Create an S3 audit configuration
POST /protocols/audit/{svm.uuid}/object-store
Introduced In: 9.10
Creates an S3 audit configuration.
Required properties
- Path in the owning SVM namespace that is used to store audit logs.
Default property values
If not specified in POST, the following default property values are assigned:
- true -
- true -
- false -
- json -
- 0 -
- PT0S -
- 100MB -
- false
Related ONTAP commands
vserver object-store-server audit create
vserver object-store-server audit enable
Learn more
Name | Type | In | Required | Description |
return_timeout |
integer |
query |
False |
The number of seconds to allow the call to execute before returning. When doing a POST, PATCH, or DELETE operation on a single record, the default is 0 seconds. This means that if an asynchronous operation is started, the server immediately returns HTTP code 202 (Accepted) along with a link to the job. If a non-zero value is specified for POST, PATCH, or DELETE operations, ONTAP waits that length of time to see if the job completes so it can return something other than 202.
svm.uuid |
string |
path |
True |
UUID of the SVM to which this object belongs. |
Request Body
Name | Type | Description |
enabled |
boolean |
Specifies whether or not auditing is enabled on the SVM. |
events |
log |
log_path |
string |
The audit log destination path where consolidated audit logs are stored. |
svm |
SVM, applies only to SVM-scoped objects. |
Example request
"log": {
"_links": {
"self": {
"href": "/api/resourcelink"
"format": "string",
"retention": {
"duration": "P4DT12H30M5S"
"rotation": {
"schedule": {
"days": [
"hours": [
"minutes": [
"months": [
"weekdays": [
"log_path": "string",
"svm": {
"_links": {
"self": {
"href": "/api/resourcelink"
"name": "svm1",
"uuid": "02c9e252-41be-11e9-81d5-00a0986138f7"
Status: 202, Accepted
Name | Type | Description |
_links |
num_records |
integer |
Number of records |
records |
array[s3_audit] |
Example response
"_links": {
"next": {
"href": "/api/resourcelink"
"self": {
"href": "/api/resourcelink"
"num_records": 1,
"records": [
"log": {
"_links": {
"self": {
"href": "/api/resourcelink"
"format": "string",
"retention": {
"duration": "P4DT12H30M5S"
"rotation": {
"schedule": {
"days": [
"hours": [
"minutes": [
"months": [
"weekdays": [
"log_path": "string",
"svm": {
"_links": {
"self": {
"href": "/api/resourcelink"
"name": "svm1",
"uuid": "02c9e252-41be-11e9-81d5-00a0986138f7"
Name | Description | Type |
Location |
Useful for tracking the resource location |
string |
Status: 201, Created
Status: Default
ONTAP Error Response Codes
Error Code | Description |
140902401 |
Failed to create an audit configuration for the SVM. |
140902402 |
Audit configuration is already present. |
140902402 |
Audit configuration is already enabled. |
140902403 |
Failed to create staging volume. |
140902415 |
Failed to modify an audit configuration because no audit configuration exists for the SVM. |
140902416 |
Failed to modify audit configuration for SVM. |
140902422 |
Final consolidation is in progress, audit delete failed. |
140902423 |
Failed to delete the audit configuration for the SVM. |
140902425 |
Audit configuration is not available for disabling. |
140902430 |
Audit configuration is not available for enabling. |
140902431 |
Audit enable failed, audit configuration already enabled for the SVM. |
140902432 |
Final consolidation is in progress, audit enable failed. |
140902445 |
Audit disable failed, audit configuration does not exist for the SVM. |
140902446 |
Audit disable failed, audit configuration does not exist for the SVM. |
140902447 |
Audit disable failed. |
140902456 |
The specified log_path does not exist. |
140902457 |
The log_path must be a directory. |
140902458 |
The log_path must be a canonical path in the SVM's namespace. |
140902459 |
The log_path cannot be empty. |
140902460 |
Rotate size must be greater than or equal to 1024 KB. |
140902461 |
The destination path must not contain a symbolic link. |
140902470 |
The log_path exceeds a maximum supported length of characters. |
140902471 |
The log_path contains an unsupported read-only (DP/LS) volume. |
140902472 |
The log_path is not a valid destination for the SVM. |
140902474 |
The log_path contains an unsupported Snaplock volume. |
140902478 |
The log_path validation failed. |
140902478 |
The log_path cannot be accessed for validation. |
140902490 |
Audit configuration is absent for rotate. |
140902491 |
Failed to rotate audit log. |
140902492 |
Cannot rotate audit log, auditing is not enabled for this SVM. |
Also see the table of common errors in the Response body overview section of this documentation. ONTAP Error Response Codes
Error Code | Description |
262186 |
Field "log.retention.duration" cannot be used with field "log.retention.count" |
9699340 |
SVM UUID lookup failed |
9699407 |
Additional fields are provided |
Name | Type | Description |
error |
Example error
"error": {
"arguments": [
"code": "string",
"message": "string"
"code": "4",
"message": "entry doesn't exist",
"target": "uuid"
See Definitions
Name | Type | Description |
data |
boolean |
Data events |
management |
boolean |
Management events |
Name | Type | Description |
href |
string |
Name | Type | Description |
self |
Name | Type | Description |
count |
integer |
Determines how many audit log files to retain before rotating the oldest log file out. This is mutually exclusive with "duration". |
duration |
string |
Specifies an ISO-8601 format date and time to retain the audit log file. The audit log files are deleted once they reach the specified date/time. This is mutually exclusive with "count". |
Rotates the audit logs based on a schedule by using the time-based rotation parameters in any combination. The rotation schedule is calculated by using all the time-related values.
Name | Type | Description |
days |
array[integer] |
Specifies the day of the month schedule to rotate audit log. Leave empty for all. |
hours |
array[integer] |
Specifies the hourly schedule to rotate audit log. Leave empty for all. |
minutes |
array[integer] |
Specifies the minutes schedule to rotate the audit log. |
months |
array[integer] |
Specifies the months schedule to rotate audit log. Leave empty for all. |
weekdays |
array[integer] |
Specifies the weekdays schedule to rotate audit log. Leave empty for all. |
Audit event log files are rotated when they reach a configured threshold log size or are on a configured schedule. When an event log file is rotated, the scheduled consolidation task first renames the active converted file to a time-stamped archive file, and then creates a new active converted event log file.
Name | Type | Description |
now |
boolean |
Manually rotates the audit logs. Optional in PATCH only. Not available in POST. |
schedule |
Rotates the audit logs based on a schedule by using the time-based rotation parameters in any combination. The rotation schedule is calculated by using all the time-related values. |
size |
integer |
Rotates logs based on log size in bytes. |
Name | Type | Description |
_links |
format |
string |
Format in which the logs are generated by the consolidation process. Possible values are:
retention |
rotation |
Audit event log files are rotated when they reach a configured threshold log size or are on a configured schedule. When an event log file is rotated, the scheduled consolidation task first renames the active converted file to a time-stamped archive file, and then creates a new active converted event log file. |
SVM, applies only to SVM-scoped objects.
Name | Type | Description |
_links |
name |
string |
The name of the SVM. This field cannot be specified in a PATCH method. |
uuid |
string |
The unique identifier of the SVM. This field cannot be specified in a PATCH method. |
Auditing for NAS events is a security measure that enables you to track and log certain S3 events on SVMs.
Name | Type | Description |
enabled |
boolean |
Specifies whether or not auditing is enabled on the SVM. |
events |
log |
log_path |
string |
The audit log destination path where consolidated audit logs are stored. |
svm |
SVM, applies only to SVM-scoped objects. |
Name | Type | Description |
next |
self |
Name | Type | Description |
code |
string |
Argument code |
message |
string |
Message argument |
Name | Type | Description |
arguments |
array[error_arguments] |
Message arguments |
code |
string |
Error code |
message |
string |
Error message |
target |
string |
The target parameter that caused the error. |