Skip to main content

Protocols audit svm.uuid object-store endpoint overview

Contributors

Overview

S3 events auditing is a security measure that enables you to track and log certain S3 events on storage virtual machines (SVMs). You can track potential security problems and provides evidence of any security breaches.

Examples


Creating an S3 audit entry with log rotation size and log retention count

To create an S3 audit entry with log rotation size and log retention count, use the following API. Note the return_records=true query parameter is used to obtain the newly created entry in the response.


# The API:
POST /api/protocols/audit/{svm.uuid}/object-store/

# The call:
curl -X POST "https://<mgmt-ip>/api/protocols/audit/ec650e97-156e-11e9-abcb-005056bbd0bf/object-store?return_records=true" -H "accept: application/json" -H "Content-Type: application/json" -d "{ \"enabled\": true, \"events\": { \"data\": false, \"management\": false}, \"log\": { \"format\": \"json\", \"retention\": { \"count\": 10 }, \"rotation\": { \"size\": 2048000 }}, \"log_path\": \"/\"}"

# The response:
{
"records": [
  {
    "svm": {
      "uuid": "ec650e97-156e-11e9-abcb-005056bbd0bf",
      "name": "vs1"
    },
    "enabled": true,
    "events": {
      "data": false,
      "management": false
    },
    "log": {
      "format": "json",
      "rotation": {
        "size": 2048000
      },
      "retention": {
        "count": 10,
        "duration": "0s"
      }
    },
    "log_path": "/"
  }
],
"num_records": 1
}

Creating an S3 audit entry with log rotation schedule and log retention duration

To create an S3 audit entry with log rotation schedule and log retention duration, use the following API. Note that the return_records=true query parameter is used to obtain the newly created entry in the response.


# The API:
POST /api/protocols/audit/{svm.uuid}/object-store/

# The call:
curl -X POST "https://<mgmt-ip>/api/protocols/audit/a8d64674-13fc-11e9-87b1-005056a7ae7e/object-store?return_records=true" -H "accept: application/json" -H "Content-Type: application/json" -d "{ \"enabled\": false, \"events\": { \"data\": true, \"management\": true }, \"log\": { \"format\": \"json\", \"retention\": { \"duration\": \"P4DT12H30M5S\" }, \"rotation\": { \"schedule\": { \"days\": [1, 5, 10, 15], \"hours\": [0, 1, 6, 12, 18, 23], \"minutes\": [10, 15, 30, 45, 59], \"months\": [0], \"weekdays\": [0, 2, 5] } } }, \"log_path\": \"/\"}"

# The response:
{
"records": [
  {
    "svm": {
      "uuid": "a8d64674-13fc-11e9-87b1-005056a7ae7e",
      "name": "vs3"
    },
    "enabled": true,
    "events": {
      "data": true,
      "management": true
    },
    "log": {
      "format": "json",
      "rotation": {
        "schedule": {
          "minutes": [
            10,
            15,
            30,
            45,
            59
          ],
          "hours": [
            0,
            1,
            6,
            12,
            18,
            23
          ],
          "weekdays": [
            0,
            2,
            5
          ],
          "days": [
            1,
            5,
            10,
            15
          ],
          "months": [
            0
          ]
        }
      },
      "retention": {
        "count": 0,
        "duration": "P4DT12H30M5S"
      }
    },
    "log_path": "/"
  }
],
"num_records": 1
}

Retrieving an S3 audit configuration for all SVMs in the cluster


# The API:
GET /api/protocols/audit/{svm.uuid}/object-store/

# The call:
curl -X GET "https://<mgmt-ip>/api/protocols/audit/*/object-store?fields=*&return_records=true&return_timeout=15" -H "accept: application/json"

# The response:
{
"records": [
  {
    "svm": {
      "uuid": "ec650e97-156e-11e9-abcb-005056bbd0bf",
      "name": "vs1"
    },
    "enabled": true,
    "events": {
      "data": false,
      "management": false
    },
    "log": {
      "format": "json",
      "rotation": {
        "size": 2048000
      },
      "retention": {
        "count": 10,
        "duration": "0s"
      }
    },
    "log_path": "/"
  },
  {
    "svm": {
      "uuid": "a8d64674-13fc-11e9-87b1-005056a7ae7e",
      "name": "vs3"
    },
    "enabled": true,
    "events": {
      "data": true,
      "management": true
    },
    "log": {
      "format": "json",
      "rotation": {
        "schedule": {
          "minutes": [
            10,
            15,
            30,
            45,
            59
          ],
          "hours": [
            0,
            1,
            6,
            12,
            18,
            23
          ],
          "weekdays": [
            0,
            2,
            5
          ],
          "days": [
            1,
            5,
            10,
            15
          ],
          "months": [
            0
          ]
        }
      },
      "retention": {
        "count": 0,
        "duration": "P4DT12H30M5S"
      }
    },
    "log_path": "/"
  }
],
"num_records": 2
}

Retrieving specific entries with event list as data and management event for an SVM

The configuration returned is identified by the events in the list of S3 audit configurations of an SVM.


# The API:
GET /api/protocols/audit/{svm.uuid}/object-store/

# The call:
curl -X GET "https://<mgmt-ip>/api/protocols/audit/*/object-store?events.data=true&events.management=true&return_records=true&return_timeout=15" -H "accept: application/json"

# The response:
{
"records": [
  {
    "svm": {
      "uuid": "ec650e97-156e-11e9-abcb-005056bbd0bf",
      "name": "vs1"
    },
    "events": {
      "data": true,
      "management":true
    }
  },
  {
    "svm": {
      "uuid": "a8d64674-13fc-11e9-87b1-005056a7ae7e",
      "name": "vs3"
    },
    "events": {
      "data": true,
      "management": true
    }
  }
],
"num_records": 2
}

Retrieving a specific S3 audit configuration of an SVM

The configuration returned is identified by the UUID of its SVM.


# The API:
GET /api/protocols/audit/{svm.uuid}/object-store/

# The call:
curl -X GET "https://<mgmt-ip>/api/protocols/audit/ec650e97-156e-11e9-abcb-005056bbd0bf/object-store/" -H "accept: application/json"

# The response:
{
"svm": {
  "uuid": "ec650e97-156e-11e9-abcb-005056bbd0bf",
  "name": "vs1"
},
"enabled": true,
"events": {
  "data": false,
  "management": false
},
"log": {
  "format": "json",
  "rotation": {
    "size": 2048000
  },
  "retention": {
    "count": 10,
    "duration": "0s"
  }
},
"log_path": "/"
}

Updating a specific S3 audit configuration of an SVM

The configuration is identified by the UUID of its SVM and the provided information is updated.


# The API:
PATCH /api/protocols/audit/{svm.uuid}/object-store/

# The call:
curl -X PATCH "https://<mgmt-ip>/api/protocols/audit/ec650e97-156e-11e9-abcb-005056bbd0bf/object-store/" -H "accept: application/json" -H "Content-Type: application/json" -d "{ \"enabled\": false}"

Deleting a specific S3 audit configuration of an SVM

The entry to be deleted is identified by the UUID of its SVM.


# The API:
DELETE /api/protocols/audit/{svm.uuid}/object-store/

# The call:
curl -X DELETE "https://<mgmt-ip>/api/protocols/audit/ec650e97-156e-11e9-abcb-005056bbd0bf/object-store" -H "accept: application/json"