Skip to main content
A newer release of this product is available.

Define a remote syslog or splunk server to receive audit information

Contributors

GET /security/audit/destinations

Defines a remote syslog/splunk server for sending audit information to.

Parameters

Name Type In Required Description

order_by

array[string]

query

False

Order results by specified fields and optional [asc

desc] direction. Default direction is 'asc' for ascending.

facility

string

query

False

Filter by facility

address

string

query

False

Filter by address

port

integer

query

False

Filter by port

protocol

string

query

False

Filter by protocol

verify_server

boolean

query

False

Filter by verify_server

fields

array[string]

query

False

Specify the fields to return.

max_records

integer

query

False

Limit the number of records returned.

return_timeout

integer

query

False

The number of seconds to allow the call to execute before returning. When iterating over a collection, the default is 15 seconds. ONTAP returns earlier if either max records or the end of the collection is reached.

return_records

boolean

query

False

Response

Status: 200, Ok
Name Type Description

_links

_links

num_records

integer

Number of records

records

array[security_audit_log_forward]

Example response
{
  "_links": {
    "next": {
      "href": "/api/resourcelink"
    },
    "self": {
      "href": "/api/resourcelink"
    }
  },
  "records": [
    {
      "address": "string",
      "facility": "string",
      "protocol": "string"
    }
  ]
}

Error

Status: Default, Error
Name Type Description

error

error

Example error
{
  "error": {
    "arguments": [
      {
        "code": "string",
        "message": "string"
      }
    ],
    "code": "4",
    "message": "entry doesn't exist",
    "target": "uuid"
  }
}

Definitions

See Definitions

href

Name Type Description

href

string

Name Type Description

next

href

self

href

security_audit_log_forward

Name Type Description

address

string

Destination syslog|splunk host to forward audit records to. This can be an IP address (IPv4|IPv6) or a hostname.

facility

string

This is the standard Syslog Facility value that is used when sending audit records to a remote server.

port

integer

Destination Port. The default port depends on the protocol chosen: For un-encrypted destinations the default port is 514. For encrypted destinations the default port is 6514.

protocol

string

Log forwarding protocol

verify_server

boolean

This is only applicable when the protocol is tcp_encrypted. This controls whether the remote server's certificate is validated. Setting "verify_server" to "true" will enforce validation of remote server's certificate. Setting "verify_server" to "false" will not enforce validation of remote server's certificate.

error_arguments

Name Type Description

code

string

Argument code

message

string

Message argument

error

Name Type Description

arguments

array[error_arguments]

Message arguments

code

string

Error code

message

string

Error message

target

string

The target parameter that caused the error.