Audit Trails API, REST: Trail.List

Field

Description

folderId

string

Required field. ID of the folder to list trails in.

pageSize

string (int64)

The maximum number of results per page to return. If the number of available
results is larger than page_size, the service returns a ListTrailsResponse.nextPageToken
that can be used to get the next page of results in subsequent list requests.
Default value: 100.

pageToken

string

Page token. To get the next page of results, set page_token to the
[ListTrailsRequest.next_page_token] returned by a previous list request.

filter

string

A filter expression that filters subscription locks listed in the response.

The expression must specify:

1. The field name. Currently you can use filtering on [Trail.name, Trail.created_at] fields.
2. An operator. Can be either = or != for single values, IN or NOT IN for lists of values.
3. The value. Must be in double quotes "". Must be 3-63 characters long and match the regular expression ^[a-z][-a-z0-9]{1,61}[a-z0-9].
   Example of a filter: name="my-name".

orderBy

string

By which column the listing should be ordered and in which direction.
format is " desc|acs"

Field

Description

trails[]

Trail

List of trails in the specified folder.

nextPageToken

string

This token allows you to get the next page of results for list requests. If the number
of results is greater than the specified ListTrailsRequest.pageSize, use
the next_page_token as the value for the ListTrailsRequest.pageToken query parameter
in the next list request. Each subsequent list request will have its own
next_page_token to continue paging through the results.

Field

Description

id

string

ID of the trail

folderId

string

Required field. ID of the folder that the trail belongs to

createdAt

string (date-time)

Required field. The timestamp for the creation operation

String in RFC3339 text format. The range of possible values is from
0001-01-01T00:00:00Z to 9999-12-31T23:59:59.999999999Z, i.e. from 0 to 9 digits for fractions of a second.

To work with values in this field, use the APIs described in the
Protocol Buffers reference.
In some languages, built-in datetime utilities do not support nanosecond precision (9 digits).

updatedAt

string (date-time)

Required field. The timestamp of the last update operation

String in RFC3339 text format. The range of possible values is from
0001-01-01T00:00:00Z to 9999-12-31T23:59:59.999999999Z, i.e. from 0 to 9 digits for fractions of a second.

To work with values in this field, use the APIs described in the
Protocol Buffers reference.
In some languages, built-in datetime utilities do not support nanosecond precision (9 digits).

name

string

Name of the trail

description

string

Description of the trail

labels

object (map<string, string>)

Custom labels of the trail as key:value pairs. Maximum 64 per key

destination

Destination

Required field. Destination configuration of the trail

serviceAccountId

string

Service account ID of the trail

status

enum (Status)

Required field. Status of the trail

• STATUS_UNSPECIFIED
• ACTIVE: The trail is active and Audit events are processed
• ERROR: The trail configuration has issues that are preventing Audit Trails from delivering events
• DELETED: The trail is being deleted

filter

Filter

Filtering configuration of the trail
deprecated: use filtering_policy instead

statusErrorMessage

string

Current error message of the trail. Empty in case if the trail is active

cloudId

string

Required field. ID of the cloud that the trail belongs to

filteringPolicy

FilteringPolicy

Event filtering policy
Describes which groups of events will be sent and which resources will be monitored

Field

Description

objectStorage

ObjectStorage

Configuration for event delivery to Object Storage

Uploaded objects will have prefix <trail_id>/ by default

Includes only one of the fields objectStorage, cloudLogging, dataStream.

cloudLogging

CloudLogging

Configuration for event delivery to Cloud Logging

Includes only one of the fields objectStorage, cloudLogging, dataStream.

dataStream

DataStream

Configuration for event delivery to YDS

Includes only one of the fields objectStorage, cloudLogging, dataStream.

Field

Description

bucketId

string

Name of the destination bucket

objectPrefix

string

Prefix for exported objects. Optional
If specified, uploaded objects will have prefix <object_prefix>/<trail_id>/

Field

Description

logGroupId

string

ID of the Cloud Logging destination group

Includes only one of the fields logGroupId.

Field

Description

databaseId

string

ID of the database hosting the destination YDS

streamName

string

Name of the destination YDS

Field

Description

pathFilter

PathFilter

Configuration of default events gathering for the trail
If not specified, default events won't be gathered for the trail

eventFilter

EventFilter

Required field. Configuration of additional events gathering from specific services

Field

Description

root

PathFilterElement

Required field. Root element of the resource path filter for the trail
Resource described in that filter node must contain the trail itself

Field

Description

anyFilter

PathFilterElementAny

Filter element with ANY type. If used, configures the trail to gather any events from the resource

Includes only one of the fields anyFilter, someFilter.

someFilter

PathFilterElementSome

Filter element with SOME type. If used, configures the trail to gather some of the events from the resource

Includes only one of the fields anyFilter, someFilter.

Field

Description

resource

Resource

Required field. Resource definition

Field

Description

id

string

Required field. ID of the resource

type

string

Required field. Type of the resource

Field

Description

resource

Resource

Required field. Definition of the resource that contains nested resources

filters[]

PathFilterElement

Filters for the resources contained in the parent resource

Field

Description

filters[]

EventFilterElement

List of filters for services

Field

Description

service

string

Required field. Service ID of the gathered events

categories[]

EventFilterElementCategory

List of the event categories gathered for a specified service

pathFilter

PathFilter

Required field. Resource path filter for a specified service

Field

Description

plane

enum (EventCategoryFilter)

Required field. Plane of the gathered category

• EVENT_CATEGORY_FILTER_UNSPECIFIED
• CONTROL_PLANE: The events that are generated during the interaction with the service's resources
• DATA_PLANE: Events that are generated during interaction with data within the service's resources

type

enum (EventAccessTypeFilter)

Required field. Type of the gathered category

• EVENT_ACCESS_TYPE_FILTER_UNSPECIFIED
• WRITE: Events for operations that do perform some modification
• READ: Events for operations that do not perform any modifications

Field

Description

managementEventsFilter

ManagementEventsFiltering

Singular filter describing gathering management events

dataEventsFilters[]

DataEventsFiltering

List of filters describing gathering data events

Field

Description

resourceScopes[]

Resource

A list of resources which will be monitored by the trail

Field

Description

service

string

Required field. Name of the service whose events will be delivered

includedEvents

EventTypes

Explicitly included events of specified service
New events of the service won't be delivered by default

Includes only one of the fields includedEvents, excludedEvents.

excludedEvents

EventTypes

Explicitly excluded events of specified service
New events of the service will be delivered by default

Includes only one of the fields includedEvents, excludedEvents.

dnsFilter

DnsDataEventsFilter

Filter is allowed only if service = dns

Includes only one of the fields dnsFilter.

resourceScopes[]

Resource

A list of resources which will be monitored by the trail

Field

Description

eventTypes[]

string

Field

Description

onlyRecursiveQueries

boolean

Only recursive queries will be delivered