Message Image

Skip main navigation (Press Enter).

Layer7 API Management

View Only

Back to discussions

Expand all | Collapse all

Not seeing complete audit events in Syslogs server

Durga PasupulatiJun 04, 2021 01:34 PM

Hi Experts - We have a setup which basically send logs to database & syslog server. We have defined ...

Yannick CarbonneauxNov 25, 2021 08:12 AM

Hello did you try adding an "Add audit details" with : Hostname : ${ssgnode.hostname} Service :${audit.name} ...

1. Not seeing complete audit events in Syslogs server

0 Recommend
Durga Pasupulati
Posted Jun 04, 2021 01:34 PM

Reply Reply Privately
Hi Experts -

We have a setup which basically send logs to database & syslog server. We have defined categories ("Audits", "Gateway Log", "Process Control Log", "Traffic Log") to Syslog server.

My question is when we view Audit logs from Policy Manger, it shows "details", "associated logs", "request" & "response" for each AuditRecord. Whereas we are only seeing "associated logs" in syslog server, it is not spitting all the different logs that shows up in Policy Manager.

In the documentation it was mentioned the following

Traffic Log

: This is information for each request/response that is processed by the Gateway.

Is there any configuration we can do to write "details", "request" & "response" along with "associated logs" for each AuditRecord that logs to Syslog server so that it will show up in Splunk? Or I am missing anything.

Thanks
DP
2. RE: Not seeing complete audit events in Syslogs server

0 Recommend
Yannick Carbonneaux
Posted Nov 25, 2021 08:12 AM

Reply Reply Privately
Hello

did you try adding an "Add audit details" with :
Hostname : ${ssgnode.hostname}
Service :${audit.name}
Filtered Request : ${audit.filteredRequest}
Service ${audit.name}
Filtered Response : ${audit.filteredResponse}

in your internal audit sink policy ?
Regards
Yannick

Original Message

Copyright 2019. All rights reserved.

Powered by Higher Logic