AnsweredAssumed Answered

Traffic Logger & Audit sink

Question asked by Karthik.pn on Oct 15, 2015
Latest reply on Oct 22, 2015 by Mark_HE

Hello All,

 

I am currently using the SSG logs to log all details pertaining to transactions done by the published services. It is becoming tedious to troubleshoot issues pertaining to a single transaction using this SSG logs since the info regarding a particular transaction can't be found sequentially as all parellel transactions happening at that time is also logged there. Hence I thought of implementing traffic logger and configuring it in such a way that it can log info regarding the request ID, request method, request elapsed time, response HTTP status, request message and response message etc. in a single line and can be found easily for troubleshooting issues and it can also be easily parsed by external log management tools such as Splunk, IBM QRadar etc.,.

 

In addition I would also like to log exceptions in the Audit table in the internal SSG DB. I am planning to set the level to "Warning" so that only transactions with exceptions/failures would be audited.

 

My Questions are,

 

  1. Will there be any performance issue due to the traffic logger since it has to wait for the entire transaction to complete before logging the details?
  2. Will I be able to configure traffic log as a syslog and send to external log management tools using UDP or TCP?
  3. Is it a better approach to use traffic logger instead of SSG logs in production?
  4. Is it mandatory to have Audit sink configured in production? or Can I just save the audit records to internal DB and purge it at a regular interval? (We are not expecting too much production traffic and it will be a fraction of the peak load suggested by CA)

 

Kindly clarify the above questions.

 

Thank You!

Outcomes