated audit logs are stored. |
Example request
{
"log": {
"format": "string",
"retention": {
"duration": "P4DT12H30M5S"
},
"rotation": {
"schedule": {
"days": [
"integer"
],
"hours": [
"integer"
],
"minutes": [
"integer"
],
"months": [
"integer"
],
"weekdays": [
"integer"
]
}
}
},
"log_path": "string"
}Response
Status: 200, OkResponse
Status: 202, AcceptedError
Status: DefaultONTAP Error Response Codes
| Error Code | Description |
|---|---|
140902401 |
Failed to create an audit configuration for the SVM. |
140902402 |
Audit configuration is already present. |
140902402 |
Audit configuration is already enabled. |
140902403 |
Failed to create staging volume. |
140902415 |
Failed to modify an audit configuration because no audit configuration exists for SVM. |
140902416 |
Failed to modify audit configuration for SVM. |
140902422 |
Final consolidation is in progress, audit delete failed. |
140902423 |
Failed to delete the audit configuration for the SVM. |
140902425 |
Audit configuration is not available for disabling. |
140902430 |
Audit configuration is not available for enabling. |
140902431 |
Audit enable failed, audit configuration already enabled for the SVM. |
140902432 |
Final consolidation is in progress, audit enable failed. |
140902445 |
Audit disable failed, audit configuration does not exist for the SVM. |
140902446 |
Audit configuration is already disabled. |
140902446 |
Audit disable failed, audit configuration does not exist for the SVM. |
140902456 |
The specified log_path does not exist. |
140902457 |
The log_path must be a directory. |
140902458 |
The log_path must be a canonical path in the SVM's namespace. |
140902459 |
The log_path cannot be empty. |
140902460 |
Rotate size must be greater than or equal to 1024 KB. |
140902461 |
The destination path must not contain a symbolic link. |
140902470 |
The log_path exceeds a maximum supported length of characters. |
140902471 |
The log_path contains an unsupported read-only (DP/LS) volume. |
140902472 |
The log_path is not a valid destination for the SVM. |
140902474 |
The log_path contains an unsupported Snaplock volume. |
140902478 |
The log_path validation failed. |
140902478 |
The log_path cannot be accessed for validation. |
140902479 |
No other fields can be specified when "enabled" is specified. |
140902490 |
Audit configuration is absent for rotate. |
140902491 |
Failed to rotate audit log. |
140902492 |
Cannot rotate audit log, auditing is not enabled for this SVM. |
Also see the table of common errors in the Response body overview section of this documentation. ONTAP Error Response Codes
| Error Code | Description |
|---|---|
9699340 |
SVM UUID lookup failed |
9699407 |
Additional fields are provided |
Definitions
See Definitions
events
| Name | Type | Description |
|---|---|---|
data |
boolean |
Data events |
management |
boolean |
Management events |
href
| Name | Type | Description |
|---|---|---|
href |
string |
_links
retention
| Name | Type | Description |
|---|---|---|
count |
integer |
Determines how many audit log files to retain before rotating the oldest log file out. This is mutually exclusive with "duration". |
duration |
string |
Specifies an ISO-8601 format date and time to retain the audit log file. The audit log files are deleted once they reach the specified date/time. This is mutually exclusive with "count". |
audit_schedule
Rotates the audit logs based on a schedule by using the time-based rotation parameters in any combination. The rotation schedule is calculated by using all the time-related values.
| Name | Type | Description |
|---|---|---|
days |
array[integer] |
Specifies the day of the month schedule to rotate audit log. Leave empty for all. |
hours |
array[integer] |
Specifies the hourly schedule to rotate audit log. Leave empty for all. |
minutes |
array[integer] |
Specifies the minutes schedule to rotate the audit log. |
months |
array[integer] |
Specifies the months schedule to rotate audit log. Leave empty for all. |
weekdays |
array[integer] |
Specifies the weekdays schedule to rotate audit log. Leave empty for all. |
rotation
Audit event log files are rotated when they reach a configured threshold log size or are on a configured schedule. When an event log file is rotated, the scheduled consolidation task first renames the active converted file to a time-stamped archive file, and then creates a new active converted event log file.
| Name | Type | Description |
|---|---|---|
now |
boolean |
Manually rotates the audit logs. Optional in PATCH only. Not available in POST. |
schedule |
Rotates the audit logs based on a schedule by using the time-based rotation parameters in any combination. The rotation schedule is calculated by using all the time-related values. |
|
size |
integer |
Rotates logs based on log size in bytes. |
s3_log
| Name | Type | Description |
|---|---|---|
format |
string |
Format in which the logs are generated by the consolidation process. Possible values are:
|
retention |
||
rotation |
Audit event log files are rotated when they reach a configured threshold log size or are on a configured schedule. When an event log file is rotated, the scheduled consolidation task first renames the active converted file to a time-stamped archive file, and then creates a new active converted event log file. |
svm
SVM, applies only to SVM-scoped objects.
| Name | Type | Description |
|---|---|---|
name |
string |
The name of the SVM. This field cannot be specified in a PATCH method. |
uuid |
string |
The unique identifier of the SVM. This field cannot be specified in a PATCH method. |
s3_audit
Auditing for NAS events is a security measure that enables you to track and log certain S3 events on SVMs.
| Name | Type | Description |
|---|---|---|
enabled |
boolean |
Specifies whether or not auditing is enabled on the SVM. |
events |
||
log |
||
log_path |
string |
The audit log destination path where consolidated audit logs are stored. |
error_arguments
| Name | Type | Description |
|---|---|---|
code |
string |
Argument code |
message |
string |
Message argument |
returned_error
| Name | Type | Description |
|---|---|---|
arguments |
array[error_arguments] |
Message arguments |
code |
string |
Error code |
message |
string |
Error message |
target |
string |
The target parameter that caused the error. |