netapp.ontap.na_ontap_vserver_audit module – NetApp Ontap - create, delete or modify vserver audit configuration.

Note

This module is part of the netapp.ontap collection (version 22.13.0).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install netapp.ontap. You need further requirements to be able to use this module, see Requirements for details.

To use it in a playbook, specify: netapp.ontap.na_ontap_vserver_audit.

New in netapp.ontap 22.3.0

Synopsis

  • Create, delete or modify vserver audit configuration.

Requirements

The below requirements are needed on the host that executes this module.

  • Ansible 2.9 or later - 2.12 or later is recommended.

  • Python3 - 3.9 or later is recommended.

  • When using ZAPI, netapp-lib 2018.11.13 or later (install using ‘pip install netapp-lib’), netapp-lib 2020.3.12 is strongly recommended as it provides better error reporting for connection issues.

  • A physical or virtual clustered Data ONTAP system, the modules support Data ONTAP 9.1 and onward, REST support requires ONTAP 9.6 or later.

Parameters

Parameter

Comments

cert_filepath

string

added in netapp.ontap 20.6.0

path to SSL client cert file (.pem).

not supported with python 2.6.

enabled

boolean

Specifies whether or not auditing is enabled on the SVM.

Choices:

  • false

  • true

events

dictionary

Specifies events for which auditing is enabled on the SVM.

authorization_policy

boolean

Authorization policy change events.

Choices:

  • false

  • true

cap_staging

boolean

Central access policy staging events.

Choices:

  • false

  • true

cifs_logon_logoff

boolean

CIFS logon and logoff events.

Choices:

  • false

  • true

file_operations

boolean

File operation events.

Choices:

  • false

  • true

file_share

boolean

File share category events.

Choices:

  • false

  • true

security_group

boolean

Local security group management events.

Choices:

  • false

  • true

user_account

boolean

Local user account management events.

Choices:

  • false

  • true

feature_flags

dictionary

added in netapp.ontap 20.5.0

Enable or disable a new feature.

This can be used to enable an experimental feature or disable a new feature that breaks backward compatibility.

Supported keys and values are subject to change without notice. Unknown keys are ignored.

force_ontap_version

string

added in netapp.ontap 21.23.0

Override the cluster ONTAP version when using REST.

The behavior is undefined if the version does not match the target cluster.

This is provided as a work-around when the cluster version cannot be read because of permission issues. See https://github.com/ansible-collections/netapp.ontap/wiki/Known-issues.

This should be in the form 9.10 or 9.10.1 with each element being an integer number.

guarantee

boolean

Indicates whether there is a strict Guarantee of Auditing.

This option requires ONTAP 9.10.1 or later.

Choices:

  • false

  • true

hostname

string / required

The hostname or IP address of the ONTAP instance.

http_port

integer

Override the default port (80 or 443) with this port

https

boolean

Enable and disable https.

Ignored when using REST as only https is supported.

Ignored when using SSL certificate authentication as it requires SSL.

Choices:

  • false ← (default)

  • true

key_filepath

string

added in netapp.ontap 20.6.0

path to SSL client key file.

log

dictionary

Specifies events for which auditing is enabled on the SVM.

format

string

This option describes the format in which the logs are generated by consolidation process. Possible values are,

xml - Data ONTAP-specific XML log format

evtx - Microsoft Windows EVTX log format

Choices:

  • "xml"

  • "evtx"

retention

dictionary

This option describes the count and time to retain the audit log file.

count

integer

Determines how many audit log files to retain before rotating the oldest log file out.

This is mutually exclusive with duration.

duration

string

Specifies an ISO-8601 format date and time to retain the audit log file.

The audit log files are deleted once they reach the specified date/time.

This is mutually exclusive with count.

rotation

dictionary

Audit event log files are rotated when they reach a configured threshold log size or are on a configured schedule.

When an event log file is rotated, the scheduled consolidation task first renames the active converted file to a time-stamped archive file, and then creates a new active converted event log file.

schedule

dictionary

added in netapp.ontap 22.11.0

Rotates the audit logs based on a schedule by using the time-based rotation parameters in any combination.

The rotation schedule is calculated by using all the time-related values.

days

list / elements=integer

Specifies the day of the month schedule to rotate audit log. Specify -1 to rotate the audit logs all days of a month.

hours

list / elements=integer

Specifies the hourly schedule to rotate audit log. Specify -1 to rotate the audit logs every hour.

minutes

list / elements=integer

Specifies the minutes schedule to rotate the audit log.

months

list / elements=integer

Specifies the months schedule to rotate audit log. Specify -1 to rotate the audit logs every month.

weekdays

list / elements=integer

Specifies the weekdays schedule to rotate audit log. Specify -1 to rotate the audit logs every day.

size

integer

Rotates logs based on log size in bytes.

Default value is 104857600.

log_path

string

The audit log destination path where consolidated audit logs are stored.

password

aliases: pass

string

Password for the specified user.

state

string

Whether the specified vserver audit configuration should exist or not.

Choices:

  • "present" ← (default)

  • "absent"

use_rest

string

This module only supports REST.

always – will always use the REST API. A warning is issued if the module does not support REST.

Default: "always"

username

aliases: user

string

This can be a Cluster-scoped or SVM-scoped account, depending on whether a Cluster-level or SVM-level API is required.

For more information, please read the documentation https://mysupport.netapp.com/NOW/download/software/nmsdk/9.4/.

Two authentication methods are supported

  1. basic authentication, using username and password,

  2. SSL certificate authentication, using a ssl client cert file, and optionally a private key file.

To use a certificate, the certificate must have been installed in the ONTAP cluster, and cert authentication must have been enabled.

validate_certs

boolean

If set to no, the SSL certificates will not be validated.

This should only set to False used on personally controlled sites using self-signed certificates.

Choices:

  • false

  • true ← (default)

vserver

string / required

Specifies name of the Vserver.

Notes

Note

  • This module supports REST only.

  • At least one event should be enabled.

  • No other fields can be specified when enabled is specified for modify.

  • The modules prefixed with na_ontap are built to support the ONTAP storage platform.

  • https is enabled by default and recommended. To enable http on the cluster you must run the following commands ‘set -privilege advanced;’ ‘system services web modify -http-enabled true;’

Examples

- name: Create vserver audit configuration
  netapp.ontap.na_ontap_vserver_audit:
    state: present
    vserver: ansible
    enabled: True
    events:
      authorization_policy: False
      cap_staging: False
      cifs_logon_logoff: True
      file_operations: True
      file_share: False
      security_group: False
      user_account: False
    log_path: "/"
    log:
      format: xml
      retention:
        count: 4
      rotation:
        size: "1048576"
    guarantee: False
    hostname: "{{ netapp_hostname }}"
    username: "{{ netapp_username }}"
    password: "{{ netapp_password }}"

- name: Modify vserver audit configuration
  netapp.ontap.na_ontap_vserver_audit:
    state: present
    vserver: ansible
    enabled: True
    events:
      authorization_policy: True
      cap_staging: True
      cifs_logon_logoff: True
      file_operations: True
      file_share: True
      security_group: True
      user_account: True
    log_path: "/tmp"
    log:
      format: evtx
      retention:
        count: 5
      rotation:
        size: "104857600"
    guarantee: True
    hostname: "{{ netapp_hostname }}"
    username: "{{ netapp_username }}"
    password: "{{ netapp_password }}"

- name: Delete vserver audit configuration
  netapp.ontap.na_ontap_vserver_audit:
    state: absent
    vserver: ansible
    hostname: "{{ netapp_hostname }}"
    username: "{{ netapp_username }}"
    password: "{{ netapp_password }}"

# The audit logs are rotated in January and March on Monday, Wednesday, and Friday,
# at 6:15, 6:30, 6:45, 12:15, 12:30, 12:45, 18:15, 18:30, and 18:45
# The last 6 audit logs are retained
- name: Create vserver audit configuration
  netapp.ontap.na_ontap_vserver_audit:
    state: present
    vserver: ansible
    enabled: True
    events:
      authorization_policy: False
      cap_staging: False
      cifs_logon_logoff: True
      file_operations: True
      file_share: False
      security_group: False
      user_account: False
    log_path: "/"
    log:
      format: xml
      retention:
        count: 6
      rotation:
        schedule:
          hours: [6,12,18]
          minutes: [15,30,45]
          months: [1,3]
          weekdays: [1,3,5]
    guarantee: False
    hostname: "{{ netapp_hostname }}"
    username: "{{ netapp_username }}"
    password: "{{ netapp_password }}"

# The audit logs are rotated monthly, all days of the week, at 12:30
- name: Modify vserver audit configuration
  netapp.ontap.na_ontap_vserver_audit:
    state: present
    vserver: ansible
    enabled: True
    events:
      authorization_policy: False
      cap_staging: False
      cifs_logon_logoff: True
      file_operations: True
      file_share: False
      security_group: False
      user_account: False
    log_path: "/"
    log:
      format: xml
      rotation:
        schedule:
          hours: [12]
          minutes: [30]
          months: [-1]
          weekdays: [-1]
    guarantee: False
    hostname: "{{ netapp_hostname }}"
    username: "{{ netapp_username }}"
    password: "{{ netapp_password }}"

Authors

  • NetApp Ansible Team (@carchi8py)