Contact UsTry it for free
© 2026 Direct Cursus Technology L.L.C.

Audit Trails API, REST: Trail.Update

Written by
Updated at April 15, 2026

Updates the specified trail.

HTTP request

PATCH https://audittrails.api.cloud.yandex.net/audit-trails/v1/trails/{trailId}

Path parameters

Field

Description

trailId

string

Required field. ID of the trail to update.

The maximum string length in characters is 50.

Body parameters

{
  "updateMask": "string",
  "name": "string",
  "description": "string",
  "labels": "object",
  "destination": {
    // Includes only one of the fields `objectStorage`, `cloudLogging`, `dataStream`, `eventrouter`
    "objectStorage": {
      "bucketId": "string",
      "objectPrefix": "string"
    },
    "cloudLogging": {
      // Includes only one of the fields `logGroupId`
      "logGroupId": "string"
      // end of the list of possible fields
    },
    "dataStream": {
      "databaseId": "string",
      "streamName": "string",
      "codec": "string"
    },
    "eventrouter": {
      "eventrouterConnectorId": "string"
    }
    // end of the list of possible fields
  },
  "serviceAccountId": "string",
  "filter": {
    "pathFilter": {
      "root": {
        // Includes only one of the fields `anyFilter`, `someFilter`
        "anyFilter": {
          "resource": {
            "id": "string",
            "type": "string"
          }
        },
        "someFilter": {
          "resource": {
            "id": "string",
            "type": "string"
          },
          "filters": [
            "object"
          ]
        }
        // end of the list of possible fields
      }
    },
    "eventFilter": {
      "filters": [
        {
          "service": "string",
          "categories": [
            {
              "plane": "string",
              "type": "string"
            }
          ],
          "pathFilter": {
            "root": {
              // Includes only one of the fields `anyFilter`, `someFilter`
              "anyFilter": {
                "resource": {
                  "id": "string",
                  "type": "string"
                }
              },
              "someFilter": {
                "resource": {
                  "id": "string",
                  "type": "string"
                },
                "filters": [
                  "object"
                ]
              }
              // end of the list of possible fields
            }
          }
        }
      ]
    }
  },
  "filteringPolicy": {
    "managementEventsFilter": {
      "resourceScopes": [
        {
          "id": "string",
          "type": "string"
        }
      ]
    },
    "dataEventsFilters": [
      {
        "service": "string",
        // Includes only one of the fields `includedEvents`, `excludedEvents`
        "includedEvents": {
          "eventTypes": [
            "string"
          ]
        },
        "excludedEvents": {
          "eventTypes": [
            "string"
          ]
        },
        // end of the list of possible fields
        // Includes only one of the fields `dnsFilter`
        "dnsFilter": {
          "includeNonrecursiveQueries": "boolean"
        },
        // end of the list of possible fields
        "resourceScopes": [
          {
            "id": "string",
            "type": "string"
          }
        ]
      }
    ]
  }
}

Field

Description

updateMask

string (field-mask)

A comma-separated names off ALL fields to be updated.
Only the specified fields will be changed. The others will be left untouched.
If the field is specified in updateMask and no value for that field was sent in the request,
the field's value will be reset to the default. The default value for most fields is null or 0.

If updateMask is not sent in the request, all fields' values will be updated.
Fields specified in the request will be updated to provided values.
The rest of the fields will be reset to the default.

name

string

New name of the trail.

Value must match the regular expression |[a-z]([-a-z0-9]{0,61}[a-z0-9])?.

description

string

New description of the trail.

The maximum string length in characters is 1024.

labels

object (map<string, string>)

New custom labels for the secret as key:value pairs. Maximum 64 per key.

No more than 64 per resource. The maximum string length in characters for each value is 63. Each value must match the regular expression [-_0-9a-z]*. The maximum string length in characters for each key is 63. Each key must match the regular expression [a-z][-_0-9a-z]*.

destination

Destination

New destination configuration for the trail

serviceAccountId

string

New service account ID of the trail

The maximum string length in characters is 50.

filter

Filter

Updated filtering configuration of the trail
deprecated: use filtering_policy instead

filteringPolicy

FilteringPolicy

Updated event filtering policy

Destination

Field

Description

objectStorage

ObjectStorage

Configuration for event delivery to Object Storage

Uploaded objects will have prefix <trail_id>/ by default

Includes only one of the fields objectStorage, cloudLogging, dataStream, eventrouter.

cloudLogging

CloudLogging

Configuration for event delivery to Cloud Logging

Includes only one of the fields objectStorage, cloudLogging, dataStream, eventrouter.

dataStream

DataStream

Configuration for event delivery to YDS

Includes only one of the fields objectStorage, cloudLogging, dataStream, eventrouter.

eventrouter

EventRouter

Configuration for event delivery to EventRouter

Includes only one of the fields objectStorage, cloudLogging, dataStream, eventrouter.

ObjectStorage

Field

Description

bucketId

string

Name of the destination bucket

The string length in characters must be 3-63.

objectPrefix

string

Prefix for exported objects. Optional
If specified, uploaded objects will have prefix <object_prefix>/<trail_id>/

CloudLogging

Field

Description

logGroupId

string

ID of the Cloud Logging destination group

The maximum string length in characters is 64.

Includes only one of the fields logGroupId.

DataStream

Field

Description

databaseId

string

ID of the database hosting the destination YDS

streamName

string

Name of the destination YDS

codec

enum (Codec)

Codec for compressing events

  • RAW
  • GZIP
  • ZSTD

EventRouter

Field

Description

eventrouterConnectorId

string

ID of the EventRouter Connector

The maximum string length in characters is 64.

Filter

Field

Description

pathFilter

PathFilter

Configuration of default events gathering for the trail
If not specified, default events won't be gathered for the trail

eventFilter

EventFilter

Required field. Configuration of additional events gathering from specific services

PathFilter

Field

Description

root

PathFilterElement

Required field. Root element of the resource path filter for the trail
Resource described in that filter node must contain the trail itself

PathFilterElement

Field

Description

anyFilter

PathFilterElementAny

Filter element with ANY type. If used, configures the trail to gather any events from the resource

Includes only one of the fields anyFilter, someFilter.

someFilter

PathFilterElementSome

Filter element with SOME type. If used, configures the trail to gather some of the events from the resource

Includes only one of the fields anyFilter, someFilter.

PathFilterElementAny

Field

Description

resource

Resource

Required field. Resource definition

Resource

Field

Description

id

string

Required field. ID of the resource

The maximum string length in characters is 64.

type

string

Required field. Type of the resource

The maximum string length in characters is 50.

PathFilterElementSome

Field

Description

resource

Resource

Required field. Definition of the resource that contains nested resources

filters[]

PathFilterElement

Filters for the resources contained in the parent resource

The number of elements must be greater than 0.

EventFilter

Field

Description

filters[]

EventFilterElement

List of filters for services

The minimum number of elements is 0.

EventFilterElement

Field

Description

service

string

Required field. Service ID of the gathered events

categories[]

EventFilterElementCategory

List of the event categories gathered for a specified service

The number of elements must be greater than 0.

pathFilter

PathFilter

Required field. Resource path filter for a specified service

EventFilterElementCategory

Field

Description

plane

enum (EventCategoryFilter)

Required field. Plane of the gathered category

  • CONTROL_PLANE: The events that are generated during the interaction with the service's resources
  • DATA_PLANE: Events that are generated during interaction with data within the service's resources

type

enum (EventAccessTypeFilter)

Required field. Type of the gathered category

  • WRITE: Events for operations that do perform some modification
  • READ: Events for operations that do not perform any modifications

FilteringPolicy

Combination of policies describing event filtering process of the trail
At least one filed must be filled

Field

Description

managementEventsFilter

ManagementEventsFiltering

Singular filter describing gathering management events

dataEventsFilters[]

DataEventsFiltering

List of filters describing gathering data events

The number of elements must be less than 128.

ManagementEventsFiltering

Policy for gathering management events

Field

Description

resourceScopes[]

Resource

A list of resources which will be monitored by the trail

The number of elements must be in the range 1-1024.

DataEventsFiltering

Policy for gathering data events

Field

Description

service

string

Required field. Name of the service whose events will be delivered

includedEvents

EventTypes

Explicitly included events of specified service
New events of the service won't be delivered by default

Includes only one of the fields includedEvents, excludedEvents.

excludedEvents

EventTypes

Explicitly excluded events of specified service
New events of the service will be delivered by default

Includes only one of the fields includedEvents, excludedEvents.

dnsFilter

DnsDataEventsFilter

Filter is allowed only if service = dns

Includes only one of the fields dnsFilter.

resourceScopes[]

Resource

A list of resources which will be monitored by the trail

The number of elements must be in the range 1-1024.

EventTypes

Policy with explicitly specified event group

Field

Description

eventTypes[]

string

The number of elements must be in the range 1-1024.

DnsDataEventsFilter

Field

Description

includeNonrecursiveQueries

boolean

Not only recursive queries will be delivered

Response

HTTP Code: 200 - OK

{
  "id": "string",
  "description": "string",
  "createdAt": "string",
  "createdBy": "string",
  "modifiedAt": "string",
  "done": "boolean",
  "metadata": {
    "trailId": "string"
  },
  // Includes only one of the fields `error`, `response`
  "error": {
    "code": "integer",
    "message": "string",
    "details": [
      "object"
    ]
  },
  "response": {
    "id": "string",
    "folderId": "string",
    "createdAt": "string",
    "updatedAt": "string",
    "name": "string",
    "description": "string",
    "labels": "object",
    "destination": {
      // Includes only one of the fields `objectStorage`, `cloudLogging`, `dataStream`, `eventrouter`
      "objectStorage": {
        "bucketId": "string",
        "objectPrefix": "string"
      },
      "cloudLogging": {
        // Includes only one of the fields `logGroupId`
        "logGroupId": "string"
        // end of the list of possible fields
      },
      "dataStream": {
        "databaseId": "string",
        "streamName": "string",
        "codec": "string"
      },
      "eventrouter": {
        "eventrouterConnectorId": "string"
      }
      // end of the list of possible fields
    },
    "serviceAccountId": "string",
    "status": "string",
    "filter": {
      "pathFilter": {
        "root": {
          // Includes only one of the fields `anyFilter`, `someFilter`
          "anyFilter": {
            "resource": {
              "id": "string",
              "type": "string"
            }
          },
          "someFilter": {
            "resource": {
              "id": "string",
              "type": "string"
            },
            "filters": [
              "object"
            ]
          }
          // end of the list of possible fields
        }
      },
      "eventFilter": {
        "filters": [
          {
            "service": "string",
            "categories": [
              {
                "plane": "string",
                "type": "string"
              }
            ],
            "pathFilter": {
              "root": {
                // Includes only one of the fields `anyFilter`, `someFilter`
                "anyFilter": {
                  "resource": {
                    "id": "string",
                    "type": "string"
                  }
                },
                "someFilter": {
                  "resource": {
                    "id": "string",
                    "type": "string"
                  },
                  "filters": [
                    "object"
                  ]
                }
                // end of the list of possible fields
              }
            }
          }
        ]
      }
    },
    "statusErrorMessage": "string",
    "cloudId": "string",
    "filteringPolicy": {
      "managementEventsFilter": {
        "resourceScopes": [
          {
            "id": "string",
            "type": "string"
          }
        ]
      },
      "dataEventsFilters": [
        {
          "service": "string",
          // Includes only one of the fields `includedEvents`, `excludedEvents`
          "includedEvents": {
            "eventTypes": [
              "string"
            ]
          },
          "excludedEvents": {
            "eventTypes": [
              "string"
            ]
          },
          // end of the list of possible fields
          // Includes only one of the fields `dnsFilter`
          "dnsFilter": {
            "includeNonrecursiveQueries": "boolean"
          },
          // end of the list of possible fields
          "resourceScopes": [
            {
              "id": "string",
              "type": "string"
            }
          ]
        }
      ]
    }
  }
  // end of the list of possible fields
}

An Operation resource. For more information, see Operation.

Field

Description

id

string

ID of the operation.

description

string

Description of the operation. 0-256 characters long.

createdAt

string (date-time)

Creation timestamp.

String in RFC3339 text format. The range of possible values is from
0001-01-01T00:00:00Z to 9999-12-31T23:59:59.999999999Z, i.e. from 0 to 9 digits for fractions of a second.

To work with values in this field, use the APIs described in the
Protocol Buffers reference.
In some languages, built-in datetime utilities do not support nanosecond precision (9 digits).

createdBy

string

ID of the user or service account who initiated the operation.

modifiedAt

string (date-time)

The time when the Operation resource was last modified.

String in RFC3339 text format. The range of possible values is from
0001-01-01T00:00:00Z to 9999-12-31T23:59:59.999999999Z, i.e. from 0 to 9 digits for fractions of a second.

To work with values in this field, use the APIs described in the
Protocol Buffers reference.
In some languages, built-in datetime utilities do not support nanosecond precision (9 digits).

done

boolean

If the value is false, it means the operation is still in progress.
If true, the operation is completed, and either error or response is available.

metadata

UpdateTrailMetadata

Service-specific metadata associated with the operation.
It typically contains the ID of the target resource that the operation is performed on.
Any method that returns a long-running operation should document the metadata type, if any.

error

Status

The error result of the operation in case of failure or cancellation.

Includes only one of the fields error, response.

The operation result.
If done == false and there was no failure detected, neither error nor response is set.
If done == false and there was a failure detected, error is set.
If done == true, exactly one of error or response is set.

response

Trail

The normal response of the operation in case of success.
If the original method returns no data on success, such as Delete,
the response is google.protobuf.Empty.
If the original method is the standard Create/Update,
the response should be the target resource of the operation.
Any method that returns a long-running operation should document the response type, if any.

Includes only one of the fields error, response.

The operation result.
If done == false and there was no failure detected, neither error nor response is set.
If done == false and there was a failure detected, error is set.
If done == true, exactly one of error or response is set.

UpdateTrailMetadata

Field

Description

trailId

string

ID of the trail that is being updated

Status

The error result of the operation in case of failure or cancellation.

Field

Description

code

integer (int32)

Error code. An enum value of google.rpc.Code.

message

string

An error message.

details[]

object

A list of messages that carry the error details.

Trail

Trail describes the filtering and destination configuration of the process of sending Audit events

Field

Description

id

string

ID of the trail

folderId

string

Required field. ID of the folder that the trail belongs to

The maximum string length in characters is 50.

createdAt

string (date-time)

Required field. The timestamp for the creation operation

String in RFC3339 text format. The range of possible values is from
0001-01-01T00:00:00Z to 9999-12-31T23:59:59.999999999Z, i.e. from 0 to 9 digits for fractions of a second.

To work with values in this field, use the APIs described in the
Protocol Buffers reference.
In some languages, built-in datetime utilities do not support nanosecond precision (9 digits).

updatedAt

string (date-time)

Required field. The timestamp of the last update operation

String in RFC3339 text format. The range of possible values is from
0001-01-01T00:00:00Z to 9999-12-31T23:59:59.999999999Z, i.e. from 0 to 9 digits for fractions of a second.

To work with values in this field, use the APIs described in the
Protocol Buffers reference.
In some languages, built-in datetime utilities do not support nanosecond precision (9 digits).

name

string

Name of the trail

Value must match the regular expression |[a-z]([-a-z0-9]{0,61}[a-z0-9])?.

description

string

Description of the trail

The maximum string length in characters is 1024.

labels

object (map<string, string>)

Custom labels of the trail as key:value pairs. Maximum 64 per key

No more than 64 per resource. The maximum string length in characters for each value is 63. Each value must match the regular expression [-_0-9a-z]*. The maximum string length in characters for each key is 63. Each key must match the regular expression [a-z][-_0-9a-z]*.

destination

Destination

Required field. Destination configuration of the trail

serviceAccountId

string

Service account ID of the trail

The maximum string length in characters is 50.

status

enum (Status)

Required field. Status of the trail

  • ACTIVE: The trail is active and Audit events are processed
  • ERROR: The trail configuration has issues that are preventing Audit Trails from delivering events
  • DELETED: The trail is being deleted

filter

Filter

Filtering configuration of the trail
deprecated: use filtering_policy instead

statusErrorMessage

string

Current error message of the trail. Empty in case if the trail is active

cloudId

string

Required field. ID of the cloud that the trail belongs to

The maximum string length in characters is 50.

filteringPolicy

FilteringPolicy

Event filtering policy
Describes which groups of events will be sent and which resources will be monitored

Destination

Field

Description

objectStorage

ObjectStorage

Configuration for event delivery to Object Storage

Uploaded objects will have prefix <trail_id>/ by default

Includes only one of the fields objectStorage, cloudLogging, dataStream, eventrouter.

cloudLogging

CloudLogging

Configuration for event delivery to Cloud Logging

Includes only one of the fields objectStorage, cloudLogging, dataStream, eventrouter.

dataStream

DataStream

Configuration for event delivery to YDS

Includes only one of the fields objectStorage, cloudLogging, dataStream, eventrouter.

eventrouter

EventRouter

Configuration for event delivery to EventRouter

Includes only one of the fields objectStorage, cloudLogging, dataStream, eventrouter.

ObjectStorage

Field

Description

bucketId

string

Name of the destination bucket

The string length in characters must be 3-63.

objectPrefix

string

Prefix for exported objects. Optional
If specified, uploaded objects will have prefix <object_prefix>/<trail_id>/

CloudLogging

Field

Description

logGroupId

string

ID of the Cloud Logging destination group

The maximum string length in characters is 64.

Includes only one of the fields logGroupId.

DataStream

Field

Description

databaseId

string

ID of the database hosting the destination YDS

streamName

string

Name of the destination YDS

codec

enum (Codec)

Codec for compressing events

  • RAW
  • GZIP
  • ZSTD

EventRouter

Field

Description

eventrouterConnectorId

string

ID of the EventRouter Connector

The maximum string length in characters is 64.

Filter

Field

Description

pathFilter

PathFilter

Configuration of default events gathering for the trail
If not specified, default events won't be gathered for the trail

eventFilter

EventFilter

Required field. Configuration of additional events gathering from specific services

PathFilter

Field

Description

root

PathFilterElement

Required field. Root element of the resource path filter for the trail
Resource described in that filter node must contain the trail itself

PathFilterElement

Field

Description

anyFilter

PathFilterElementAny

Filter element with ANY type. If used, configures the trail to gather any events from the resource

Includes only one of the fields anyFilter, someFilter.

someFilter

PathFilterElementSome

Filter element with SOME type. If used, configures the trail to gather some of the events from the resource

Includes only one of the fields anyFilter, someFilter.

PathFilterElementAny

Field

Description

resource

Resource

Required field. Resource definition

Resource

Field

Description

id

string

Required field. ID of the resource

The maximum string length in characters is 64.

type

string

Required field. Type of the resource

The maximum string length in characters is 50.

PathFilterElementSome

Field

Description

resource

Resource

Required field. Definition of the resource that contains nested resources

filters[]

PathFilterElement

Filters for the resources contained in the parent resource

The number of elements must be greater than 0.

EventFilter

Field

Description

filters[]

EventFilterElement

List of filters for services

The minimum number of elements is 0.

EventFilterElement

Field

Description

service

string

Required field. Service ID of the gathered events

categories[]

EventFilterElementCategory

List of the event categories gathered for a specified service

The number of elements must be greater than 0.

pathFilter

PathFilter

Required field. Resource path filter for a specified service

EventFilterElementCategory

Field

Description

plane

enum (EventCategoryFilter)

Required field. Plane of the gathered category

  • CONTROL_PLANE: The events that are generated during the interaction with the service's resources
  • DATA_PLANE: Events that are generated during interaction with data within the service's resources

type

enum (EventAccessTypeFilter)

Required field. Type of the gathered category

  • WRITE: Events for operations that do perform some modification
  • READ: Events for operations that do not perform any modifications

FilteringPolicy

Combination of policies describing event filtering process of the trail
At least one filed must be filled

Field

Description

managementEventsFilter

ManagementEventsFiltering

Singular filter describing gathering management events

dataEventsFilters[]

DataEventsFiltering

List of filters describing gathering data events

The number of elements must be less than 128.

ManagementEventsFiltering

Policy for gathering management events

Field

Description

resourceScopes[]

Resource

A list of resources which will be monitored by the trail

The number of elements must be in the range 1-1024.

DataEventsFiltering

Policy for gathering data events

Field

Description

service

string

Required field. Name of the service whose events will be delivered

includedEvents

EventTypes

Explicitly included events of specified service
New events of the service won't be delivered by default

Includes only one of the fields includedEvents, excludedEvents.

excludedEvents

EventTypes

Explicitly excluded events of specified service
New events of the service will be delivered by default

Includes only one of the fields includedEvents, excludedEvents.

dnsFilter

DnsDataEventsFilter

Filter is allowed only if service = dns

Includes only one of the fields dnsFilter.

resourceScopes[]

Resource

A list of resources which will be monitored by the trail

The number of elements must be in the range 1-1024.

EventTypes

Policy with explicitly specified event group

Field

Description

eventTypes[]

string

The number of elements must be in the range 1-1024.

DnsDataEventsFilter

Field

Description

includeNonrecursiveQueries

boolean

Not only recursive queries will be delivered
Previous
Create
Next
Delete
© 2026 Direct Cursus Technology L.L.C.