REST API reference
Define the remote syslog or splunk server information
Suggest changes
PDFs
POST /security/audit/destinations
Configures remote syslog/splunk server information.
Required properties
All of the following fields are required for creating a remote syslog/splunk destination
-
address
Optional properties
All of the following fields are optional for creating a remote syslog/splunk destination
-
port -
protocol -
facility -
verify_server(Can only be "true" when protocol is "tcp_encrypted")
Learn more
Parameters
| Name | Type | In | Required | Description |
|---|---|---|---|---|
return_timeout |
integer |
query |
False |
The number of seconds to allow the call to execute before returning. When doing a POST, PATCH, or DELETE operation on a single record, the default is 0 seconds. This means that if an asynchronous operation is started, the server immediately returns HTTP code 202 (Accepted) along with a link to the job. If a non-zero value is specified for POST, PATCH, or DELETE operations, ONTAP waits that length of time to see if the job completes so it can return something other than 202.
|
return_records |
boolean |
query |
False |
The default is false. If set to true, the records are returned.
|
force |
boolean |
query |
False |
Skip the Connectivity Test
|
Request Body
| Name | Type | Description |
|---|---|---|
address |
string |
Destination syslog|splunk host to forward audit records to. This can be an IP address (IPv4|IPv6) or a hostname. |
facility |
string |
This is the standard Syslog Facility value that is used when sending audit records to a remote server. |
port |
integer |
Destination Port. The default port depends on the protocol chosen: For un-encrypted destinations the default port is 514. For encrypted destinations the default port is 6514. |
protocol |
string |
Log forwarding protocol |
verify_server |
boolean |
This is only applicable when the protocol is tcp_encrypted. This controls whether the remote server's certificate is validated. Setting "verify_server" to "true" will enforce validation of remote server's certificate. Setting "verify_server" to "false" will not enforce validation of remote server's certificate. |
Example request
{
"facility": "kern",
"protocol": "udp_unencrypted"
}Response
Status: 202, Accepted| Name | Type | Description |
|---|---|---|
_links |
||
num_records |
integer |
Number of records |
records |
array[security_audit_log_forward] |
Example response
{
"_links": {
"next": {
"href": "/api/resourcelink"
},
"self": {
"href": "/api/resourcelink"
}
},
"records": {
"facility": "kern",
"protocol": "udp_unencrypted"
}
}Error
Status: DefaultONTAP Error Response Codes
| Error Code | Description |
|---|---|
15661 |
The object specified could not be found |
13114 |
Internal error |
13115 |
Invalid input |
4522285 |
Server verification cannot be enabled because it requires a protocol with encryption. Encryption can be selected using the protocol field. |
9240603 |
Cannot ping destination host. Verify connectivity to desired host or skip the connectivity check with the -force parameter. |
327698 |
Failed to create RPC client to destination host |
9240609 |
Cannot connect to destination host. |
9240604 |
Cannot resolve the destination host. |
| Name | Type | Description |
|---|---|---|
error |
Example error
{
"error": {
"arguments": {
"code": "string",
"message": "string"
},
"code": "4",
"message": "entry doesn't exist",
"target": "uuid"
}
}Definitions
See Definitions
security_audit_log_forward
| Name | Type | Description |
|---|---|---|
address |
string |
Destination syslog|splunk host to forward audit records to. This can be an IP address (IPv4|IPv6) or a hostname. |
facility |
string |
This is the standard Syslog Facility value that is used when sending audit records to a remote server. |
port |
integer |
Destination Port. The default port depends on the protocol chosen: For un-encrypted destinations the default port is 514. For encrypted destinations the default port is 6514. |
protocol |
string |
Log forwarding protocol |
verify_server |
boolean |
This is only applicable when the protocol is tcp_encrypted. This controls whether the remote server's certificate is validated. Setting "verify_server" to "true" will enforce validation of remote server's certificate. Setting "verify_server" to "false" will not enforce validation of remote server's certificate. |
href
| Name | Type | Description |
|---|---|---|
href |
string |
_links
| Name | Type | Description |
|---|---|---|
next |
||
self |
error_arguments
| Name | Type | Description |
|---|---|---|
code |
string |
Argument code |
message |
string |
Message argument |
error
| Name | Type | Description |
|---|---|---|
arguments |
array[error_arguments] |
Message arguments |
code |
string |
Error code |
message |
string |
Error message |
target |
string |
The target parameter that caused the error. |