Layer7 API Management

Expand all | Collapse all

Custom Log Messages in Policy Manager

Jump to Best Answer
  • 1.  Custom Log Messages in Policy Manager

    Posted 08-18-2017 08:56 AM

    Hi guys, I am working on CA Layer7(8.3) Policy Manager & exposed few APIs.


    Now I see that it logs all API calls automatically. Can we create custom logs?


    If I am using HTTP Basic Authentication Assertion & user entered wrong credentials, the policy assertion fails & logs some custom message.

    What I want is, it should log some custom message provided by me like, "User shall not pass!!!" if wrong credentials.


    What is the difference between Logs & Audits?



  • 2.  Re: Custom Log Messages in Policy Manager
    Best Answer

    Posted 08-18-2017 12:53 PM

    The assertion "Authenticate against <Identity Provider>" is logging/auditing that message to let the log viewer know what failed. You can also add the custom log in the picture below:




    The "Add Audit Details" can be used to type a custom message to the logs/audits. 



    There are several different levels to log/audit:


    - INFO





    The cluster wide property audit.detailThreshold can be set to one of the above levels (default: warning). The "Add Audit Details" assertion level will need to match or higher in order to save audit the to the database. 


    The difference between logging and auditing is as follows:

       - Audits are stored in the SSG Database; are written at runtime of the assertion (adds time to service execution); and should not be used in a production environment. 

       - Logs are written as flat files stored on the Gateway box; are spooled until the service has finished execution before writing to the files; and will keep 10 log files at 20 mb each by default


    The log sink properties can be found under Tasks > Logging and Auditing > Manage Log/Audit Sinks.


    More about the assertion can be found here: Add Audit Detail Assertion - CA API Gateway - 9.2 - CA Technologies Documentation 

    more about Audit levels can be found here: About Message Auditing - CA API Gateway - 9.2 - CA Technologies Documentation  


    Hope this helps!

  • 3.  Re: Custom Log Messages in Policy Manager

    Posted 08-18-2017 01:10 PM

    Thanks for the answer. It clears some things from my mind.

    So now if I check View Logs in Policy Manager/Gateway logs will I see the message User shall not pass!!


    I know that Audit messages have toll on processing time, I am asked by my client to disable auditing in Prod env. So is there anyway we have custom error message in logs without Auditing?

  • 4.  Re: Custom Log Messages in Policy Manager

    Posted 08-20-2017 10:33 PM

    By default, all the audits are logged to ssg log file as well. Just not so convenient to search and view as  the audit event viewer.

  • 5.  Re: Custom Log Messages in Policy Manager

    Posted 08-18-2017 02:20 PM

    In the assertion properties there is a Audit radio button and Log radio button you can choose log and that will not send it to audits but will still send to the logs.