Layer7 API Management

  • 1.  Not seeing complete audit events in Syslogs server

    Posted 06-04-2021 01:34 PM
    Hi Experts -

    We have a setup which basically send logs to database & syslog server. We have defined categories ("Audits", "Gateway Log", "Process Control Log", "Traffic Log") to Syslog server.

     My question is when we view Audit logs from Policy Manger, it shows "details", "associated logs", "request" & "response" for each AuditRecord. Whereas we are only seeing "associated logs" in syslog server, it is not spitting all the different logs that shows up in Policy Manager.

    In the documentation it was mentioned the following

    • Traffic Log

    : This is information for each request/response that is processed by the Gateway.  

    Is there any configuration we can do to write "details", "request" & "response" along with "associated logs" for each AuditRecord that logs to Syslog server so that it will show up in Splunk? Or I am missing anything.



    Thanks
    DP


  • 2.  RE: Not seeing complete audit events in Syslogs server

    Posted 4 days ago
    Hello

    did you try adding an "Add audit details" with  :
    Hostname : ${ssgnode.hostname}
    Service :${audit.name}
    Filtered Request : ${audit.filteredRequest}
    Service ${audit.name}
    Filtered Response : ${audit.filteredResponse}

    in your internal audit sink policy ?
    Regards
    Yannick