Hi,
Thanks for sharing the links, but I had already gone through all of them, still it doesn't solve my problem.
1. I need to send all gateway logs/audits via API call to a monitoring tool. Using Audit Sink for this purpose means, I will have to edit all the services of my gateway and use "Add Audit Details" assertion with value like "${httpRouting.latency}, ${request.routingTotalTime}, ${request.mainpart}, ${request.url}, ${httpRouting.url}, ${httpRouting.reasonCode}, ${request.http.method}, ${response.mainpart}, ${response.http.status}".
Because Audits do not store such values by default.
I am looking for an easy solution where I do not have to edit all my services and add "Add Audit Detail" assertion in all of them.
Also, I see that Audit Sink policy collect Audits only but not logs.
So how can i send Audits + Logs via API call.
2. I know this easy global solution is possible in Log Sink, where we can send the logs to a syslog server via TCP and change the cluster-wide property "traffic logger to ${httpRouting.latency}, ${request.routingTotalTime}, ${request.mainpart}, etc.
But Log Sinks can't be forwarded via API call and I can't change their format from text to XML/JSON.
3. Even if I decide to edit all my services and use Audit Sink, I am finding it difficult to edit the audit xml.
Here the target service (gateway.audit.sink.url is receiving blank message.
But I am able to audit this xml using request.mainpart but not able to edit.
Regards,
Amit
Original Message:
Sent: 02-24-2020 11:11 AM
From: Ronald Dsouza
Subject: CA API Gateway 9.3 : Log/Audits Forwarding To Monitoring Tool
https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/layer7-api-management/api-gateway/9-3/security-configuration-in-policy-manager/tasks-menu-security-options/manage-log-audit-sinks/log-sink-properties.html
Format for Audit Logs
https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/layer7-api-management/api-gateway/9-4/administer-the-gateway/gateway-auditing-threshold-and-format.html
Audit Cluster Properties:
https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/layer7-api-management/api-gateway/9-4/reference/gateway-cluster-properties/audit-cluster-properties.html
This attributes can be customized to add system variable like
${service.name} and so on
https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/layer7-api-management/api-gateway/9-4/reference/context-variables/service-policy-context-variables.html
Finally you can also look at tools for monitoring
https://community.broadcom.com/communities/community-home/digestviewer/viewthread?MID=780447
------------------------------
Pre-Sales Consultant
CA Southern Africa
Original Message:
Sent: 02-24-2020 10:29 AM
From: Amit Jaiswal
Subject: CA API Gateway 9.3 : Log/Audits Forwarding To Monitoring Tool
Hi All,
My requirement is to send the Gateway logs and audits to Datadog or similar monitoring tool via API.
Since, syslog server settings can use either TCP/UDP so sending logs/audits to syslog server is out of question.
So, I decided to play around with Audit Sink , where I assumed that I can add additional context variables in the Audit Sink policy and Route via http to wherever I want. But, I soon realized that adding extra context variables in the audit sink policy is not working because Audit Sink policy collects only the audits from each executed service in gateway.
This means, if I need to log 10 kinds of log values for all the services of the gateway, then I need to "Add Audit" those 10 context variables in each service of the gateway. Then only they will be forwarded to the Audit Sink policy.
There is no global setting like we have "trafficlogger" clustered property for syslog.
If my understanding is correct then what is the right approach to use any Global Setting (like syslog) to send logs/audits via API ?
or is there still a way to edit Audit Sink policy and make it work for all services without "Adding Audit" in each service.
Please guide.
Regards,
Amit