Skip to main content
A newer release of this product is available.

Retrieve trace results for denied or allowed events

Contributors

GET /protocols/file-access-tracing/events

Introduced In: 9.8

Retrieves the trace results for access allowed or denied events.

  • vserver security trace trace-result show

Parameters

Name Type In Required Description

svm.uuid

string

query

False

Filter by svm.uuid

svm.name

string

query

False

Filter by svm.name

reason.message

string

query

False

Filter by reason.message

node.name

string

query

False

Filter by node.name

node.uuid

string

query

False

Filter by node.uuid

index

integer

query

False

Filter by index

session_id

integer

query

False

Filter by session_id

filter.trace_allowed_ops

boolean

query

False

Filter by filter.trace_allowed_ops

filter.unix_user

string

query

False

Filter by filter.unix_user

filter.index

integer

query

False

Filter by filter.index

filter.client_ip

string

query

False

Filter by filter.client_ip

filter.svm.uuid

string

query

False

Filter by filter.svm.uuid

filter.svm.name

string

query

False

Filter by filter.svm.name

filter.enabled

boolean

query

False

Filter by filter.enabled

filter.windows_user

string

query

False

Filter by filter.windows_user

filter.path

string

query

False

Filter by filter.path

filter.protocol

string

query

False

Filter by filter.protocol

share.name

string

query

False

Filter by share.name

create_time

string

query

False

Filter by create_time

volume.uuid

string

query

False

Filter by volume.uuid

volume.name

string

query

False

Filter by volume.name

fields

array[string]

query

False

Specify the fields to return.

max_records

integer

query

False

Limit the number of records returned.

return_records

boolean

query

False

The default is true for GET calls. When set to false, only the number of records is returned.

  • Default value: 1

return_timeout

integer

query

False

The number of seconds to allow the call to execute before returning. When iterating over a collection, the default is 15 seconds. ONTAP returns earlier if either max records or the end of the collection is reached.

  • Default value: 1

  • Max value: 120

  • Min value: 0

order_by

array[string]

query

False

Order results by specified fields and optional [asc

Response

Status: 200, Ok
Name Type Description

_links

collection_links

num_records

integer

Number of records

records

array[file_access_event]

Example response
{
  "_links": {
    "next": {
      "href": "/api/resourcelink"
    },
    "self": {
      "href": "/api/resourcelink"
    }
  },
  "records": [
    {
      "_links": {
        "self": {
          "href": "/api/resourcelink"
        }
      },
      "create_time": "2018-06-04T19:00:00Z",
      "filter": {
        "client_ip": "10.140.68.143",
        "index": "1",
        "path": "/dir1/dir2",
        "protocol": "string",
        "svm": {
          "_links": {
            "self": {
              "href": "/api/resourcelink"
            }
          },
          "name": "svm1",
          "uuid": "02c9e252-41be-11e9-81d5-00a0986138f7"
        },
        "unix_user": "root",
        "windows_user": "cifs1/administrator"
      },
      "index": "1",
      "node": {
        "_links": {
          "self": {
            "href": "/api/resourcelink"
          }
        },
        "name": "node1",
        "uuid": "1cd8a442-86d1-11e0-ae1c-123478563412"
      },
      "reason": {
        "message": "Access is allowed because the operation is trusted and no security is configured."
      },
      "session_id": "2628976282477527056",
      "share": {
        "_links": {
          "self": {
            "href": "/api/resourcelink"
          }
        },
        "name": "sh1"
      },
      "svm": {
        "_links": {
          "self": {
            "href": "/api/resourcelink"
          }
        },
        "name": "svm1",
        "uuid": "02c9e252-41be-11e9-81d5-00a0986138f7"
      },
      "volume": {
        "_links": {
          "self": {
            "href": "/api/resourcelink"
          }
        },
        "name": "volume1",
        "uuid": "028baa66-41bd-11e9-81d5-00a0986138f7"
      }
    }
  ]
}

Error

Status: Default, Error
Name Type Description

error

error

Example error
{
  "error": {
    "arguments": [
      {
        "code": "string",
        "message": "string"
      }
    ],
    "code": "4",
    "message": "entry doesn't exist",
    "target": "uuid"
  }
}

Definitions

See Definitions

href

Name Type Description

href

string

Name Type Description

next

href

self

href

Name Type Description

self

href

svm_reference

SVM, applies only to SVM-scoped objects.

Name Type Description

_links

_links

name

string

The name of the SVM.

uuid

string

The unique identifier of the SVM.

file_access_filter

ONTAP allows creation of filters for file access tracing for both CIFS and NFS. These filters have protocols, path, username and client IP based on which file access operations are logged.

Name Type Description

client_ip

string

Specifies the IP address from which the client accesses the file or directory.

enabled

boolean

Specifies whether to enable or disable the filter. Filters are enabled by default and are deleted after 60 mins.

index

integer

Position of the file access tracing filter.

path

string

Specifies the path for which permission tracing can be applied. The value can be complete path from root of CIFS share or root of volume for NFS.

protocol

string

Specifies the protocol for which permission trace is required.

svm

svm_reference

SVM, applies only to SVM-scoped objects.

trace_allowed_ops

boolean

Specifies if the filter can trace file access denied and allowed events. The value of trace-allow is false by default, and it traces access denied events. The value is set to true for tracing access allowed events.

unix_user

string

Specifies the UNIX username whose access requests you want to trace. The filter would match only if the request is received with this user.

windows_user

string

Specifies the Windows username whose access requests you want to trace. The filter would match only if the request is received with this user.

node

Name Type Description

_links

_links

name

string

uuid

string

reason

Displays the allowed or denied reason for the file access tracing events that are generated.

Name Type Description

message

string

The error message.

share

Name Type Description

_links

_links

name

string

Share name

volume

Name Type Description

_links

_links

name

string

The name of the volume.

uuid

string

Unique identifier for the volume. This corresponds to the instance-uuid that is exposed in the CLI and ONTAPI. It does not change due to a volume move.

  • example: 028baa66-41bd-11e9-81d5-00a0986138f7

  • Introduced in: 9.6

file_access_event

ONTAP generates the list of file access tracing records stored on the cluster. These records are generated in response to security trace filters applied. The list of trace events recorded depends on the parameters configured for the filter.

Name Type Description

_links

_links

create_time

string

Specifies the time at which the trace event entry was generated.

filter

file_access_filter

ONTAP allows creation of filters for file access tracing for both CIFS and NFS. These filters have protocols, path, username and client IP based on which file access operations are logged.

  • Introduced in: 9.8

index

integer

Specifies the sequence number of the security trace event.

node

node

reason

reason

Displays the allowed or denied reason for the file access tracing events that are generated.

session_id

integer

Specifies the CIFS session ID for the file access trace event, this is generated only for CIFS file accesses.

share

share

svm

svm_reference

SVM, applies only to SVM-scoped objects.

volume

volume

error_arguments

Name Type Description

code

string

Argument code

message

string

Message argument

error

Name Type Description

arguments

array[error_arguments]

Message arguments

code

string

Error code

message

string

Error message

target

string

The target parameter that caused the error.