Audit Trails API, REST: Trail.Create
- HTTP request
- Body parameters
- Destination
- ObjectStorage
- CloudLogging
- DataStream
- EventRouter
- Filter
- PathFilter
- PathFilterElement
- PathFilterElementAny
- Resource
- PathFilterElementSome
- EventFilter
- EventFilterElement
- EventFilterElementCategory
- FilteringPolicy
- ManagementEventsFiltering
- DataEventsFiltering
- EventTypes
- DnsDataEventsFilter
- Response
- Status
Creates a trail in the specified folder.
HTTP request
POST https://audittrails.api.cloud.yandex.net/audit-trails/v1/trails
Body parameters
{
"folderId": "string",
"name": "string",
"description": "string",
"labels": "object",
"destination": {
// Includes only one of the fields `objectStorage`, `cloudLogging`, `dataStream`, `eventrouter`
"objectStorage": {
"bucketId": "string",
"objectPrefix": "string"
},
"cloudLogging": {
// Includes only one of the fields `logGroupId`
"logGroupId": "string"
// end of the list of possible fields
},
"dataStream": {
"databaseId": "string",
"streamName": "string",
"codec": "string"
},
"eventrouter": {
"eventrouterConnectorId": "string"
}
// end of the list of possible fields
},
"serviceAccountId": "string",
"filter": {
"pathFilter": {
"root": {
// Includes only one of the fields `anyFilter`, `someFilter`
"anyFilter": {
"resource": {
"id": "string",
"type": "string"
}
},
"someFilter": {
"resource": {
"id": "string",
"type": "string"
},
"filters": [
"object"
]
}
// end of the list of possible fields
}
},
"eventFilter": {
"filters": [
{
"service": "string",
"categories": [
{
"plane": "string",
"type": "string"
}
],
"pathFilter": {
"root": {
// Includes only one of the fields `anyFilter`, `someFilter`
"anyFilter": {
"resource": {
"id": "string",
"type": "string"
}
},
"someFilter": {
"resource": {
"id": "string",
"type": "string"
},
"filters": [
"object"
]
}
// end of the list of possible fields
}
}
}
]
}
},
"filteringPolicy": {
"managementEventsFilter": {
"resourceScopes": [
{
"id": "string",
"type": "string"
}
]
},
"dataEventsFilters": [
{
// Includes only one of the fields `includedEvents`, `excludedEvents`
"includedEvents": {
"eventTypes": [
"string"
]
},
"excludedEvents": {
"eventTypes": [
"string"
]
},
// end of the list of possible fields
// Includes only one of the fields `dnsFilter`
"dnsFilter": {
"includeNonrecursiveQueries": "boolean"
},
// end of the list of possible fields
"service": "string",
"resourceScopes": [
{
"id": "string",
"type": "string"
}
]
}
]
}
}
|
Field |
Description |
|
folderId |
string Required field. ID of the folder to create a trail in. The maximum string length in characters is 50. |
|
name |
string Name of the trail. Value must match the regular expression |
|
description |
string Description of the trail. The maximum string length in characters is 1024. |
|
labels |
object (map<string, string>) Custom labels for the secret as The maximum string length in characters for each value is 63. The maximum string length in characters for each key is 63. Each key must match the regular expression |
|
destination |
Required field. Destination configuration for the trail |
|
serviceAccountId |
string Required field. Service account ID of the trail The maximum string length in characters is 50. |
|
filter |
Event filtering configuration of the trail |
|
filteringPolicy |
Event filtering policy of the trail |
Destination
|
Field |
Description |
|
objectStorage |
Configuration for event delivery to Object Storage Includes only one of the fields |
|
cloudLogging |
Configuration for event delivery to Cloud Logging Includes only one of the fields |
|
dataStream |
Configuration for event delivery to YDS Includes only one of the fields |
|
eventrouter |
Configuration for event delivery to EventRouter Includes only one of the fields |
ObjectStorage
|
Field |
Description |
|
bucketId |
string Name of the destination bucket The string length in characters must be 3-63. |
|
objectPrefix |
string Prefix for exported objects. Optional |
CloudLogging
|
Field |
Description |
|
logGroupId |
string ID of the Cloud Logging destination group The maximum string length in characters is 64. Includes only one of the fields |
DataStream
|
Field |
Description |
|
databaseId |
string ID of the database hosting the destination YDS |
|
streamName |
string Name of the destination YDS |
|
codec |
enum (Codec) Codec for compressing events
|
EventRouter
|
Field |
Description |
|
eventrouterConnectorId |
string ID of the EventRouter Connector The maximum string length in characters is 64. |
Filter
|
Field |
Description |
|
pathFilter |
Configuration of default events gathering for the trail |
|
eventFilter |
Required field. Configuration of additional events gathering from specific services |
PathFilter
|
Field |
Description |
|
root |
Required field. Root element of the resource path filter for the trail |
PathFilterElement
|
Field |
Description |
|
anyFilter |
Filter element with ANY type. If used, configures the trail to gather any events from the resource Includes only one of the fields |
|
someFilter |
Filter element with SOME type. If used, configures the trail to gather some of the events from the resource Includes only one of the fields |
PathFilterElementAny
|
Field |
Description |
|
resource |
Required field. Resource definition |
Resource
|
Field |
Description |
|
id |
string Required field. ID of the resource The maximum string length in characters is 64. |
|
type |
string Required field. Type of the resource The maximum string length in characters is 50. |
PathFilterElementSome
|
Field |
Description |
|
resource |
Required field. Definition of the resource that contains nested resources |
|
filters[] |
Filters for the resources contained in the parent resource The number of elements must be greater than 0. |
EventFilter
|
Field |
Description |
|
filters[] |
List of filters for services The minimum number of elements is 0. |
EventFilterElement
|
Field |
Description |
|
service |
string Required field. Service ID of the gathered events |
|
categories[] |
List of the event categories gathered for a specified service The number of elements must be greater than 0. |
|
pathFilter |
Required field. Resource path filter for a specified service |
EventFilterElementCategory
|
Field |
Description |
|
plane |
enum (EventCategoryFilter) Required field. Plane of the gathered category
|
|
type |
enum (EventAccessTypeFilter) Required field. Type of the gathered category
|
FilteringPolicy
Combination of policies describing event filtering process of the trail
At least one filed must be filled
|
Field |
Description |
|
managementEventsFilter |
Singular filter describing gathering management events |
|
dataEventsFilters[] |
List of filters describing gathering data events The number of elements must be less than 128. |
ManagementEventsFiltering
Policy for gathering management events
|
Field |
Description |
|
resourceScopes[] |
A list of resources which will be monitored by the trail The number of elements must be in the range 1-1024. |
DataEventsFiltering
Policy for gathering data events
|
Field |
Description |
|
includedEvents |
Explicitly included events of specified service Includes only one of the fields |
|
excludedEvents |
Explicitly excluded events of specified service Includes only one of the fields |
|
dnsFilter |
Filter is allowed only if service = dns Includes only one of the fields |
|
service |
string Required field. Name of the service whose events will be delivered |
|
resourceScopes[] |
A list of resources which will be monitored by the trail The number of elements must be in the range 1-1024. |
EventTypes
Policy with explicitly specified event group
|
Field |
Description |
|
eventTypes[] |
string The number of elements must be in the range 1-1024. |
DnsDataEventsFilter
|
Field |
Description |
|
includeNonrecursiveQueries |
boolean Not only recursive queries will be delivered |
Response
HTTP Code: 200 - OK
{
"id": "string",
"description": "string",
"createdAt": "string",
"createdBy": "string",
"modifiedAt": "string",
"done": "boolean",
"metadata": "object",
// Includes only one of the fields `error`, `response`
"error": {
"code": "integer",
"message": "string",
"details": [
"object"
]
},
"response": "object"
// end of the list of possible fields
}
An Operation resource. For more information, see Operation.
|
Field |
Description |
|
id |
string ID of the operation. |
|
description |
string Description of the operation. 0-256 characters long. |
|
createdAt |
string (date-time) Creation timestamp. String in RFC3339 text format. The range of possible values is from To work with values in this field, use the APIs described in the |
|
createdBy |
string ID of the user or service account who initiated the operation. |
|
modifiedAt |
string (date-time) The time when the Operation resource was last modified. String in RFC3339 text format. The range of possible values is from To work with values in this field, use the APIs described in the |
|
done |
boolean If the value is |
|
metadata |
object Service-specific metadata associated with the operation. |
|
error |
The error result of the operation in case of failure or cancellation. Includes only one of the fields The operation result. |
|
response |
object The normal response of the operation in case of success. Includes only one of the fields The operation result. |
Status
The error result of the operation in case of failure or cancellation.
|
Field |
Description |
|
code |
integer (int32) Error code. An enum value of google.rpc.Code. |
|
message |
string An error message. |
|
details[] |
object A list of messages that carry the error details. |