audit.update¶
Update default audit settings.
The following fields contain read-only data and are returned in calls to audit.config and audit.update: - space - remote_logging_enabled - enabled_services
No Additional Items
Tuple Validation
Parameter 1: data
data
Type: objectUpdated audit configuration settings.
No Additional PropertiesRetention
Type: integerNumber of days to retain local audit messages.
Value must be greater or equal to 1 and lesser or equal to 30
Reservation
Type: integerSize in GiB of refreservation to set on ZFS dataset where the audit databases are stored. The refreservation specifies the minimum amount of space guaranteed to the dataset, and counts against the space available for other datasets in the zpool where the audit dataset is located.
Value must be greater or equal to 0 and lesser or equal to 100
Quota
Type: integerSize in GiB of the maximum amount of space that may be consumed by the dataset where the audit dabases are stored.
Value must be greater or equal to 0 and lesser or equal to 100
Quota Fill Warning
Type: integerPercentage used of dataset quota at which to generate a warning alert.
Value must be greater or equal to 5 and lesser or equal to 80
Quota Fill Critical
Type: integerPercentage used of dataset quota at which to generate a critical alert.
Value must be greater or equal to 50 and lesser or equal to 95
AuditEntry
Type: objectThe updated audit configuration.
No Additional PropertiesId
Type: integerUnique identifier for the audit configuration.
Retention
Type: integerNumber of days to retain local audit messages.
Value must be greater or equal to 1 and lesser or equal to 30
Reservation
Type: integerSize in GiB of refreservation to set on ZFS dataset where the audit databases are stored. The refreservation specifies the minimum amount of space guaranteed to the dataset, and counts against the space available for other datasets in the zpool where the audit dataset is located.
Value must be greater or equal to 0 and lesser or equal to 100
Quota
Type: integerSize in GiB of the maximum amount of space that may be consumed by the dataset where the audit dabases are stored.
Value must be greater or equal to 0 and lesser or equal to 100
Quota Fill Warning
Type: integerPercentage used of dataset quota at which to generate a warning alert.
Value must be greater or equal to 5 and lesser or equal to 80
Quota Fill Critical
Type: integerPercentage used of dataset quota at which to generate a critical alert.
Value must be greater or equal to 50 and lesser or equal to 95
Remote Logging Enabled
Type: booleanLogging to a remote syslog server is enabled on TrueNAS, and audit logs are included in what is sent remotely.
AuditEntrySpace
Type: objectZFS dataset properties relating space used and available for the dataset where the audit databases are written.
No Additional PropertiesUsed
Type: integerTotal space used by the audit dataset in bytes.
Used By Dataset
Type: integerSpace used by the dataset itself (not including snapshots or reservations) in bytes.
Used By Reservation
Type: integerSpace reserved for the dataset in bytes.
Used By Snapshots
Type: integerSpace used by snapshots of the audit dataset in bytes.
Available
Type: integerAvailable space remaining for the audit dataset in bytes.
AuditEntryEnabledServices
Type: objectJSON object with key denoting service, and value containing a JSON array of what aspects of this service are being audited. In the case of the SMB audit, the list contains share names of shares for which auditing is enabled.
No Additional PropertiesMiddleware
Type: arrayArray of middleware audit event types that are enabled.
No Additional ItemsEach item of this array must be:
Smb
Type: arrayArray of SMB share names or audit event types that are enabled.
No Additional ItemsEach item of this array must be:
Sudo
Type: array of stringArray of sudo commands or users that are being audited.
No Additional ItemsEach item of this array must be:
Required roles: SYSTEM_AUDIT_WRITE