Layer7 API Management

 View Only
  • 1.  Default logging override

    Posted May 20, 2020 02:14 AM
    Hi Folks,

    One of the policy assertion logging sensitive info in the ssglogs. which we don't want to log this. Any suggestion how to avoid this logging from particular assertion.

    Please help.



    Pardon for the bad image ! :)


    ------------------------------
    Design Engineer Professional
    BT
    ------------------------------


  • 2.  RE: Default logging override
    Best Answer

    Broadcom Employee
    Posted May 20, 2020 04:00 PM
    Hi Pratik,

    Can you provide an example of the message in question which you would like to suppress from being
    sent to the gateway ssg log ?

    Take for example the following kinds of messages:

    =message 1=====
     INFO 1053 com.l7tech.external.assertions.gzip.server.GzipServiceInvocation: Setting target var "MyToken"
    =============

    ==message2==

    INFO 1538 com.l7tech.server.policy.assertion.ServerOperation: 8100: 0000016222464101-18403cf Could not match WSDL operation (getCustomerQualifications instead of getPointDetails)
    =============


    For message2, it's a type "Audit" entry, so you will need to add the audit code (8100) to the cluster-wide property to suppress it. So add the cluster-wide property: audit.auditdetailexcludelist Then add 8100 to it, separate entries with a space.

    For message1, it's a type "log" entry, so you will have to suppress it based on the package. Add the cluster-wide property: log.levels Add the following on a new line: com.l7tech.external.assertions.gzip.server.GzipServiceInvocation.level = SEVERE


    Hope that helps.

    Daren


  • 3.  RE: Default logging override

    Posted May 20, 2020 04:16 PM
    Hi Daren,

    Thanks! 

    Please find the string or the log which I want to suppress from being logged or audited.

    2020-05-20T09:40:26.924+0100 WARNING 275 com.ca.siteminder.SiteMinderHighLevelAgent: Session validation failed for the following SsoToken: VJzEuFTVrm1E6KRN5pn7i4+tcIXXXXXXXXXXXXXX

    Regards,
    Pratik

    ------------------------------
    Design Engineer Professional
    BT
    ------------------------------



  • 4.  RE: Default logging override

    Broadcom Employee
    Posted May 20, 2020 04:22 PM
    Hi Pratik,

    Can you modify the following cluster wide property:

    'log.levels' and add the following on a new line:

    com.ca.siteminder.SiteMinderHighLevelAgent.level = SEVERE

    See if that suppresses the message in question.


    Daren


  • 5.  RE: Default logging override

    Posted May 20, 2020 11:06 PM
    Hi Daren,

    I tried this ! But no luck I still see logs being audited. Any other way of doing this 

    And about your suggestion for message2
    "For message2, it's a type "Audit" entry, so you will need to add the audit code (8100) to the cluster-wide property to suppress it. So add the cluster-wide property: audit.auditdetailexcludelist Then add 8100 to it, separate entries with a space"

    I don't find this clusterwide property 
    audit.auditdetailexcludelist . 

    Kindly help.


    ------------------------------
    Design Engineer Professional
    BT
    ------------------------------



  • 6.  RE: Default logging override

    Posted May 21, 2020 04:40 AM
    Hi Daren,

    Kindly ignore my earlier comment. It worked ! Thanks !

    However,
    it is suppressing this log as well(Which is needed intended to error response):

    com.ca.siteminder.SiteMinderHighLevelAgent: Session validation failed, Reason: IdleTimeOut reached


    can we only suppress this below log particularly :

    com.ca.siteminder.SiteMinderHighLevelAgent: Session validation failed for the following SsoToken:


    Thanks in Advance !
    Pratik



    ------------------------------
    Design Engineer Professional
    BT
    ------------------------------



  • 7.  RE: Default logging override

    Broadcom Employee
    Posted May 21, 2020 08:33 AM
    Hi Pratik,

    You won't be able to selectively suppress certain log messages.
    The change we implemented will suppress all log messages
    unless it is SEVERE from that particular package.

    Perhaps you can look to use a 'Add audit details' assertion
    of type 'log' and generate a similar message of
    'Session validation failed, Reason: IdleTimeOut reached'
    at that particular point in your policy.

    Hope that helps.

    Daren