Audit Trails API, REST: Trail.Get
- HTTP request
- Path parameters
- Response
- Destination
- ObjectStorage
- CloudLogging
- DataStream
- Filter
- PathFilter
- PathFilterElement
- PathFilterElementAny
- Resource
- PathFilterElementSome
- EventFilter
- EventFilterElement
- EventFilterElementCategory
- FilteringPolicy
- ManagementEventsFiltering
- DataEventsFiltering
- EventTypes
- DnsDataEventsFilter
Returns the specified trail.
To get the list of all available trails, make a List request.
HTTP request
GET https://audittrails.api.cloud.yandex.net/audit-trails/v1/trails/{trailId}
Path parameters
|
Field |
Description |
|
trailId |
string Required field. ID of the trail to return. To get a trail ID make a List request. |
Response
HTTP Code: 200 - OK
{
"id": "string",
"folderId": "string",
"createdAt": "string",
"updatedAt": "string",
"name": "string",
"description": "string",
"labels": "object",
"destination": {
// Includes only one of the fields `objectStorage`, `cloudLogging`, `dataStream`
"objectStorage": {
"bucketId": "string",
"objectPrefix": "string"
},
"cloudLogging": {
// Includes only one of the fields `logGroupId`
"logGroupId": "string"
// end of the list of possible fields
},
"dataStream": {
"databaseId": "string",
"streamName": "string"
}
// end of the list of possible fields
},
"serviceAccountId": "string",
"status": "string",
"filter": {
"pathFilter": {
"root": {
// Includes only one of the fields `anyFilter`, `someFilter`
"anyFilter": {
"resource": {
"id": "string",
"type": "string"
}
},
"someFilter": {
"resource": {
"id": "string",
"type": "string"
},
"filters": [
"object"
]
}
// end of the list of possible fields
}
},
"eventFilter": {
"filters": [
{
"service": "string",
"categories": [
{
"plane": "string",
"type": "string"
}
],
"pathFilter": {
"root": {
// Includes only one of the fields `anyFilter`, `someFilter`
"anyFilter": {
"resource": {
"id": "string",
"type": "string"
}
},
"someFilter": {
"resource": {
"id": "string",
"type": "string"
},
"filters": [
"object"
]
}
// end of the list of possible fields
}
}
}
]
}
},
"statusErrorMessage": "string",
"cloudId": "string",
"filteringPolicy": {
"managementEventsFilter": {
"resourceScopes": [
{
"id": "string",
"type": "string"
}
]
},
"dataEventsFilters": [
{
"service": "string",
// Includes only one of the fields `includedEvents`, `excludedEvents`
"includedEvents": {
"eventTypes": [
"string"
]
},
"excludedEvents": {
"eventTypes": [
"string"
]
},
// end of the list of possible fields
// Includes only one of the fields `dnsFilter`
"dnsFilter": {
"onlyRecursiveQueries": "boolean"
},
// end of the list of possible fields
"resourceScopes": [
{
"id": "string",
"type": "string"
}
]
}
]
}
}
Trail describes the filtering and destination configuration of the process of sending Audit events
|
Field |
Description |
|
id |
string ID of the trail |
|
folderId |
string Required field. ID of the folder that the trail belongs to |
|
createdAt |
string (date-time) Required field. The timestamp for the creation operation String in RFC3339 text format. The range of possible values is from To work with values in this field, use the APIs described in the |
|
updatedAt |
string (date-time) Required field. The timestamp of the last update operation String in RFC3339 text format. The range of possible values is from To work with values in this field, use the APIs described in the |
|
name |
string Name of the trail |
|
description |
string Description of the trail |
|
labels |
object (map<string, string>) Custom labels of the trail as |
|
destination |
Required field. Destination configuration of the trail |
|
serviceAccountId |
string Service account ID of the trail |
|
status |
enum (Status) Required field. Status of the trail
|
|
filter |
Filtering configuration of the trail |
|
statusErrorMessage |
string Current error message of the trail. Empty in case if the trail is active |
|
cloudId |
string Required field. ID of the cloud that the trail belongs to |
|
filteringPolicy |
Event filtering policy |
Destination
|
Field |
Description |
|
objectStorage |
Configuration for event delivery to Object Storage Uploaded objects will have prefix <trail_id>/ by default Includes only one of the fields |
|
cloudLogging |
Configuration for event delivery to Cloud Logging Includes only one of the fields |
|
dataStream |
Configuration for event delivery to YDS Includes only one of the fields |
ObjectStorage
|
Field |
Description |
|
bucketId |
string Name of the destination bucket |
|
objectPrefix |
string Prefix for exported objects. Optional |
CloudLogging
|
Field |
Description |
|
logGroupId |
string ID of the Cloud Logging destination group Includes only one of the fields |
DataStream
|
Field |
Description |
|
databaseId |
string ID of the database hosting the destination YDS |
|
streamName |
string Name of the destination YDS |
Filter
|
Field |
Description |
|
pathFilter |
Configuration of default events gathering for the trail |
|
eventFilter |
Required field. Configuration of additional events gathering from specific services |
PathFilter
|
Field |
Description |
|
root |
Required field. Root element of the resource path filter for the trail |
PathFilterElement
|
Field |
Description |
|
anyFilter |
Filter element with ANY type. If used, configures the trail to gather any events from the resource Includes only one of the fields |
|
someFilter |
Filter element with SOME type. If used, configures the trail to gather some of the events from the resource Includes only one of the fields |
PathFilterElementAny
|
Field |
Description |
|
resource |
Required field. Resource definition |
Resource
|
Field |
Description |
|
id |
string Required field. ID of the resource |
|
type |
string Required field. Type of the resource |
PathFilterElementSome
|
Field |
Description |
|
resource |
Required field. Definition of the resource that contains nested resources |
|
filters[] |
Filters for the resources contained in the parent resource |
EventFilter
|
Field |
Description |
|
filters[] |
List of filters for services |
EventFilterElement
|
Field |
Description |
|
service |
string Required field. Service ID of the gathered events |
|
categories[] |
List of the event categories gathered for a specified service |
|
pathFilter |
Required field. Resource path filter for a specified service |
EventFilterElementCategory
|
Field |
Description |
|
plane |
enum (EventCategoryFilter) Required field. Plane of the gathered category
|
|
type |
enum (EventAccessTypeFilter) Required field. Type of the gathered category
|
FilteringPolicy
Combination of policies describing event filtering process of the trail
At least one filed must be filled
|
Field |
Description |
|
managementEventsFilter |
Singular filter describing gathering management events |
|
dataEventsFilters[] |
List of filters describing gathering data events |
ManagementEventsFiltering
Policy for gathering management events
|
Field |
Description |
|
resourceScopes[] |
A list of resources which will be monitored by the trail |
DataEventsFiltering
Policy for gathering data events
|
Field |
Description |
|
service |
string Required field. Name of the service whose events will be delivered |
|
includedEvents |
Explicitly included events of specified service Includes only one of the fields |
|
excludedEvents |
Explicitly excluded events of specified service Includes only one of the fields |
|
dnsFilter |
Filter is allowed only if service = dns Includes only one of the fields |
|
resourceScopes[] |
A list of resources which will be monitored by the trail |
EventTypes
Policy with explicitly specified event group
|
Field |
Description |
|
eventTypes[] |
string |
DnsDataEventsFilter
|
Field |
Description |
|
onlyRecursiveQueries |
boolean Only recursive queries will be delivered |