Layer7 API Management

  • 1.  IP is not printing in the logs

    Posted Oct 08, 2015 01:18 PM

    Hi All,

     

        I have configured one of the service with below validations.

     

    1. IP Validation

    2. SSL validation

    3. User Authentication

     

    Issue: I have configured Audit message assertion to print the whom's IP and which user in the logs but unfortunately IP is not printing in the logs due to which i am unable to find out which IP is having the issue and also i am depending on runtime testing.

     

    Please give some suggestions to overcome this issue.

     

    Thanks&Regards

    Rajasekhar



  • 2.  Re: IP is not printing in the logs

    Posted Oct 08, 2015 05:38 PM

    Can you show us what your trying to audit and what you are seeing?

     

    Client IP should be able to be retrieved by ${request.tcp.remoteIP};

    if your gateway is able to resolve the hostname of the client, you can use ${request.tcp.remoteHost}, if it can't resolve the hostname, i believe this guy defaults back to IP address.

     

    hope this helps, if it doesn't, then please provide the items above.

     

    thanks



  • 3.  Re: IP is not printing in the logs

    Posted Oct 21, 2015 06:01 AM

    Hi Doyle,

     

             Thanks for your answer. Let me explain my scenario.

             As i said i am doing 3 way validations and everything i am capturing in logs.

             For example if one customer trying to access my webservice from his tool or soapui. He is able to access the service but i need below things


            1. Who is trying to access my webservice   --- Print his username (username there in our Internal Identity Provider )

            2. Where he is trying  --   Print his system IP (IP added into Layer7)

    But the IP is not printing in Audit event logs. Please suggest me how to capture this.

     

    Hope you understand what i meant.

     

    Thanks&Regards

    Rajasekhar



  • 4.  Re: IP is not printing in the logs

    Posted Oct 21, 2015 10:08 AM

    Hey Rajasekhar,

    Based on your last statement, i'm assuming you've tried the above context variables and an entry isn't showing up in the Policy Manager's Audit Viewer ?

     

    By default, Our Auditing System has a 'Message Threshold' of 'INFO', so any 'Audits' that are 'INFO' or lower won't get picked up. if you wish to see this info in the Audit viewer, you can manaully change the Severity of the audit in the 'add audit details' assertion you use to 'WARNING', which will breach the threshold and force an Audit.

     

    a lot of people confuse our Auditing system as a Logging system and i just want to caution you of this. Audits are a Synchronous transaction to the database and can add a lot of overhead to the transaction latency and db. Auditing is meant to show you problems and issues. It's meant to be used in Error scenarios or Failure logic.

     

    for development environments, this is okay, as many customer like our audit viewer dashboard, but moving beyond that with lots of auditing is a bad practice. I'd suggest firing these off to a 'Log Sink' or off box it to something like Splunk or the ELK stack.

     

    hope this helps



  • 5.  Re: IP is not printing in the logs

    Posted Oct 23, 2015 04:51 AM

    Hi Doyle Reece,

     

         Thanks for your valuable answer.

         I am able to print the Client IP now in Audit events.

     

    Thanks&Regards

    Rajasekhar



  • 6.  Re: IP is not printing in the logs

    Posted Oct 23, 2015 09:33 AM

    Thanks Rajasekhar,

    can you please mark the question as 'Answered' ?

     

    thanks