2017-03-15 06:40:33 +00:00
|
|
|
|
---
|
2017-03-17 18:06:03 +00:00
|
|
|
|
layout: "api"
|
2017-03-15 06:40:33 +00:00
|
|
|
|
page_title: "/sys/audit - HTTP API"
|
|
|
|
|
sidebar_current: "docs-http-system-audit/"
|
|
|
|
|
description: |-
|
|
|
|
|
The `/sys/audit` endpoint is used to enable and disable audit backends.
|
|
|
|
|
---
|
|
|
|
|
|
|
|
|
|
# `/sys/audit`
|
|
|
|
|
|
|
|
|
|
The `/sys/audit` endpoint is used to list, mount, and unmount audit backends.
|
|
|
|
|
Audit backends must be enabled before use, and more than one backend may be
|
|
|
|
|
enabled at a time.
|
|
|
|
|
|
|
|
|
|
## List Mounted Audit Backends
|
|
|
|
|
|
|
|
|
|
This endpoint lists only the mounted audit backends (it does not list all
|
|
|
|
|
available audit backends).
|
|
|
|
|
|
|
|
|
|
- **`sudo` required** – This endpoint requires `sudo` capability in addition to
|
|
|
|
|
any path-specific capabilities.
|
|
|
|
|
|
|
|
|
|
| Method | Path | Produces |
|
|
|
|
|
| :------- | :--------------------------- | :--------------------- |
|
|
|
|
|
| `GET` | `/sys/audit` | `200 application/json` |
|
|
|
|
|
|
|
|
|
|
### Sample Request
|
|
|
|
|
|
|
|
|
|
```
|
|
|
|
|
$ curl \
|
|
|
|
|
--header "X-Vault-Token: ..." \
|
|
|
|
|
https://vault.rocks/v1/sys/audit
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
### Sample Response
|
|
|
|
|
|
|
|
|
|
```javascript
|
|
|
|
|
{
|
|
|
|
|
"file": {
|
|
|
|
|
"type": "file",
|
|
|
|
|
"description": "Store logs in a file",
|
|
|
|
|
"options": {
|
|
|
|
|
"path": "/var/log/vault.log"
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
## Mount Audit Backend
|
|
|
|
|
|
|
|
|
|
This endpoint mounts a new audit backend at the supplied path. The path can be a
|
|
|
|
|
single word name or a more complex, nested path.
|
|
|
|
|
|
|
|
|
|
- **`sudo` required** – This endpoint requires `sudo` capability in addition to
|
|
|
|
|
any path-specific capabilities.
|
|
|
|
|
|
|
|
|
|
| Method | Path | Produces |
|
|
|
|
|
| :------- | :--------------------------- | :--------------------- |
|
|
|
|
|
| `PUT` | `/sys/audit/:path` | `204 (empty body)` |
|
|
|
|
|
|
|
|
|
|
### Parameters
|
|
|
|
|
|
|
|
|
|
- `path` `(string: <required>)` – Specifies the path in which to mount the audit
|
|
|
|
|
backend. This is part of the request URL.
|
|
|
|
|
|
|
|
|
|
- `description` `(string: "")` – Specifies a human-friendly description of the
|
|
|
|
|
audit backend.
|
|
|
|
|
|
|
|
|
|
- `options` `(map<string|string>: nil)` – Specifies configuration options to
|
|
|
|
|
pass to the audit backend itself. This is dependent on the audit backend type.
|
|
|
|
|
|
|
|
|
|
- `type` `(string: <required>)` – Specifies the type of the audit backend.
|
|
|
|
|
|
|
|
|
|
### Sample Payload
|
|
|
|
|
|
|
|
|
|
```json
|
|
|
|
|
{
|
|
|
|
|
"type": "file",
|
|
|
|
|
"options": {
|
|
|
|
|
"path": "/var/log/vault/log"
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
### Sample Request
|
|
|
|
|
|
|
|
|
|
```
|
|
|
|
|
$ curl \
|
|
|
|
|
--header "X-Vault-Token: ..." \
|
|
|
|
|
--request PUT \
|
|
|
|
|
--data @payload.json \
|
|
|
|
|
https://vault.rocks/v1/sys/audit/example-audit
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
## Unmount Audit Backend
|
|
|
|
|
|
|
|
|
|
This endpoint un-mounts the audit backend at the given path.
|
|
|
|
|
|
|
|
|
|
- **`sudo` required** – This endpoint requires `sudo` capability in addition to
|
|
|
|
|
any path-specific capabilities.
|
|
|
|
|
|
|
|
|
|
| Method | Path | Produces |
|
|
|
|
|
| :------- | :--------------------------- | :--------------------- |
|
|
|
|
|
| `DELETE` | `/sys/audit/:path` | `204 (empty body)` |
|
|
|
|
|
|
|
|
|
|
### Parameters
|
|
|
|
|
|
|
|
|
|
- `path` `(string: <required>)` – Specifies the path of the audit backend to
|
|
|
|
|
delete. This is part of the request URL.
|
|
|
|
|
|
|
|
|
|
### Sample Request
|
|
|
|
|
|
|
|
|
|
```
|
|
|
|
|
$ curl \
|
|
|
|
|
--header "X-Vault-Token: ..." \
|
|
|
|
|
--request DELETE \
|
|
|
|
|
https://vault.rocks/v1/sys/audit/example-audit
|
|
|
|
|
```
|