REST API reference
Retrieve trace results for access allowed or denied events
Suggest changes
PDFs
GET /protocols/file-access-tracing/events
Introduced In: 9.8
Retrieves the trace results for access allowed or denied events.
Related ONTAP commands
-
vserver security trace trace-result show
Parameters
| Name | Type | In | Required | Description |
|---|---|---|---|---|
index |
integer |
query |
False |
Filter by index |
create_time |
string |
query |
False |
Filter by create_time |
volume.name |
string |
query |
False |
Filter by volume.name |
volume.uuid |
string |
query |
False |
Filter by volume.uuid |
filter.svm.uuid |
string |
query |
False |
Filter by filter.svm.uuid |
filter.svm.name |
string |
query |
False |
Filter by filter.svm.name |
filter.windows_user |
string |
query |
False |
Filter by filter.windows_user |
filter.protocol |
string |
query |
False |
Filter by filter.protocol |
filter.enabled |
boolean |
query |
False |
Filter by filter.enabled |
filter.index |
integer |
query |
False |
Filter by filter.index |
filter.unix_user |
string |
query |
False |
Filter by filter.unix_user |
filter.client_ip |
string |
query |
False |
Filter by filter.client_ip |
filter.trace_allowed_ops |
boolean |
query |
False |
Filter by filter.trace_allowed_ops |
filter.path |
string |
query |
False |
Filter by filter.path |
share.name |
string |
query |
False |
Filter by share.name |
session_id |
integer |
query |
False |
Filter by session_id |
node.name |
string |
query |
False |
Filter by node.name |
node.uuid |
string |
query |
False |
Filter by node.uuid |
svm.uuid |
string |
query |
False |
Filter by svm.uuid |
svm.name |
string |
query |
False |
Filter by svm.name |
reason.message |
string |
query |
False |
Filter by reason.message |
fields |
array[string] |
query |
False |
Specify the fields to return. |
max_records |
integer |
query |
False |
Limit the number of records returned. |
return_records |
boolean |
query |
False |
The default is true for GET calls. When set to false, only the number of records is returned.
|
return_timeout |
integer |
query |
False |
The number of seconds to allow the call to execute before returning. When iterating over a collection, the default is 15 seconds. ONTAP returns earlier if either max records or the end of the collection is reached.
|
order_by |
array[string] |
query |
False |
Order results by specified fields and optional [asc |
Response
Status: 200, Ok| Name | Type | Description |
|---|---|---|
_links |
||
num_records |
integer |
Number of records |
records |
array[file_access_event] |
Example response
{
"_links": {
"next": {
"href": "/api/resourcelink"
},
"self": {
"href": "/api/resourcelink"
}
},
"records": {
"_links": {
"self": {
"href": "/api/resourcelink"
}
},
"create_time": "2018-06-04T19:00:00Z",
"filter": {
"client_ip": "10.140.68.143",
"index": "1",
"path": "/dir1/dir2",
"protocol": "cifs",
"svm": {
"_links": {
"self": {
"href": "/api/resourcelink"
}
},
"name": "svm1",
"uuid": "02c9e252-41be-11e9-81d5-00a0986138f7"
},
"unix_user": "root",
"windows_user": "cifs1/administrator"
},
"index": "1",
"node": {
"_links": {
"self": {
"href": "/api/resourcelink"
}
},
"name": "node1",
"uuid": "1cd8a442-86d1-11e0-ae1c-123478563412"
},
"reason": {
"message": "Access is allowed because the operation is trusted and no security is configured."
},
"session_id": "2628976282477527056",
"share": {
"_links": {
"self": {
"href": "/api/resourcelink"
}
},
"name": "sh1"
},
"svm": {
"_links": {
"self": {
"href": "/api/resourcelink"
}
},
"name": "svm1",
"uuid": "02c9e252-41be-11e9-81d5-00a0986138f7"
},
"volume": {
"_links": {
"self": {
"href": "/api/resourcelink"
}
},
"name": "volume1",
"uuid": "028baa66-41bd-11e9-81d5-00a0986138f7"
}
}
}Error
Status: Default, Error| Name | Type | Description |
|---|---|---|
error |
Example error
{
"error": {
"arguments": {
"code": "string",
"message": "string"
},
"code": "4",
"message": "entry doesn't exist",
"target": "uuid"
}
}Definitions
See Definitions
href
| Name | Type | Description |
|---|---|---|
href |
string |
collection_links
| Name | Type | Description |
|---|---|---|
next |
||
self |
_links
| Name | Type | Description |
|---|---|---|
self |
svm_reference
SVM, applies only to SVM-scoped objects.
| Name | Type | Description |
|---|---|---|
_links |
||
name |
string |
The name of the SVM. |
uuid |
string |
The unique identifier of the SVM. |
file_access_filter
ONTAP allows creation of filters for file access tracing for both CIFS and NFS. These filters have protocols, path, username and client IP based on which file access operations are logged.
| Name | Type | Description |
|---|---|---|
client_ip |
string |
Specifies the IP address from which the client accesses the file or directory. |
enabled |
boolean |
Specifies whether to enable or disable the filter. Filters are enabled by default and are deleted after 60 mins. |
index |
integer |
Position of the file access tracing filter. |
path |
string |
Specifies the path for which permission tracing can be applied. The value can be complete path from root of CIFS share or root of volume for NFS. |
protocol |
string |
Specifies the protocol for which permission trace is required. |
svm |
SVM, applies only to SVM-scoped objects. |
|
trace_allowed_ops |
boolean |
Specifies if the filter can trace file access denied and allowed events. The value of trace-allow is false by default, and it traces access denied events. The value is set to true for tracing access allowed events. |
unix_user |
string |
Specifies the UNIX username whose access requests you want to trace. The filter would match only if the request is received with this user. |
windows_user |
string |
Specifies the Windows username whose access requests you want to trace. The filter would match only if the request is received with this user. |
node
| Name | Type | Description |
|---|---|---|
_links |
||
name |
string |
|
uuid |
string |
reason
Displays the allowed or denied reason for the file access tracing events that are generated.
| Name | Type | Description |
|---|---|---|
message |
string |
The error message. |
| Name | Type | Description |
|---|---|---|
_links |
||
name |
string |
Share name |
volume
| Name | Type | Description |
|---|---|---|
_links |
||
name |
string |
The name of the volume. |
uuid |
string |
Unique identifier for the volume. This corresponds to the instance-uuid that is exposed in the CLI and ONTAPI. It does not change due to a volume move.
|
file_access_event
ONTAP generates the list of file access tracing records stored on the cluster. These records are generated in response to security trace filters applied. The list of trace events recorded depends on the parameters configured for the filter.
| Name | Type | Description |
|---|---|---|
_links |
||
create_time |
string |
Specifies the time at which the trace event entry was generated. |
filter |
ONTAP allows creation of filters for file access tracing for both CIFS and NFS. These filters have protocols, path, username and client IP based on which file access operations are logged.
|
|
index |
integer |
Specifies the sequence number of the security trace event. |
node |
||
reason |
Displays the allowed or denied reason for the file access tracing events that are generated. |
|
session_id |
integer |
Specifies the CIFS session ID for the file access trace event, this is generated only for CIFS file accesses. |
share |
||
svm |
SVM, applies only to SVM-scoped objects. |
|
volume |
error_arguments
| Name | Type | Description |
|---|---|---|
code |
string |
Argument code |
message |
string |
Message argument |
error
| Name | Type | Description |
|---|---|---|
arguments |
array[error_arguments] |
Message arguments |
code |
string |
Error code |
message |
string |
Error message |
target |
string |
The target parameter that caused the error. |