open-vault/website/source/api/system/audit.html.md

126 lines
3.2 KiB
Markdown
Raw Normal View History

---
2017-03-17 18:06:03 +00:00
layout: "api"
page_title: "/sys/audit - HTTP API"
sidebar_title: "<code>/sys/audit</code>"
New Docs Website (#5535) * conversion stage 1 * correct image paths * add sidebar title to frontmatter * docs/concepts and docs/internals * configuration docs and multi-level nav corrections * commands docs, index file corrections, small item nav correction * secrets converted * auth * add enterprise and agent docs * add extra dividers * secret section, wip * correct sidebar nav title in front matter for apu section, start working on api items * auth and backend, a couple directory structure fixes * remove old docs * intro side nav converted * reset sidebar styles, add hashi-global-styles * basic styling for nav sidebar * folder collapse functionality * patch up border length on last list item * wip restructure for content component * taking middleman hacking to the extreme, but its working * small css fix * add new mega nav * fix a small mistake from the rebase * fix a content resolution issue with middleman * title a couple missing docs pages * update deps, remove temporary markup * community page * footer to layout, community page css adjustments * wip downloads page * deps updated, downloads page ready * fix community page * homepage progress * add components, adjust spacing * docs and api landing pages * a bunch of fixes, add docs and api landing pages * update deps, add deploy scripts * add readme note * update deploy command * overview page, index title * Update doc fields Note this still requires the link fields to be populated -- this is solely related to copy on the description fields * Update api_basic_categories.yml Updated API category descriptions. Like the document descriptions you'll still need to update the link headers to the proper target pages. * Add bottom hero, adjust CSS, responsive friendly * Add mega nav title * homepage adjustments, asset boosts * small fixes * docs page styling fixes * meganav title * some category link corrections * Update API categories page updated to reflect the second level headings for api categories * Update docs_detailed_categories.yml Updated to represent the existing docs structure * Update docs_detailed_categories.yml * docs page data fix, extra operator page remove * api data fix * fix makefile * update deps, add product subnav to docs and api landing pages * Rearrange non-hands-on guides to _docs_ Since there is no place for these on learn.hashicorp, we'll put them under _docs_. * WIP Redirects for guides to docs * content and component updates * font weight hotfix, redirects * fix guides and intro sidenavs * fix some redirects * small style tweaks * Redirects to learn and internally to docs * Remove redirect to `/vault` * Remove `.html` from destination on redirects * fix incorrect index redirect * final touchups * address feedback from michell for makefile and product downloads
2018-10-19 15:40:11 +00:00
sidebar_current: "api-http-system-audit/"
description: |-
2017-09-21 21:14:40 +00:00
The `/sys/audit` endpoint is used to enable and disable audit devices.
---
# `/sys/audit`
2017-09-21 21:14:40 +00:00
The `/sys/audit` endpoint is used to list, enable, and disable audit devices.
Audit devices must be enabled before use, and more than one device may be
enabled at a time.
2017-09-21 21:14:40 +00:00
## List Enabled Audit Devices
2017-09-21 21:14:40 +00:00
This endpoint lists only the enabled audit devices (it does not list all
available audit devices).
- **`sudo` required**  This endpoint requires `sudo` capability in addition to
any path-specific capabilities.
| Method | Path |
| :--------------------------- | :--------------------- |
| `GET` | `/sys/audit` |
### Sample Request
```
$ curl \
--header "X-Vault-Token: ..." \
2018-03-23 15:41:51 +00:00
http://127.0.0.1:8200/v1/sys/audit
```
### Sample Response
```javascript
{
"file": {
"type": "file",
"description": "Store logs in a file",
"options": {
"file_path": "/var/log/vault.log"
}
}
}
```
2017-09-21 21:14:40 +00:00
## Enable Audit Device
2017-09-21 21:14:40 +00:00
This endpoint enables a new audit device at the supplied path. The path can be a
single word name or a more complex, nested path.
- **`sudo` required**  This endpoint requires `sudo` capability in addition to
any path-specific capabilities.
| Method | Path |
| :--------------------------- | :--------------------- |
| `PUT` | `/sys/audit/:path` |
### Parameters
2017-09-21 21:14:40 +00:00
- `path` `(string: <required>)`  Specifies the path in which to enable the audit
device. This is part of the request URL.
- `description` `(string: "")`  Specifies a human-friendly description of the
2017-09-21 21:14:40 +00:00
audit device.
- `options` `(map<string|string>: nil)`  Specifies configuration options to
2017-09-21 21:14:40 +00:00
pass to the audit device itself. This is dependent on the audit device type.
2017-09-21 21:14:40 +00:00
- `type` `(string: <required>)`  Specifies the type of the audit device.
Additionally, the following options are allowed in Vault open-source, but
relevant functionality is only supported in Vault Enterprise:
2017-09-21 21:14:40 +00:00
- `local` `(bool: false)` Specifies if the audit device is a local only. Local
audit devices are not replicated nor (if a secondary) removed by replication.
### Sample Payload
```json
{
"type": "file",
"options": {
"file_path": "/var/log/vault/log"
}
}
```
### Sample Request
```
$ curl \
--header "X-Vault-Token: ..." \
--request PUT \
--data @payload.json \
2018-03-23 15:41:51 +00:00
http://127.0.0.1:8200/v1/sys/audit/example-audit
```
2017-09-21 21:14:40 +00:00
## Disable Audit Device
2017-09-21 21:14:40 +00:00
This endpoint disables the audit device at the given path.
- **`sudo` required**  This endpoint requires `sudo` capability in addition to
any path-specific capabilities.
| Method | Path |
| :--------------------------- | :--------------------- |
| `DELETE` | `/sys/audit/:path` |
### Parameters
2017-09-21 21:14:40 +00:00
- `path` `(string: <required>)`  Specifies the path of the audit device to
delete. This is part of the request URL.
### Sample Request
```
$ curl \
--header "X-Vault-Token: ..." \
--request DELETE \
2018-03-23 15:41:51 +00:00
http://127.0.0.1:8200/v1/sys/audit/example-audit
```