Layer7 API Management

Hi,

This is regards to the API Gateway and Portal Appliances. 

The default user allowed to login the console is ssgconfig user, and from there to access the root shell.

For audit and troubleshooting only purpose, is it possible to create a read-only user that has the permission to only read (no write allowed) the logs in /opt/SecureSpan/Gateway/node/default/var/logs ?

As for the API Developer Portal appliance, the read-only user should be able to read log files in /opt/Deployments/lrs/server/logs/

Please let know if this is doable, thank you.

Hello,

For gateway, you don't have to access root shell to view the log, on gateway menu, select,

9) Display Log Viewing menu

ie. the ssgconfig user can view the logs on gateway menu

For portal, the log file permission is,

-rw-r--r-- 1 l7portal portalusers

You can create a new user in portalusers group to read-only the portal logs

Regards,

Mark

Hi Mark,

Thank you for the reply.

As per requirement, a read-only user should be created just for audit and troubleshooting purpose.

So I have tried to create another user(audituser) to access the menu using /opt/SecureSpan/Platform/bin/configuser_profile_menu.sh

Found out the user does not have permission to read the logs.

So in the sudoer list, I have added this line:

audituser ALL = NOPASSWD: /opt/SecureSpan/Appliance/libexec/viewlog

Regards,

Cho