Layer7 API Management

Expand all | Collapse all

Audit Sink Creation/Modification via RESTMan

Jump to Best Answer
  • 1.  Audit Sink Creation/Modification via RESTMan

    Posted 03-18-2020 01:53 PM

    Is this possible?

    I have a requirement to use Terraform and Ansible to automatically spin up and configure 9.2 CR-10 gateways inside Azure, alongside with some other resources (e.g. app clusters). However in the existing design there are steps to configure the gateway audit sinks:

    - Disable logging to the Database
    - Create a new audit sink policy and modify the policy to disable all assertions and continue processing
    - Create a new audit sinks for a custom gateway log package to dump to a file, as well as Syslog
    - Modify audit-lookup policy to disable query results

    I can't seem to find the right RESTman calls to perform the above actions.



  • 2.  RE: Audit Sink Creation/Modification via RESTMan

    Posted 03-19-2020 04:24 AM
    I think it is a limitiation for Restman
    https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/layer7-api-management/api-gateway/9-3/gateway-migration/manage-migration-limitations.html

    ------------------------------
    Pre-Sales Consultant
    CA Southern Africa
    ------------------------------



  • 3.  RE: Audit Sink Creation/Modification via RESTMan

    Posted 03-19-2020 11:46 AM
    Thanks. Are there any workarounds? I tried poking at the database and found the table, but there seems to be a blob column that is generated by the device.


  • 4.  RE: Audit Sink Creation/Modification via RESTMan
    Best Answer

    Posted 03-20-2020 05:54 AM
    I know it a table called sink_config
    select * from sink_config \G;
    with attribute value like
    enabled (0 or 1) to enable or disable
    severity (INFO,ERROR,FINE,FINEST)
    type: syslog or file
    categories and other

    Property value will change according to the type
    <java version="1.6.0" class="java.beans.XMLDecoder"><object class="java.util.HashMap"><void method="put"><string>file.maxSize</string><string>20000</string></void><void method="put"><string>file.format</string><string>STANDARD</string></void><void method="put"><string>file.logCount</string><string>10</string></void></object></java>

    Playing with the database is definitely not recommended unless you are only setting up value like severity or enable or property.


    You could point your audit to an external source and then based on the data configure the output via restman cluster variable
    https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/layer7-api-management/api-gateway/9-1/configure-security/tasks-menu-security-options/manage-log-audit-sinks/working-with-the-audit-sink-policy.html


    ------------------------------
    Pre-Sales Consultant
    CA Southern Africa
    ------------------------------