Id

Type: integer

Unique identifier for the audit configuration.

Retention

Type: integer

Number of days to retain local audit messages.

Value must be greater or equal to 1 and lesser or equal to 30

Reservation

Type: integer

Size in GiB of refreservation to set on ZFS dataset where the audit databases are stored. The refreservation specifies the minimum amount of space guaranteed to the dataset, and counts against the space available for other datasets in the zpool where the audit dataset is located.

Value must be greater or equal to 0 and lesser or equal to 100

Quota

Type: integer

Size in GiB of the maximum amount of space that may be consumed by the dataset where the audit dabases are stored.

Value must be greater or equal to 0 and lesser or equal to 100

Quota Fill Warning

Type: integer

Percentage used of dataset quota at which to generate a warning alert.

Value must be greater or equal to 5 and lesser or equal to 80

Quota Fill Critical

Type: integer

Percentage used of dataset quota at which to generate a critical alert.

Value must be greater or equal to 50 and lesser or equal to 95

Remote Logging Enabled

Type: boolean

Logging to a remote syslog server is enabled on TrueNAS, and audit logs are included in what is sent remotely.

AuditEntrySpace

Type: object

ZFS dataset properties relating space used and available for the dataset where the audit databases are written.

No Additional Properties

Used

Type: integer

Total space used by the audit dataset in bytes.

Used By Dataset

Type: integer

Space used by the dataset itself (not including snapshots or reservations) in bytes.

Used By Reservation

Type: integer

Space reserved for the dataset in bytes.

Used By Snapshots

Type: integer

Space used by snapshots of the audit dataset in bytes.

Available

Type: integer

Available space remaining for the audit dataset in bytes.

AuditEntryEnabledServices

Type: object

JSON object with key denoting service, and value containing a JSON array of what aspects of this service are being audited. In the case of the SMB audit, the list contains share names of shares for which auditing is enabled.

No Additional Properties

Middleware

Type: array

Array of middleware audit event types that are enabled.

No Additional Items

Each item of this array must be:

Type: object

Smb

Type: array

Array of SMB share names or audit event types that are enabled.

No Additional Items

Each item of this array must be:

Type: object

Sudo

Type: array of string

Array of sudo commands or users that are being audited.

No Additional Items

Each item of this array must be:

Type: string

Call parameters

Return value

AuditEntry

id Required

Id

retention Required

Retention

reservation Required

Reservation

quota Required

Quota

quota_fill_warning Required

Quota Fill Warning

quota_fill_critical Required

Quota Fill Critical

remote_logging_enabled Required

Remote Logging Enabled

space Required

AuditEntrySpace

used Required

Used

used_by_dataset Required

Used By Dataset

used_by_reservation Required

Used By Reservation

used_by_snapshots Required

Used By Snapshots

available Required

Available

enabled_services Required

AuditEntryEnabledServices

MIDDLEWARE Required

Middleware

Each item of this array must be:

SMB Required

Smb

Each item of this array must be:

SUDO Required

Sudo

Each item of this array must be: