Update the audit configuration for an SVM
PATCH /protocols/audit/{svm.uuid}
Updates an audit configuration for an SVM.
Related ONTAP commands
-
vserver audit modify
Learn more
Parameters
Name | Type | In | Required | Description |
---|---|---|---|---|
return_timeout |
integer |
query |
False |
The number of seconds to allow the call to execute before returning. When doing a POST, PATCH, or DELETE operation on a single record, the default is 0 seconds. This means that if an asynchronous operation is started, the server immediately returns HTTP code 202 (Accepted) along with a link to the job. If a non-zero value is specified for POST, PATCH, or DELETE operations, ONTAP waits that length of time to see if the job completes so it can return something other than 202. |
svm.uuid |
string |
path |
True |
UUID of the SVM to which this object belongs. |
Request Body
Name | Type | Description |
---|---|---|
enabled |
boolean |
Specifies whether or not auditing is enabled on the SVM. |
events |
||
log |
||
log_path |
string |
The audit log destination path where consolidated audit logs are stored. |
svm |
Example request
{
"log": {
"_links": {
"self": {
"href": "/api/resourcelink"
}
},
"format": "string",
"retention": {
"duration": "P4DT12H30M5S"
},
"rotation": {
"schedule": {
"days": [
"integer"
],
"hours": [
"integer"
],
"minutes": [
"integer"
],
"months": [
"integer"
],
"weekdays": [
"integer"
]
}
}
},
"log_path": "string",
"svm": {
"_links": {
"self": {
"href": "/api/resourcelink"
}
},
"name": "svm1",
"uuid": "02c9e252-41be-11e9-81d5-00a0986138f7"
}
}
Response
Status: 202, Accepted
Error
Status: Default
ONTAP Error Response Codes
Error Code | Description |
---|---|
9699340 |
SVM UUID lookup failed |
9699343 |
Audit configuration is absent for modification |
9699358 |
Audit configuration is absent for enabling |
9699359 |
Audit configuration is already enabled |
9699360 |
Final consolidation is in progress, audit enable failed |
9699365 |
Enabling of audit configuration failed |
9699373 |
Audit configuration is absent for disabling |
9699374 |
Audit configuration is already disabled |
9699375 |
Disabling of audit configuration failed |
9699384 |
The specified log_path does not exist |
9699385 |
The log_path must be a directory |
9699386 |
The log_path must be a canonical path in the SVMs namespace |
9699387 |
The log_path cannot be empty |
9699388 |
Rotate size must be greater than or equal to 1024 KB |
9699389 |
The log_path must not contain a symbolic link |
9699398 |
The log_path exceeds a maximum supported length of characters |
9699399 |
The log_path contains an unsupported read-only (DP/LS) volume |
9699400 |
The specified log_path is not a valid destination for SVM |
9699402 |
The log_path contains an unsupported snaplock volume |
9699403 |
The log_path cannot be accessed for validation |
9699406 |
The log_path validation failed |
9699407 |
Additional fields are provided |
9699409 |
Failed to enable multiproto.audit.evtxlog.support support capability |
9699410 |
Failed to disable multiproto.audit.evtxlog.support support capability |
9699418 |
Audit configuration is absent for rotate |
9699419 |
Failed to rotate audit log |
9699420 |
Cannot rotate audit log, auditing is not enabled for this SVM |
9699428 |
All nodes need to run ONTAP 8.3.0 release to audit CIFS logon-logoff events |
9699429 |
Failed to enable multiproto.audit.cifslogonlogoff.support support capability |
9699430 |
Failed to disable multiproto.audit.cifslogonlogoff.support support capability |
9699431 |
All nodes need to run ONTAP 8.3.0 release to audit CAP staging events |
9699432 |
Failed to enable multiproto.audit.capstaging.support support capability |
9699433 |
Failed to disable multiproto.audit.capstaging.support support capability |
Name | Type | Description |
---|---|---|
error |
Example error
{
"error": {
"arguments": [
{
"code": "string",
"message": "string"
}
],
"code": "4",
"message": "entry doesn't exist",
"target": "uuid"
}
}
Definitions
See Definitions
events
Name | Type | Description |
---|---|---|
authorization_policy |
boolean |
Authorization policy change events |
cap_staging |
boolean |
Central access policy staging events |
cifs_logon_logoff |
boolean |
CIFS logon and logoff events |
file_operations |
boolean |
File operation events |
file_share |
boolean |
File share category events |
security_group |
boolean |
Local security group management events |
user_account |
boolean |
Local user account management events |
href
Name | Type | Description |
---|---|---|
href |
string |
_links
Name | Type | Description |
---|---|---|
self |
retention
Name | Type | Description |
---|---|---|
count |
integer |
Determines how many audit log files to retain before rotating the oldest log file out. This is mutually exclusive with duration. |
duration |
string |
Specifies an ISO-8601 format date and time to retain the audit log file. The audit log files are deleted once they reach the specified date/time. This is mutually exclusive with count. |
audit_schedule
Rotates the audit logs based on a schedule by using the time-based rotation parameters in any combination. The rotation schedule is calculated by using all the time-related values.
Name | Type | Description |
---|---|---|
days |
array[integer] |
Specifies the day of the month schedule to rotate audit log. Leave empty for all. |
hours |
array[integer] |
Specifies the hourly schedule to rotate audit log. Leave empty for all. |
minutes |
array[integer] |
Specifies the minutes schedule to rotate the audit log. |
months |
array[integer] |
Specifies the months schedule to rotate audit log. Leave empty for all. |
weekdays |
array[integer] |
Specifies the weekdays schedule to rotate audit log. Leave empty for all. |
rotation
Audit event log files are rotated when they reach a configured threshold log size or are on a configured schedule. When an event log file is rotated, the scheduled consolidation task first renames the active converted file to a time-stamped archive file, and then creates a new active converted event log file.
Name | Type | Description |
---|---|---|
now |
boolean |
Manually rotates the audit logs. Optional in PATCH only. Not available in POST. |
schedule |
Rotates the audit logs based on a schedule by using the time-based rotation parameters in any combination. The rotation schedule is calculated by using all the time-related values. |
|
size |
integer |
Rotates logs based on log size in bytes. |
log
Name | Type | Description |
---|---|---|
_links |
||
format |
string |
The format in which the logs are generated by consolidation process. Possible values are:
|
retention |
||
rotation |
Audit event log files are rotated when they reach a configured threshold log size or are on a configured schedule. When an event log file is rotated, the scheduled consolidation task first renames the active converted file to a time-stamped archive file, and then creates a new active converted event log file. |
svm
Name | Type | Description |
---|---|---|
_links |
||
name |
string |
The name of the SVM. |
uuid |
string |
The unique identifier of the SVM. |
audit
Auditing for NAS events is a security measure that enables you to track and log certain CIFS and NFS events on SVMs.
Name | Type | Description |
---|---|---|
enabled |
boolean |
Specifies whether or not auditing is enabled on the SVM. |
events |
||
log |
||
log_path |
string |
The audit log destination path where consolidated audit logs are stored. |
svm |
error_arguments
Name | Type | Description |
---|---|---|
code |
string |
Argument code |
message |
string |
Message argument |
error
Name | Type | Description |
---|---|---|
arguments |
array[error_arguments] |
Message arguments |
code |
string |
Error code |
message |
string |
Error message |
target |
string |
The target parameter that caused the error. |