Audit Trails API, REST: Trail.List
Retrieves the list of trails in the specified folder.
HTTP request
GET https://audittrails.api.cloud.yandex.net/audit-trails/v1/trails
Query parameters
Field |
Description |
folderId |
string Required field. ID of the folder to list trails in. |
pageSize |
string (int64) The maximum number of results per page to return. If the number of available |
pageToken |
string Page token. To get the next page of results, set |
filter |
string A filter expression that filters subscription locks listed in the response. The expression must specify:
|
orderBy |
string By which column the listing should be ordered and in which direction. |
Response
HTTP Code: 200 - OK
{
"trails": [
{
"id": "string",
"folderId": "string",
"createdAt": "string",
"updatedAt": "string",
"name": "string",
"description": "string",
"labels": "string",
"destination": {
// Includes only one of the fields `objectStorage`, `cloudLogging`, `dataStream`
"objectStorage": {
"bucketId": "string",
"objectPrefix": "string"
},
"cloudLogging": {
// Includes only one of the fields `logGroupId`
"logGroupId": "string"
// end of the list of possible fields
},
"dataStream": {
"databaseId": "string",
"streamName": "string"
}
// end of the list of possible fields
},
"serviceAccountId": "string",
"status": "string",
"filter": {
"pathFilter": {
"root": {
// Includes only one of the fields `anyFilter`, `someFilter`
"anyFilter": {
"resource": {
"id": "string",
"type": "string"
}
},
"someFilter": {
"resource": {
"id": "string",
"type": "string"
},
"filters": [
"object"
]
}
// end of the list of possible fields
}
},
"eventFilter": {
"filters": [
{
"service": "string",
"categories": [
{
"plane": "string",
"type": "string"
}
],
"pathFilter": {
"root": {
// Includes only one of the fields `anyFilter`, `someFilter`
"anyFilter": {
"resource": {
"id": "string",
"type": "string"
}
},
"someFilter": {
"resource": {
"id": "string",
"type": "string"
},
"filters": [
"object"
]
}
// end of the list of possible fields
}
}
}
]
}
},
"statusErrorMessage": "string",
"cloudId": "string",
"filteringPolicy": {
"managementEventsFilter": {
"resourceScopes": [
{
"id": "string",
"type": "string"
}
]
},
"dataEventsFilters": [
{
"service": "string",
// Includes only one of the fields `includedEvents`, `excludedEvents`
"includedEvents": {
"eventTypes": [
"string"
]
},
"excludedEvents": {
"eventTypes": [
"string"
]
},
// end of the list of possible fields
"resourceScopes": [
{
"id": "string",
"type": "string"
}
]
}
]
}
}
],
"nextPageToken": "string"
}
Field |
Description |
trails[] |
List of trails in the specified folder. |
nextPageToken |
string This token allows you to get the next page of results for list requests. If the number |
Trail
Trail describes the filtering and destination configuration of the process of sending Audit events
Field |
Description |
id |
string ID of the trail |
folderId |
string Required field. ID of the folder that the trail belongs to |
createdAt |
string (date-time) Required field. The timestamp for the creation operation String in RFC3339 To work with values in this field, use the APIs described in the |
updatedAt |
string (date-time) Required field. The timestamp of the last update operation String in RFC3339 To work with values in this field, use the APIs described in the |
name |
string Name of the trail |
description |
string Description of the trail |
labels |
string Custom labels of the trail as |
destination |
Required field. Destination configuration of the trail |
serviceAccountId |
string Service account ID of the trail |
status |
enum (Status) Required field. Status of the trail
|
filter |
Filtering configuration of the trail |
statusErrorMessage |
string Current error message of the trail. Empty in case if the trail is active |
cloudId |
string Required field. ID of the cloud that the trail belongs to |
filteringPolicy |
Event filtering policy |
Destination
Field |
Description |
objectStorage |
Configuration for event delivery to Object Storage Uploaded objects will have prefix <trail_id>/ by default Includes only one of the fields |
cloudLogging |
Configuration for event delivery to Cloud Logging Includes only one of the fields |
dataStream |
Configuration for event delivery to YDS Includes only one of the fields |
ObjectStorage
Field |
Description |
bucketId |
string Name of the destination bucket |
objectPrefix |
string Prefix for exported objects. Optional |
CloudLogging
Field |
Description |
logGroupId |
string ID of the Cloud Logging destination group Includes only one of the fields |
DataStream
Field |
Description |
databaseId |
string ID of the database hosting the destination YDS |
streamName |
string Name of the destination YDS |
Filter
Field |
Description |
pathFilter |
Configuration of default events gathering for the trail |
eventFilter |
Required field. Configuration of additional events gathering from specific services |
PathFilter
Field |
Description |
root |
Required field. Root element of the resource path filter for the trail |
PathFilterElement
Field |
Description |
anyFilter |
Filter element with ANY type. If used, configures the trail to gather any events from the resource Includes only one of the fields |
someFilter |
Filter element with SOME type. If used, configures the trail to gather some of the events from the resource Includes only one of the fields |
PathFilterElementAny
Field |
Description |
resource |
Required field. Resource definition |
Resource
Field |
Description |
id |
string Required field. ID of the resource |
type |
string Required field. Type of the resource |
PathFilterElementSome
Field |
Description |
resource |
Required field. Definition of the resource that contains nested resources |
filters[] |
Filters for the resources contained in the parent resource |
EventFilter
Field |
Description |
filters[] |
List of filters for services |
EventFilterElement
Field |
Description |
service |
string Required field. Service ID of the gathered events |
categories[] |
List of the event categories gathered for a specified service |
pathFilter |
Required field. Resource path filter for a specified service |
EventFilterElementCategory
Field |
Description |
plane |
enum (EventCategoryFilter) Required field. Plane of the gathered category
|
type |
enum (EventAccessTypeFilter) Required field. Type of the gathered category
|
FilteringPolicy
Combination of policies describing event filtering process of the trail
At least one filed must be filled
Field |
Description |
managementEventsFilter |
Singular filter describing gathering management events |
dataEventsFilters[] |
List of filters describing gathering data events |
ManagementEventsFiltering
Policy for gathering management events
Field |
Description |
resourceScopes[] |
A list of resources which will be monitored by the trail |
DataEventsFiltering
Policy for gathering data events
Field |
Description |
service |
string Required field. Name of the service whose events will be delivered |
includedEvents |
Explicitly included events of specified service Includes only one of the fields |
excludedEvents |
Explicitly excluded events of specified service Includes only one of the fields |
resourceScopes[] |
A list of resources which will be monitored by the trail |
EventTypes
Policy with explicitly specified event group
Field |
Description |
eventTypes[] |
string |