Hi guys, I am working on CA Layer7(8.3) Policy Manager & exposed few APIs.
Now I see that it logs all API calls automatically. Can we create custom logs?
If I am using HTTP Basic Authentication Assertion & user entered wrong credentials, the policy assertion fails & logs some custom message.
What I want is, it should log some custom message provided by me like, "User shall not pass!!!" if wrong credentials.
What is the difference between Logs & Audits?
The assertion "Authenticate against <Identity Provider>" is logging/auditing that message to let the log viewer know what failed. You can also add the custom log in the picture below:
The "Add Audit Details" can be used to type a custom message to the logs/audits.
There are several different levels to log/audit:
The cluster wide property audit.detailThreshold can be set to one of the above levels (default: warning). The "Add Audit Details" assertion level will need to match or higher in order to save audit the to the database.
The difference between logging and auditing is as follows:
- Audits are stored in the SSG Database; are written at runtime of the assertion (adds time to service execution); and should not be used in a production environment.
- Logs are written as flat files stored on the Gateway box; are spooled until the service has finished execution before writing to the files; and will keep 10 log files at 20 mb each by default
The log sink properties can be found under Tasks > Logging and Auditing > Manage Log/Audit Sinks.
More about the assertion can be found here: Add Audit Detail Assertion - CA API Gateway - 9.2 - CA Technologies Documentation
more about Audit levels can be found here: About Message Auditing - CA API Gateway - 9.2 - CA Technologies Documentation
Hope this helps!
Thanks for the answer. It clears some things from my mind.
So now if I check View Logs in Policy Manager/Gateway logs will I see the message User shall not pass!!
I know that Audit messages have toll on processing time, I am asked by my client to disable auditing in Prod env. So is there anyway we have custom error message in logs without Auditing?
By default, all the audits are logged to ssg log file as well. Just not so convenient to search and view as the audit event viewer.
In the assertion properties there is a Audit radio button and Log radio button you can choose log and that will not send it to audits but will still send to the logs.