Audit Trails API, REST: Trail.Create
- HTTP request
- Body parameters
- Destination
- ObjectStorage
- CloudLogging
- DataStream
- Filter
- PathFilter
- PathFilterElement
- PathFilterElementAny
- Resource
- PathFilterElementSome
- EventFilter
- EventFilterElement
- EventFilterElementCategory
- FilteringPolicy
- ManagementEventsFiltering
- DataEventsFiltering
- EventTypes
- Response
- CreateTrailMetadata
- Status
- Trail
- Destination
- ObjectStorage
- CloudLogging
- DataStream
- Filter
- PathFilter
- PathFilterElement
- PathFilterElementAny
- Resource
- PathFilterElementSome
- EventFilter
- EventFilterElement
- EventFilterElementCategory
- FilteringPolicy
- ManagementEventsFiltering
- DataEventsFiltering
- EventTypes
Creates a trail in the specified folder.
HTTP request
POST https://audittrails.api.cloud.yandex.net/audit-trails/v1/trails
Body parameters
{
"folderId": "string",
"name": "string",
"description": "string",
"labels": "object",
"destination": {
// Includes only one of the fields `objectStorage`, `cloudLogging`, `dataStream`
"objectStorage": {
"bucketId": "string",
"objectPrefix": "string"
},
"cloudLogging": {
// Includes only one of the fields `logGroupId`
"logGroupId": "string"
// end of the list of possible fields
},
"dataStream": {
"databaseId": "string",
"streamName": "string"
}
// end of the list of possible fields
},
"serviceAccountId": "string",
"filter": {
"pathFilter": {
"root": {
// Includes only one of the fields `anyFilter`, `someFilter`
"anyFilter": {
"resource": {
"id": "string",
"type": "string"
}
},
"someFilter": {
"resource": {
"id": "string",
"type": "string"
},
"filters": [
"object"
]
}
// end of the list of possible fields
}
},
"eventFilter": {
"filters": [
{
"service": "string",
"categories": [
{
"plane": "string",
"type": "string"
}
],
"pathFilter": {
"root": {
// Includes only one of the fields `anyFilter`, `someFilter`
"anyFilter": {
"resource": {
"id": "string",
"type": "string"
}
},
"someFilter": {
"resource": {
"id": "string",
"type": "string"
},
"filters": [
"object"
]
}
// end of the list of possible fields
}
}
}
]
}
},
"filteringPolicy": {
"managementEventsFilter": {
"resourceScopes": [
{
"id": "string",
"type": "string"
}
]
},
"dataEventsFilters": [
{
"service": "string",
// Includes only one of the fields `includedEvents`, `excludedEvents`
"includedEvents": {
"eventTypes": [
"string"
]
},
"excludedEvents": {
"eventTypes": [
"string"
]
},
// end of the list of possible fields
"resourceScopes": [
{
"id": "string",
"type": "string"
}
]
}
]
}
}
Field |
Description |
folderId |
string Required field. ID of the folder to create a trail in. |
name |
string Name of the trail. |
description |
string Description of the trail. |
labels |
object (map<string, string>) Custom labels for the secret as |
destination |
Required field. Destination configuration for the trail |
serviceAccountId |
string Required field. Service account ID of the trail |
filter |
Event filtering configuration of the trail |
filteringPolicy |
Event filtering policy of the trail |
Destination
Field |
Description |
objectStorage |
Configuration for event delivery to Object Storage Uploaded objects will have prefix <trail_id>/ by default Includes only one of the fields |
cloudLogging |
Configuration for event delivery to Cloud Logging Includes only one of the fields |
dataStream |
Configuration for event delivery to YDS Includes only one of the fields |
ObjectStorage
Field |
Description |
bucketId |
string Name of the destination bucket |
objectPrefix |
string Prefix for exported objects. Optional |
CloudLogging
Field |
Description |
logGroupId |
string ID of the Cloud Logging destination group Includes only one of the fields |
DataStream
Field |
Description |
databaseId |
string ID of the database hosting the destination YDS |
streamName |
string Name of the destination YDS |
Filter
Field |
Description |
pathFilter |
Configuration of default events gathering for the trail |
eventFilter |
Required field. Configuration of additional events gathering from specific services |
PathFilter
Field |
Description |
root |
Required field. Root element of the resource path filter for the trail |
PathFilterElement
Field |
Description |
anyFilter |
Filter element with ANY type. If used, configures the trail to gather any events from the resource Includes only one of the fields |
someFilter |
Filter element with SOME type. If used, configures the trail to gather some of the events from the resource Includes only one of the fields |
PathFilterElementAny
Field |
Description |
resource |
Required field. Resource definition |
Resource
Field |
Description |
id |
string Required field. ID of the resource |
type |
string Required field. Type of the resource |
PathFilterElementSome
Field |
Description |
resource |
Required field. Definition of the resource that contains nested resources |
filters[] |
Filters for the resources contained in the parent resource |
EventFilter
Field |
Description |
filters[] |
List of filters for services |
EventFilterElement
Field |
Description |
service |
string Required field. Service ID of the gathered events |
categories[] |
List of the event categories gathered for a specified service |
pathFilter |
Required field. Resource path filter for a specified service |
EventFilterElementCategory
Field |
Description |
plane |
enum (EventCategoryFilter) Required field. Plane of the gathered category
|
type |
enum (EventAccessTypeFilter) Required field. Type of the gathered category
|
FilteringPolicy
Combination of policies describing event filtering process of the trail
At least one filed must be filled
Field |
Description |
managementEventsFilter |
Singular filter describing gathering management events |
dataEventsFilters[] |
List of filters describing gathering data events |
ManagementEventsFiltering
Policy for gathering management events
Field |
Description |
resourceScopes[] |
A list of resources which will be monitored by the trail |
DataEventsFiltering
Policy for gathering data events
Field |
Description |
service |
string Required field. Name of the service whose events will be delivered |
includedEvents |
Explicitly included events of specified service Includes only one of the fields |
excludedEvents |
Explicitly excluded events of specified service Includes only one of the fields |
resourceScopes[] |
A list of resources which will be monitored by the trail |
EventTypes
Policy with explicitly specified event group
Field |
Description |
eventTypes[] |
string |
Response
HTTP Code: 200 - OK
{
"id": "string",
"description": "string",
"createdAt": "string",
"createdBy": "string",
"modifiedAt": "string",
"done": "boolean",
"metadata": {
"trailId": "string"
},
// Includes only one of the fields `error`, `response`
"error": {
"code": "integer",
"message": "string",
"details": [
"object"
]
},
"response": {
"id": "string",
"folderId": "string",
"createdAt": "string",
"updatedAt": "string",
"name": "string",
"description": "string",
"labels": "object",
"destination": {
// Includes only one of the fields `objectStorage`, `cloudLogging`, `dataStream`
"objectStorage": {
"bucketId": "string",
"objectPrefix": "string"
},
"cloudLogging": {
// Includes only one of the fields `logGroupId`
"logGroupId": "string"
// end of the list of possible fields
},
"dataStream": {
"databaseId": "string",
"streamName": "string"
}
// end of the list of possible fields
},
"serviceAccountId": "string",
"status": "string",
"filter": {
"pathFilter": {
"root": {
// Includes only one of the fields `anyFilter`, `someFilter`
"anyFilter": {
"resource": {
"id": "string",
"type": "string"
}
},
"someFilter": {
"resource": {
"id": "string",
"type": "string"
},
"filters": [
"object"
]
}
// end of the list of possible fields
}
},
"eventFilter": {
"filters": [
{
"service": "string",
"categories": [
{
"plane": "string",
"type": "string"
}
],
"pathFilter": {
"root": {
// Includes only one of the fields `anyFilter`, `someFilter`
"anyFilter": {
"resource": {
"id": "string",
"type": "string"
}
},
"someFilter": {
"resource": {
"id": "string",
"type": "string"
},
"filters": [
"object"
]
}
// end of the list of possible fields
}
}
}
]
}
},
"statusErrorMessage": "string",
"cloudId": "string",
"filteringPolicy": {
"managementEventsFilter": {
"resourceScopes": [
{
"id": "string",
"type": "string"
}
]
},
"dataEventsFilters": [
{
"service": "string",
// Includes only one of the fields `includedEvents`, `excludedEvents`
"includedEvents": {
"eventTypes": [
"string"
]
},
"excludedEvents": {
"eventTypes": [
"string"
]
},
// end of the list of possible fields
"resourceScopes": [
{
"id": "string",
"type": "string"
}
]
}
]
}
}
// end of the list of possible fields
}
An Operation resource. For more information, see Operation.
Field |
Description |
id |
string ID of the operation. |
description |
string Description of the operation. 0-256 characters long. |
createdAt |
string (date-time) Creation timestamp. String in RFC3339 To work with values in this field, use the APIs described in the |
createdBy |
string ID of the user or service account who initiated the operation. |
modifiedAt |
string (date-time) The time when the Operation resource was last modified. String in RFC3339 To work with values in this field, use the APIs described in the |
done |
boolean If the value is |
metadata |
Service-specific metadata associated with the operation. |
error |
The error result of the operation in case of failure or cancellation. Includes only one of the fields The operation result. |
response |
The normal response of the operation in case of success. Includes only one of the fields The operation result. |
CreateTrailMetadata
Field |
Description |
trailId |
string ID of the trail that is being created |
Status
The error result of the operation in case of failure or cancellation.
Field |
Description |
code |
integer (int32) Error code. An enum value of google.rpc.Code |
message |
string An error message. |
details[] |
object A list of messages that carry the error details. |
Trail
Trail describes the filtering and destination configuration of the process of sending Audit events
Field |
Description |
id |
string ID of the trail |
folderId |
string Required field. ID of the folder that the trail belongs to |
createdAt |
string (date-time) Required field. The timestamp for the creation operation String in RFC3339 To work with values in this field, use the APIs described in the |
updatedAt |
string (date-time) Required field. The timestamp of the last update operation String in RFC3339 To work with values in this field, use the APIs described in the |
name |
string Name of the trail |
description |
string Description of the trail |
labels |
object (map<string, string>) Custom labels of the trail as |
destination |
Required field. Destination configuration of the trail |
serviceAccountId |
string Service account ID of the trail |
status |
enum (Status) Required field. Status of the trail
|
filter |
Filtering configuration of the trail |
statusErrorMessage |
string Current error message of the trail. Empty in case if the trail is active |
cloudId |
string Required field. ID of the cloud that the trail belongs to |
filteringPolicy |
Event filtering policy |
Destination
Field |
Description |
objectStorage |
Configuration for event delivery to Object Storage Uploaded objects will have prefix <trail_id>/ by default Includes only one of the fields |
cloudLogging |
Configuration for event delivery to Cloud Logging Includes only one of the fields |
dataStream |
Configuration for event delivery to YDS Includes only one of the fields |
ObjectStorage
Field |
Description |
bucketId |
string Name of the destination bucket |
objectPrefix |
string Prefix for exported objects. Optional |
CloudLogging
Field |
Description |
logGroupId |
string ID of the Cloud Logging destination group Includes only one of the fields |
DataStream
Field |
Description |
databaseId |
string ID of the database hosting the destination YDS |
streamName |
string Name of the destination YDS |
Filter
Field |
Description |
pathFilter |
Configuration of default events gathering for the trail |
eventFilter |
Required field. Configuration of additional events gathering from specific services |
PathFilter
Field |
Description |
root |
Required field. Root element of the resource path filter for the trail |
PathFilterElement
Field |
Description |
anyFilter |
Filter element with ANY type. If used, configures the trail to gather any events from the resource Includes only one of the fields |
someFilter |
Filter element with SOME type. If used, configures the trail to gather some of the events from the resource Includes only one of the fields |
PathFilterElementAny
Field |
Description |
resource |
Required field. Resource definition |
Resource
Field |
Description |
id |
string Required field. ID of the resource |
type |
string Required field. Type of the resource |
PathFilterElementSome
Field |
Description |
resource |
Required field. Definition of the resource that contains nested resources |
filters[] |
Filters for the resources contained in the parent resource |
EventFilter
Field |
Description |
filters[] |
List of filters for services |
EventFilterElement
Field |
Description |
service |
string Required field. Service ID of the gathered events |
categories[] |
List of the event categories gathered for a specified service |
pathFilter |
Required field. Resource path filter for a specified service |
EventFilterElementCategory
Field |
Description |
plane |
enum (EventCategoryFilter) Required field. Plane of the gathered category
|
type |
enum (EventAccessTypeFilter) Required field. Type of the gathered category
|
FilteringPolicy
Combination of policies describing event filtering process of the trail
At least one filed must be filled
Field |
Description |
managementEventsFilter |
Singular filter describing gathering management events |
dataEventsFilters[] |
List of filters describing gathering data events |
ManagementEventsFiltering
Policy for gathering management events
Field |
Description |
resourceScopes[] |
A list of resources which will be monitored by the trail |
DataEventsFiltering
Policy for gathering data events
Field |
Description |
service |
string Required field. Name of the service whose events will be delivered |
includedEvents |
Explicitly included events of specified service Includes only one of the fields |
excludedEvents |
Explicitly excluded events of specified service Includes only one of the fields |
resourceScopes[] |
A list of resources which will be monitored by the trail |
EventTypes
Policy with explicitly specified event group
Field |
Description |
eventTypes[] |
string |