open-vault/website/source/api/system/audit.html.md
2017-04-28 14:33:27 -04:00

126 lines
3.3 KiB
Markdown
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

---
layout: "api"
page_title: "/sys/audit - HTTP API"
sidebar_current: "docs-http-system-audit/"
description: |-
The `/sys/audit` endpoint is used to enable and disable audit backends.
---
# `/sys/audit`
The `/sys/audit` endpoint is used to list, mount, and unmount audit backends.
Audit backends must be enabled before use, and more than one backend may be
enabled at a time.
## List Mounted Audit Backends
This endpoint lists only the mounted audit backends (it does not list all
available audit backends).
- **`sudo` required**  This endpoint requires `sudo` capability in addition to
any path-specific capabilities.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `GET` | `/sys/audit` | `200 application/json` |
### Sample Request
```
$ curl \
--header "X-Vault-Token: ..." \
https://vault.rocks/v1/sys/audit
```
### Sample Response
```javascript
{
"file": {
"type": "file",
"description": "Store logs in a file",
"options": {
"path": "/var/log/vault.log"
}
}
}
```
## Mount Audit Backend
This endpoint mounts a new audit backend at the supplied path. The path can be a
single word name or a more complex, nested path.
- **`sudo` required**  This endpoint requires `sudo` capability in addition to
any path-specific capabilities.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `PUT` | `/sys/audit/:path` | `204 (empty body)` |
### Parameters
- `path` `(string: <required>)`  Specifies the path in which to mount the audit
backend. This is part of the request URL.
- `description` `(string: "")`  Specifies a human-friendly description of the
audit backend.
- `options` `(map<string|string>: nil)`  Specifies configuration options to
pass to the audit backend itself. This is dependent on the audit backend type.
- `type` `(string: <required>)`  Specifies the type of the audit backend.
Additionally, the following options are allowed in Vault open-source, but
relevant functionality is only supported in Vault Enterprise:
- `local` `(bool: false)` Specifies if the audit backend is a local mount
only. Local mounts are not replicated nor (if a secondary) removed by
replication.
### Sample Payload
```json
{
"type": "file",
"options": {
"path": "/var/log/vault/log"
}
}
```
### Sample Request
```
$ curl \
--header "X-Vault-Token: ..." \
--request PUT \
--data @payload.json \
https://vault.rocks/v1/sys/audit/example-audit
```
## Unmount Audit Backend
This endpoint un-mounts the audit backend at the given path.
- **`sudo` required**  This endpoint requires `sudo` capability in addition to
any path-specific capabilities.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `DELETE` | `/sys/audit/:path` | `204 (empty body)` |
### Parameters
- `path` `(string: <required>)`  Specifies the path of the audit backend to
delete. This is part of the request URL.
### Sample Request
```
$ curl \
--header "X-Vault-Token: ..." \
--request DELETE \
https://vault.rocks/v1/sys/audit/example-audit
```