I am currently using the SSG logs to log all details pertaining to transactions done by the published services. It is becoming tedious to troubleshoot issues pertaining to a single transaction using this SSG logs since the info regarding a particular transaction can't be found sequentially as all parellel transactions happening at that time is also logged there. Hence I thought of implementing traffic logger and configuring it in such a way that it can log info regarding the request ID, request method, request elapsed time, response HTTP status, request message and response message etc. in a single line and can be found easily for troubleshooting issues and it can also be easily parsed by external log management tools such as Splunk, IBM QRadar etc.,.
In addition I would also like to log exceptions in the Audit table in the internal SSG DB. I am planning to set the level to "Warning" so that only transactions with exceptions/failures would be audited.
My Questions are,
- Will there be any performance issue due to the traffic logger since it has to wait for the entire transaction to complete before logging the details?
- Will I be able to configure traffic log as a syslog and send to external log management tools using UDP or TCP?
- Is it a better approach to use traffic logger instead of SSG logs in production?
- Is it mandatory to have Audit sink configured in production? or Can I just save the audit records to internal DB and purge it at a regular interval? (We are not expecting too much production traffic and it will be a fraction of the peak load suggested by CA)
Kindly clarify the above questions.