Audit Trails API, REST: Trail.create
Creates a trail in the specified folder.
HTTP request
POST https://audit-trails.api.cloud.yandex.net/audit-trails/v1/trails
Body parameters
{
"folderId": "string",
"name": "string",
"description": "string",
"labels": "object",
"destination": {
// `destination` includes only one of the fields `objectStorage`, `cloudLogging`, `dataStream`
"objectStorage": {
"bucketId": "string",
"objectPrefix": "string"
},
"cloudLogging": {
"logGroupId": "string"
},
"dataStream": {
"databaseId": "string",
"streamName": "string"
},
// end of the list of possible fields`destination`
},
"serviceAccountId": "string",
"filter": {
"pathFilter": {
"root": {
// `filter.pathFilter.root` includes only one of the fields `anyFilter`, `someFilter`
"anyFilter": {
"resource": {
"id": "string",
"type": "string"
}
},
"someFilter": {
"resource": {
"id": "string",
"type": "string"
},
"filters": [
{
// `filter.pathFilter.root.someFilter.filters[]` includes only one of the fields `anyFilter`, `someFilter`
"anyFilter": {
"resource": {
"id": "string",
"type": "string"
}
},
"someFilter": {},
// end of the list of possible fields`filter.pathFilter.root.someFilter.filters[]`
}
]
},
// end of the list of possible fields`filter.pathFilter.root`
}
},
"eventFilter": {
"filters": [
{
"service": "string",
"categories": [
{
"plane": "string",
"type": "string"
}
],
"pathFilter": {
"root": {
// `filter.eventFilter.filters[].pathFilter.root` includes only one of the fields `anyFilter`, `someFilter`
"anyFilter": {
"resource": {
"id": "string",
"type": "string"
}
},
"someFilter": {
"resource": {
"id": "string",
"type": "string"
},
"filters": [
{
// `filter.eventFilter.filters[].pathFilter.root.someFilter.filters[]` includes only one of the fields `anyFilter`, `someFilter`
"anyFilter": {
"resource": {
"id": "string",
"type": "string"
}
},
"someFilter": {},
// end of the list of possible fields`filter.eventFilter.filters[].pathFilter.root.someFilter.filters[]`
}
]
},
// end of the list of possible fields`filter.eventFilter.filters[].pathFilter.root`
}
}
}
]
}
},
"filteringPolicy": {
"managementEventsFilter": {
"resourceScopes": [
{
"id": "string",
"type": "string"
}
]
},
"dataEventsFilters": [
{
"service": "string",
"resourceScopes": [
{
"id": "string",
"type": "string"
}
],
// `filteringPolicy.dataEventsFilters[]` includes only one of the fields `includedEvents`, `excludedEvents`
"includedEvents": {
"eventTypes": [
"string"
]
},
"excludedEvents": {
"eventTypes": [
"string"
]
},
// end of the list of possible fields`filteringPolicy.dataEventsFilters[]`
}
]
}
}
Field | Description |
---|---|
folderId | string Required. ID of the folder to create a trail in. The maximum string length in characters is 50. |
name | string Name of the trail. Value must match the regular expression |
description | string Description of the trail. The maximum string length in characters is 1024. |
labels | object Custom labels for the secret as No more than 64 per resource. The maximum string length in characters for each key is 63. Each key must match the regular expression |
destination | object Required. Destination configuration for the trail |
destination. objectStorage |
object Configuration for event delivery to Object Storage Uploaded objects will have prefix <trail_id>/ by default destination includes only one of the fields objectStorage , cloudLogging , dataStream |
destination. objectStorage. bucketId |
string Name of the destination bucket The string length in characters must be 3-63. |
destination. objectStorage. objectPrefix |
string Prefix for exported objects. Optional If specified, uploaded objects will have prefix <object_prefix>/<trail_id>/ |
destination. cloudLogging |
object Configuration for event delivery to Cloud Logging destination includes only one of the fields objectStorage , cloudLogging , dataStream |
destination. cloudLogging. logGroupId |
string ID of the Cloud Logging destination group The maximum string length in characters is 64. |
destination. dataStream |
object Configuration for event delivery to YDS destination includes only one of the fields objectStorage , cloudLogging , dataStream |
destination. dataStream. databaseId |
string ID of the database hosting the destination YDS |
destination. dataStream. streamName |
string Name of the destination YDS |
serviceAccountId | string Required. Service account ID of the trail The maximum string length in characters is 50. |
filter | object Event filtering configuration of the trail deprecated: use filtering_policy instead |
filter. pathFilter |
object Configuration of default events gathering for the trail If not specified, default events won't be gathered for the trail |
filter. pathFilter. root |
object Required. Root element of the resource path filter for the trail Resource described in that filter node must contain the trail itself |
filter. pathFilter. root. anyFilter |
object Filter element with ANY type. If used, configures the trail to gather any events from the resource filter.pathFilter.root includes only one of the fields anyFilter , someFilter |
filter. pathFilter. root. anyFilter. resource |
object Required. Resource definition |
filter. pathFilter. root. anyFilter. resource. id |
string Required. ID of the resource The maximum string length in characters is 64. |
filter. pathFilter. root. anyFilter. resource. type |
string Required. Type of the resource The maximum string length in characters is 50. |
filter. pathFilter. root. someFilter |
object Filter element with SOME type. If used, configures the trail to gather some of the events from the resource filter.pathFilter.root includes only one of the fields anyFilter , someFilter |
filter. pathFilter. root. someFilter. resource |
object Required. Definition of the resource that contains nested resources |
filter. pathFilter. root. someFilter. resource. id |
string Required. ID of the resource The maximum string length in characters is 64. |
filter. pathFilter. root. someFilter. resource. type |
string Required. Type of the resource The maximum string length in characters is 50. |
filter. pathFilter. root. someFilter. filters[] |
object Required. Filters for the resources contained in the parent resource Must contain at least one element. |
filter. pathFilter. root. someFilter. filters[]. anyFilter |
object Filter element with ANY type. If used, configures the trail to gather any events from the resource filter.pathFilter.root.someFilter.filters[] includes only one of the fields anyFilter , someFilter |
filter. pathFilter. root. someFilter. filters[]. anyFilter. resource |
object Required. Resource definition |
filter. pathFilter. root. someFilter. filters[]. anyFilter. resource. id |
string Required. ID of the resource The maximum string length in characters is 64. |
filter. pathFilter. root. someFilter. filters[]. anyFilter. resource. type |
string Required. Type of the resource The maximum string length in characters is 50. |
filter. pathFilter. root. someFilter. filters[]. someFilter |
object Filter element with SOME type. If used, configures the trail to gather some of the events from the resource filter.pathFilter.root.someFilter.filters[] includes only one of the fields anyFilter , someFilter |
filter. eventFilter |
object Required. Configuration of additional events gathering from specific services |
filter. eventFilter. filters[] |
object List of filters for services The minimum number of elements is 0. |
filter. eventFilter. filters[]. service |
string Required. Service ID of the gathered events |
filter. eventFilter. filters[]. categories[] |
object Required. List of the event categories gathered for a specified service Must contain at least one element. |
filter. eventFilter. filters[]. categories[]. plane |
string Required. Plane of the gathered category
|
filter. eventFilter. filters[]. categories[]. type |
string Required. Type of the gathered category
|
filter. eventFilter. filters[]. pathFilter |
object Required. Resource path filter for a specified service |
filter. eventFilter. filters[]. pathFilter. root |
object Required. Root element of the resource path filter for the trail Resource described in that filter node must contain the trail itself |
filter. eventFilter. filters[]. pathFilter. root. anyFilter |
object Filter element with ANY type. If used, configures the trail to gather any events from the resource filter.eventFilter.filters[].pathFilter.root includes only one of the fields anyFilter , someFilter |
filter. eventFilter. filters[]. pathFilter. root. anyFilter. resource |
object Required. Resource definition |
filter. eventFilter. filters[]. pathFilter. root. anyFilter. resource. id |
string Required. ID of the resource The maximum string length in characters is 64. |
filter. eventFilter. filters[]. pathFilter. root. anyFilter. resource. type |
string Required. Type of the resource The maximum string length in characters is 50. |
filter. eventFilter. filters[]. pathFilter. root. someFilter |
object Filter element with SOME type. If used, configures the trail to gather some of the events from the resource filter.eventFilter.filters[].pathFilter.root includes only one of the fields anyFilter , someFilter |
filter. eventFilter. filters[]. pathFilter. root. someFilter. resource |
object Required. Definition of the resource that contains nested resources |
filter. eventFilter. filters[]. pathFilter. root. someFilter. resource. id |
string Required. ID of the resource The maximum string length in characters is 64. |
filter. eventFilter. filters[]. pathFilter. root. someFilter. resource. type |
string Required. Type of the resource The maximum string length in characters is 50. |
filter. eventFilter. filters[]. pathFilter. root. someFilter. filters[] |
object Required. Filters for the resources contained in the parent resource Must contain at least one element. |
filter. eventFilter. filters[]. pathFilter. root. someFilter. filters[]. anyFilter |
object Filter element with ANY type. If used, configures the trail to gather any events from the resource filter.eventFilter.filters[].pathFilter.root.someFilter.filters[] includes only one of the fields anyFilter , someFilter |
filter. eventFilter. filters[]. pathFilter. root. someFilter. filters[]. anyFilter. resource |
object Required. Resource definition |
filter. eventFilter. filters[]. pathFilter. root. someFilter. filters[]. anyFilter. resource. id |
string Required. ID of the resource The maximum string length in characters is 64. |
filter. eventFilter. filters[]. pathFilter. root. someFilter. filters[]. anyFilter. resource. type |
string Required. Type of the resource The maximum string length in characters is 50. |
filter. eventFilter. filters[]. pathFilter. root. someFilter. filters[]. someFilter |
object Filter element with SOME type. If used, configures the trail to gather some of the events from the resource filter.eventFilter.filters[].pathFilter.root.someFilter.filters[] includes only one of the fields anyFilter , someFilter |
filteringPolicy | object Event filtering policy of the trail Combination of policies describing event filtering process of the trail At least one filed must be filled |
filteringPolicy. managementEventsFilter |
object Singular filter describing gathering management events Policy for gathering management events |
filteringPolicy. managementEventsFilter. resourceScopes[] |
object Required. A list of resources which will be monitored by the trail The number of elements must be in the range 1-1024. |
filteringPolicy. managementEventsFilter. resourceScopes[]. id |
string Required. ID of the resource The maximum string length in characters is 64. |
filteringPolicy. managementEventsFilter. resourceScopes[]. type |
string Required. Type of the resource The maximum string length in characters is 50. |
filteringPolicy. dataEventsFilters[] |
object List of filters describing gathering data events The number of elements must be less than 128. |
filteringPolicy. dataEventsFilters[]. service |
string Required. Name of the service whose events will be delivered |
filteringPolicy. dataEventsFilters[]. resourceScopes[] |
object Required. A list of resources which will be monitored by the trail The number of elements must be in the range 1-1024. |
filteringPolicy. dataEventsFilters[]. resourceScopes[]. id |
string Required. ID of the resource The maximum string length in characters is 64. |
filteringPolicy. dataEventsFilters[]. resourceScopes[]. type |
string Required. Type of the resource The maximum string length in characters is 50. |
filteringPolicy. dataEventsFilters[]. includedEvents |
object Explicitly included events of specified service New events of the service won't be delivered by default filteringPolicy.dataEventsFilters[] includes only one of the fields includedEvents , excludedEvents |
filteringPolicy. dataEventsFilters[]. includedEvents. eventTypes[] |
string Required. The number of elements must be in the range 1-1024. |
filteringPolicy. dataEventsFilters[]. excludedEvents |
object Explicitly excluded events of specified service New events of the service will be delivered by default filteringPolicy.dataEventsFilters[] includes only one of the fields includedEvents , excludedEvents |
filteringPolicy. dataEventsFilters[]. excludedEvents. eventTypes[] |
string Required. The number of elements must be in the range 1-1024. |
Response
HTTP Code: 200 - OK
{
"id": "string",
"description": "string",
"createdAt": "string",
"createdBy": "string",
"modifiedAt": "string",
"done": true,
"metadata": "object",
// includes only one of the fields `error`, `response`
"error": {
"code": "integer",
"message": "string",
"details": [
"object"
]
},
"response": "object",
// end of the list of possible fields
}
An Operation resource. For more information, see Operation.
Field | Description |
---|---|
id | string ID of the operation. |
description | string Description of the operation. 0-256 characters long. |
createdAt | string (date-time) Creation timestamp. String in RFC3339 text format. The range of possible values is from To work with values in this field, use the APIs described in the Protocol Buffers reference. In some languages, built-in datetime utilities do not support nanosecond precision (9 digits). |
createdBy | string ID of the user or service account who initiated the operation. |
modifiedAt | string (date-time) The time when the Operation resource was last modified. String in RFC3339 text format. The range of possible values is from To work with values in this field, use the APIs described in the Protocol Buffers reference. In some languages, built-in datetime utilities do not support nanosecond precision (9 digits). |
done | boolean (boolean) If the value is |
metadata | object Service-specific metadata associated with the operation. It typically contains the ID of the target resource that the operation is performed on. Any method that returns a long-running operation should document the metadata type, if any. |
error | object The error result of the operation in case of failure or cancellation. includes only one of the fields error , response |
error. code |
integer (int32) Error code. An enum value of google.rpc.Code. |
error. message |
string An error message. |
error. details[] |
object A list of messages that carry the error details. |
response | object includes only one of the fields error , response The normal response of the operation in case of success. If the original method returns no data on success, such as Delete, the response is google.protobuf.Empty. If the original method is the standard Create/Update, the response should be the target resource of the operation. Any method that returns a long-running operation should document the response type, if any. |