Skip to main content
A newer release of this product is available.

Retrieve the audit configuration for an SVM

Contributors
PDFs

GET /protocols/audit/{svm.uuid}

Introduced In: 9.6

Retrieves an audit configuration for an SVM.

  • vserver audit show

Learn more

Parameters

Name Type In Required Description

svm.uuid

string

path

True

UUID of the SVM to which this object belongs.

fields

array[string]

query

False

Specify the fields to return.

Response

Status: 200, Ok
Name Type Description

enabled

boolean

Specifies whether or not auditing is enabled on the SVM.

events

events

log

log

log_path

string

The audit log destination path where consolidated audit logs are stored.

svm

svm
Example response 
{
  "log": {
    "_links": {
      "self": {
        "href": "/api/resourcelink"
      }
    },
    "format": "string",
    "retention": {
      "duration": "P4DT12H30M5S"
    },
    "rotation": {
      "schedule": {
        "days": [
          "integer"
        ],
        "hours": [
          "integer"
        ],
        "minutes": [
          "integer"
        ],
        "months": [
          "integer"
        ],
        "weekdays": [
          "integer"
        ]
      }
    }
  },
  "log_path": "string",
  "svm": {
    "_links": {
      "self": {
        "href": "/api/resourcelink"
      }
    },
    "name": "svm1",
    "uuid": "02c9e252-41be-11e9-81d5-00a0986138f7"
  }
}

Error

Status: Default, Error
Name Type Description

error

error
Example error 
{
  "error": {
    "arguments": [
      {
        "code": "string",
        "message": "string"
      }
    ],
    "code": "4",
    "message": "entry doesn't exist",
    "target": "uuid"
  }
}

Definitions

See Definitions

events

Name Type Description

authorization_policy

boolean

Authorization policy change events

cap_staging

boolean

Central access policy staging events

cifs_logon_logoff

boolean

CIFS logon and logoff events

file_operations

boolean

File operation events

file_share

boolean

File share category events

security_group

boolean

Local security group management events

user_account

boolean

Local user account management events

href

Name Type Description

href

string

_links

Name Type Description

self

href

retention

Name Type Description

count

integer

Determines how many audit log files to retain before rotating the oldest log file out. This is mutually exclusive with duration.

duration

string

Specifies an ISO-8601 format date and time to retain the audit log file. The audit log files are deleted once they reach the specified date/time. This is mutually exclusive with count.

audit_schedule

Rotates the audit logs based on a schedule by using the time-based rotation parameters in any combination. The rotation schedule is calculated by using all the time-related values.

Name Type Description

days

array[integer]

Specifies the day of the month schedule to rotate audit log. Leave empty for all.

hours

array[integer]

Specifies the hourly schedule to rotate audit log. Leave empty for all.

minutes

array[integer]

Specifies the minutes schedule to rotate the audit log.

months

array[integer]

Specifies the months schedule to rotate audit log. Leave empty for all.

weekdays

array[integer]

Specifies the weekdays schedule to rotate audit log. Leave empty for all.

rotation

Audit event log files are rotated when they reach a configured threshold log size or are on a configured schedule. When an event log file is rotated, the scheduled consolidation task first renames the active converted file to a time-stamped archive file, and then creates a new active converted event log file.

Name Type Description

now

boolean

Manually rotates the audit logs. Optional in PATCH only. Not available in POST.

schedule

audit_schedule

Rotates the audit logs based on a schedule by using the time-based rotation parameters in any combination. The rotation schedule is calculated by using all the time-related values.

size

integer

Rotates logs based on log size in bytes.

log

Name Type Description

_links

_links

format

string

The format in which the logs are generated by consolidation process. Possible values are:

  • xml - Data ONTAP-specific XML log format

  • evtx - Microsoft Windows EVTX log format

    • Default value: 1

    • enum: ["xml", "evtx"]

    • Introduced in: 9.6

retention

retention

rotation

rotation

Audit event log files are rotated when they reach a configured threshold log size or are on a configured schedule. When an event log file is rotated, the scheduled consolidation task first renames the active converted file to a time-stamped archive file, and then creates a new active converted event log file.

svm

Name Type Description

_links

_links

name

string

The name of the SVM.

uuid

string

The unique identifier of the SVM.

error_arguments

Name Type Description

code

string

Argument code

message

string

Message argument

error

Name Type Description

arguments

array[error_arguments]

Message arguments

code

string

Error code

message

string

Error message

target

string

The target parameter that caused the error.