Retrieve the Vscan configuration
GET /protocols/vscan
Introduced In: 9.6
Retrieves the Vscan configuration. This includes scanner-pools, On-Access policies, On-Demand policies, and information about whether a Vscan is enabled or disabled on an SVM.
Important notes:
-
You can enable only one Vscan configuration at a time for an SVM.
-
You can only query using
svm.uuid
orsvm.name
.
Related ONTAP commands
-
vserver vscan show
-
vserver vscan scanner-pool show
-
vserver vscan scanner-pool servers show
-
vserver vscan scanner-pool privileged-users show
-
vserver vscan scanner-pool show-active
-
vserver vscan on-access-policy show
-
vserver vscan on-access-policy file-ext-to-exclude show
-
vserver vscan on-access-policy file-ext-to-include show
-
vserver vscan on-access-policy paths-to-exclude show
-
vserver vscan on-demand-task show
Parameters
Name | Type | In | Required | Description |
---|---|---|---|---|
on_access_policies.name |
string |
query |
False |
Filter by on_access_policies.name |
on_access_policies.scope.only_execute_access |
boolean |
query |
False |
Filter by on_access_policies.scope.only_execute_access |
on_access_policies.scope.include_extensions |
string |
query |
False |
Filter by on_access_policies.scope.include_extensions |
on_access_policies.scope.exclude_extensions |
string |
query |
False |
Filter by on_access_policies.scope.exclude_extensions |
on_access_policies.scope.scan_readonly_volumes |
boolean |
query |
False |
Filter by on_access_policies.scope.scan_readonly_volumes |
on_access_policies.scope.exclude_paths |
string |
query |
False |
Filter by on_access_policies.scope.exclude_paths |
on_access_policies.scope.max_file_size |
integer |
query |
False |
Filter by on_access_policies.scope.max_file_size |
on_access_policies.scope.scan_without_extension |
boolean |
query |
False |
Filter by on_access_policies.scope.scan_without_extension |
on_access_policies.mandatory |
boolean |
query |
False |
Filter by on_access_policies.mandatory |
on_access_policies.enabled |
boolean |
query |
False |
Filter by on_access_policies.enabled |
enabled |
boolean |
query |
False |
Filter by enabled |
on_demand_policies.scan_paths |
string |
query |
False |
Filter by on_demand_policies.scan_paths |
on_demand_policies.log_path |
string |
query |
False |
Filter by on_demand_policies.log_path |
on_demand_policies.scope.include_extensions |
string |
query |
False |
Filter by on_demand_policies.scope.include_extensions |
on_demand_policies.scope.scan_without_extension |
boolean |
query |
False |
Filter by on_demand_policies.scope.scan_without_extension |
on_demand_policies.scope.max_file_size |
integer |
query |
False |
Filter by on_demand_policies.scope.max_file_size |
on_demand_policies.scope.exclude_paths |
string |
query |
False |
Filter by on_demand_policies.scope.exclude_paths |
on_demand_policies.scope.exclude_extensions |
string |
query |
False |
Filter by on_demand_policies.scope.exclude_extensions |
on_demand_policies.schedule.name |
string |
query |
False |
Filter by on_demand_policies.schedule.name |
on_demand_policies.schedule.uuid |
string |
query |
False |
Filter by on_demand_policies.schedule.uuid |
on_demand_policies.name |
string |
query |
False |
Filter by on_demand_policies.name |
scanner_pools.cluster.name |
string |
query |
False |
Filter by scanner_pools.cluster.name |
scanner_pools.cluster.uuid |
string |
query |
False |
Filter by scanner_pools.cluster.uuid |
scanner_pools.role |
string |
query |
False |
Filter by scanner_pools.role |
scanner_pools.privileged_users |
string |
query |
False |
Filter by scanner_pools.privileged_users |
scanner_pools.name |
string |
query |
False |
Filter by scanner_pools.name |
scanner_pools.servers |
string |
query |
False |
Filter by scanner_pools.servers |
svm.uuid |
string |
query |
False |
Filter by svm.uuid |
svm.name |
string |
query |
False |
Filter by svm.name |
fields |
array[string] |
query |
False |
Specify the fields to return. |
max_records |
integer |
query |
False |
Limit the number of records returned. |
return_records |
boolean |
query |
False |
The default is true for GET calls. When set to false, only the number of records is returned.
|
return_timeout |
integer |
query |
False |
The number of seconds to allow the call to execute before returning. When iterating over a collection, the default is 15 seconds. ONTAP returns earlier if either max records or the end of the collection is reached.
|
order_by |
array[string] |
query |
False |
Order results by specified fields and optional [asc |
Response
Status: 200, Ok
Name | Type | Description |
---|---|---|
_links |
||
num_records |
integer |
Number of records |
records |
array[vscan] |
Example response
{
"_links": {
"next": {
"href": "/api/resourcelink"
},
"self": {
"href": "/api/resourcelink"
}
},
"records": [
{
"_links": {
"self": {
"href": "/api/resourcelink"
}
},
"on_access_policies": [
{
"name": "on-access-test",
"scope": {
"exclude_extensions": [
"mp*",
"txt"
],
"exclude_paths": [
"\\dir1\\dir2\\name",
"\\vol\\a b",
"\\vol\\a,b\\"
],
"include_extensions": [
"mp*",
"txt"
],
"max_file_size": "2147483648"
}
}
],
"on_demand_policies": [
{
"log_path": "/vol0/report_dir",
"name": "task-1",
"scan_paths": [
"/vol1/",
"/vol2/cifs/"
],
"schedule": {
"_links": {
"self": {
"href": "/api/resourcelink"
}
},
"name": "weekly",
"uuid": "1cd8a442-86d1-11e0-ae1c-123478563412"
},
"scope": {
"exclude_extensions": [
"mp3",
"mp4"
],
"exclude_paths": [
"/vol1/cold-files/",
"/vol1/cifs/names"
],
"include_extensions": [
"vmdk",
"mp*"
],
"max_file_size": "10737418240"
}
}
],
"scanner_pools": [
{
"cluster": {
"_links": {
"self": {
"href": "/api/resourcelink"
}
},
"name": "cluster1",
"uuid": "1cd8a442-86d1-11e0-ae1c-123478563412"
},
"name": "scanner-1",
"privileged_users": [
"cifs\\u1",
"cifs\\u2"
],
"role": "string",
"servers": [
"1.1.1.1",
"10.72.204.27",
"vmwin204-27.fsct.nb"
]
}
],
"svm": {
"_links": {
"self": {
"href": "/api/resourcelink"
}
},
"name": "svm1",
"uuid": "02c9e252-41be-11e9-81d5-00a0986138f7"
}
}
]
}
Error
Status: Default, Error
Name | Type | Description |
---|---|---|
error |
Example error
{
"error": {
"arguments": [
{
"code": "string",
"message": "string"
}
],
"code": "4",
"message": "entry doesn't exist",
"target": "uuid"
}
}
Definitions
See Definitions
href
Name | Type | Description |
---|---|---|
href |
string |
_links
Name | Type | Description |
---|---|---|
next |
||
self |
_links
Name | Type | Description |
---|---|---|
self |
scope
Name | Type | Description |
---|---|---|
exclude_extensions |
array[string] |
List of file extensions for which scanning is not performed. |
exclude_paths |
array[string] |
List of file paths for which scanning must not be performed. |
include_extensions |
array[string] |
List of file extensions to be scanned. |
max_file_size |
integer |
Maximum file size, in bytes, allowed for scanning. |
only_execute_access |
boolean |
Scan only files opened with execute-access. |
scan_readonly_volumes |
boolean |
Specifies whether or not read-only volume can be scanned. |
scan_without_extension |
boolean |
Specifies whether or not files without any extension can be scanned. |
vscan_on_access
An On-Access policy that defines the scope of an On-Access scan. Use On-Access scanning to check for viruses when clients open, read, rename, or close files over CIFS. By default, ONTAP creates an On-Access policy named "default_CIFS" and enables it for all the SVMs in a cluster.
Name | Type | Description |
---|---|---|
enabled |
boolean |
Status of the On-Access Vscan policy |
mandatory |
boolean |
Specifies if scanning is mandatory. File access is denied if there are no external virus-scanning servers available for virus scanning. |
name |
string |
On-Access policy ame |
scope |
schedule
Schedule of the task.
Name | Type | Description |
---|---|---|
_links |
||
name |
string |
Job schedule name |
uuid |
string |
Job schedule UUID |
scope
Name | Type | Description |
---|---|---|
exclude_extensions |
array[string] |
List of file extensions for which scanning is not performed. |
exclude_paths |
array[string] |
List of file paths for which scanning must not be performed. |
include_extensions |
array[string] |
List of file extensions to be scanned. |
max_file_size |
integer |
Maximum file size, in bytes, allowed for scanning. |
scan_without_extension |
boolean |
Specifies whether or not files without any extension can be scanned. |
vscan_on_demand
Use On-Demand scanning to check files for viruses on a schedule. An On-Demand policy defines the scope of an On-Demand scan.
Name | Type | Description |
---|---|---|
log_path |
string |
The path from the Vserver root where the task report is created. |
name |
string |
On-Demand task name |
scan_paths |
array[string] |
List of paths that need to be scanned. |
schedule |
Schedule of the task. |
|
scope |
cluster_reference
Name | Type | Description |
---|---|---|
_links |
||
name |
string |
|
uuid |
string |
vscan_scanner_pool
Scanner pool is a set of attributes which are used to validate and manage connections between clustered ONTAP and external virus-scanning server, or "Vscan server".
Name | Type | Description |
---|---|---|
cluster |
||
name |
string |
Specifies the name of the scanner pool. Scanner pool name can be up to 256 characters long and is a string that can only contain any combination of ASCII-range alphanumeric characters a-z, A-Z, 0-9), "_", "-" and ".". |
privileged_users |
array[string] |
Specifies a list of privileged users. A valid form of privileged user-name is "domain-name\user-name". Privileged user-names are stored and treated as case-insensitive strings. Virus scanners must use one of the registered privileged users for connecting to clustered Data ONTAP for exchanging virus-scanning protocol messages and to access file for scanning, remedying and quarantining operations.
|
role |
string |
Specifies the role of the scanner pool. The possible values are:
|
servers |
array[string] |
Specifies a list of IP addresses or FQDN for each Vscan server host names which are allowed to connect to clustered ONTAP.
|
svm
SVM, applies only to SVM-scoped objects.
Name | Type | Description |
---|---|---|
_links |
||
name |
string |
The name of the SVM. |
uuid |
string |
The unique identifier of the SVM. |
vscan
Vscan can be used to protect data from being compromised by viruses or other malicious code. This combines best-in-class third-party antivirus software with ONTAP features that give you the flexibility you need to control which files get scanned and when. Storage systems offload scanning operations to external servers hosting antivirus software from thirdparty vendors. An Antivirus Connector on the external server handles communications between the storage system and the antivirus software.
Name | Type | Description |
---|---|---|
_links |
||
cache_clear |
boolean |
Discards the cached information of the files that have been successfully scanned. Once the cache is cleared, files are scanned again when they are accessed. PATCH only |
enabled |
boolean |
Specifies whether or not Vscan is enabled on the SVM. |
on_access_policies |
array[vscan_on_access] |
|
on_demand_policies |
array[vscan_on_demand] |
|
scanner_pools |
array[vscan_scanner_pool] |
|
svm |
SVM, applies only to SVM-scoped objects. |
error_arguments
Name | Type | Description |
---|---|---|
code |
string |
Argument code |
message |
string |
Message argument |
error
Name | Type | Description |
---|---|---|
arguments |
array[error_arguments] |
Message arguments |
code |
string |
Error code |
message |
string |
Error message |
target |
string |
The target parameter that caused the error. |