REST API reference
Define a remote syslog or splunk server to receive audit information
Suggest changes
-
PDF of this doc site
Collection of separate PDF docs
Creating your file...
GET /security/audit/destinations
Introduced In: 9.6
Defines a remote syslog/splunk server for sending audit information to.
Parameters
| Name | Type | In | Required | Description |
|---|---|---|---|---|
verify_server |
boolean |
query |
False |
Filter by verify_server |
port |
integer |
query |
False |
Filter by port |
facility |
string |
query |
False |
Filter by facility |
protocol |
string |
query |
False |
Filter by protocol |
address |
string |
query |
False |
Filter by address |
order_by |
array[string] |
query |
False |
Order results by specified fields and optional [asc |
desc] direction. Default direction is 'asc' for ascending. |
fields |
array[string] |
query |
False |
Specify the fields to return. |
max_records |
integer |
query |
False |
Limit the number of records returned. |
return_timeout |
integer |
query |
False |
The number of seconds to allow the call to execute before returning. When iterating over a collection, the default is 15 seconds. ONTAP returns earlier if either max records or the end of the collection is reached.
|
return_records |
boolean |
query |
False |
Response
Status: 200, Ok| Name | Type | Description |
|---|---|---|
_links |
||
num_records |
integer |
Number of records |
records |
array[security_audit_log_forward] |
Example response
{
"_links": {
"next": {
"href": "/api/resourcelink"
},
"self": {
"href": "/api/resourcelink"
}
},
"records": {
"facility": "kern",
"protocol": "udp_unencrypted"
}
}Error
Status: Default, Error| Name | Type | Description |
|---|---|---|
error |
Example error
{
"error": {
"arguments": {
"code": "string",
"message": "string"
},
"code": "4",
"message": "entry doesn't exist",
"target": "uuid"
}
}Definitions
See Definitions
href
| Name | Type | Description |
|---|---|---|
href |
string |
_links
| Name | Type | Description |
|---|---|---|
next |
||
self |
security_audit_log_forward
| Name | Type | Description |
|---|---|---|
address |
string |
Destination syslog|splunk host to forward audit records to. This can be an IP address (IPv4|IPv6) or a hostname. |
facility |
string |
This is the standard Syslog Facility value that is used when sending audit records to a remote server. |
port |
integer |
Destination Port. The default port depends on the protocol chosen: For un-encrypted destinations the default port is 514. For encrypted destinations the default port is 6514. |
protocol |
string |
Log forwarding protocol |
verify_server |
boolean |
This is only applicable when the protocol is tcp_encrypted. This controls whether the remote server's certificate is validated. Setting "verify_server" to "true" will enforce validation of remote server's certificate. Setting "verify_server" to "false" will not enforce validation of remote server's certificate. |
error_arguments
| Name | Type | Description |
|---|---|---|
code |
string |
Argument code |
message |
string |
Message argument |
error
| Name | Type | Description |
|---|---|---|
arguments |
array[error_arguments] |
Message arguments |
code |
string |
Error code |
message |
string |
Error message |
target |
string |
The target parameter that caused the error. |