REST API reference
Retrieve the administrative audit log viewer
Suggest changes
-
PDF of this doc site
Collection of separate PDF docs
Creating your file...
GET /security/audit/messages
Introduced In: 9.6
Retrieves the administrative audit log viewer.
Parameters
| Name | Type | In | Required | Description |
|---|---|---|---|---|
scope |
string |
query |
False |
Filter by scope |
location |
string |
query |
False |
Filter by location |
input |
string |
query |
False |
Filter by input |
timestamp |
string |
query |
False |
Filter by timestamp |
index |
integer |
query |
False |
Filter by index |
state |
string |
query |
False |
Filter by state |
command_id |
string |
query |
False |
Filter by command_id |
user |
string |
query |
False |
Filter by user |
application |
string |
query |
False |
Filter by application |
svm.name |
string |
query |
False |
Filter by svm.name |
message |
string |
query |
False |
Filter by message |
session_id |
string |
query |
False |
Filter by session_id |
node.name |
string |
query |
False |
Filter by node.name |
node.uuid |
string |
query |
False |
Filter by node.uuid |
fields |
array[string] |
query |
False |
Specify the fields to return. |
max_records |
integer |
query |
False |
Limit the number of records returned. |
return_timeout |
integer |
query |
False |
The number of seconds to allow the call to execute before returning. When iterating over a collection, the default is 15 seconds. ONTAP returns earlier if either max records or the end of the collection is reached.
|
return_records |
boolean |
query |
False |
The default is true for GET calls. When set to false, only the number of records is returned.
|
order_by |
array[string] |
query |
False |
Order results by specified fields and optional [asc |
Response
Status: 200, Ok| Name | Type | Description |
|---|---|---|
_links |
||
num_records |
integer |
Number of records |
records |
array[security_audit_log] |
Example response
{
"_links": {
"next": {
"href": "/api/resourcelink"
},
"self": {
"href": "/api/resourcelink"
}
},
"records": {
"_links": {
"self": {
"href": "/api/resourcelink"
}
},
"application": "internal",
"command_id": "string",
"index": 0,
"input": "string",
"location": "string",
"message": "string",
"node": {
"_links": {
"self": {
"href": "/api/resourcelink"
}
},
"name": "node1",
"uuid": "1cd8a442-86d1-11e0-ae1c-123478563412"
},
"scope": "svm",
"session_id": "string",
"state": "pending",
"timestamp": "string",
"user": "string"
}
}Error
Status: Default, Error| Name | Type | Description |
|---|---|---|
error |
Example error
{
"error": {
"arguments": {
"code": "string",
"message": "string"
},
"code": "4",
"message": "entry doesn't exist",
"target": "uuid"
}
}Definitions
See Definitions
href
| Name | Type | Description |
|---|---|---|
href |
string |
_links
| Name | Type | Description |
|---|---|---|
next |
||
self |
_links
| Name | Type | Description |
|---|---|---|
self |
node
Node where the audit message resides.
| Name | Type | Description |
|---|---|---|
_links |
||
name |
string |
|
uuid |
string |
svm
This is the SVM through which the user connected.
| Name | Type | Description |
|---|---|---|
name |
string |
security_audit_log
| Name | Type | Description |
|---|---|---|
_links |
||
application |
string |
This identifies the "application" by which the request was processed. |
command_id |
string |
This is the command ID for this request. Each command received on a CLI session is assigned a command ID. This enables you to correlate a request and response. |
index |
integer |
Internal index for accessing records with same time/node. This is a 64 bit unsigned value. |
input |
string |
The request. |
location |
string |
This identifies the location of the remote user. This is an IP address or "console". |
message |
string |
This is an optional field that might contain "error" or "additional information" about the status of a command. |
node |
Node where the audit message resides. |
|
scope |
string |
Set to "svm" when the request is on a data SVM; otherwise set to "cluster". |
session_id |
string |
This is the session ID on which the request is received. Each SSH session is assigned a session ID. Each http/ontapi/snmp request is assigned a unique session ID. |
state |
string |
State of of this request. |
svm |
This is the SVM through which the user connected. |
|
timestamp |
string |
Log entry timestamp. Valid in URL |
user |
string |
Username of the remote user. |
error_arguments
| Name | Type | Description |
|---|---|---|
code |
string |
Argument code |
message |
string |
Message argument |
error
| Name | Type | Description |
|---|---|---|
arguments |
array[error_arguments] |
Message arguments |
code |
string |
Error code |
message |
string |
Error message |
target |
string |
The target parameter that caused the error. |