Layer7 API Management

  • 1.  Custom Log Messages in Policy Manager

    Posted Aug 18, 2017 08:56 AM

    Hi guys, I am working on CA Layer7(8.3) Policy Manager & exposed few APIs.

     

    Now I see that it logs all API calls automatically. Can we create custom logs?

    Example:-

    If I am using HTTP Basic Authentication Assertion & user entered wrong credentials, the policy assertion fails & logs some custom message.

    What I want is, it should log some custom message provided by me like, "User shall not pass!!!" if wrong credentials.

     

    What is the difference between Logs & Audits?

     

    Thanks



  • 2.  Re: Custom Log Messages in Policy Manager
    Best Answer

    Broadcom Employee
    Posted Aug 18, 2017 12:53 PM

    The assertion "Authenticate against <Identity Provider>" is logging/auditing that message to let the log viewer know what failed. You can also add the custom log in the picture below:

     

     

     

    The "Add Audit Details" can be used to type a custom message to the logs/audits. 

     

     

    There are several different levels to log/audit:

    - WARNING

    - INFO

    -FINE

    -FINER

    -FINEST

     

    The cluster wide property audit.detailThreshold can be set to one of the above levels (default: warning). The "Add Audit Details" assertion level will need to match or higher in order to save audit the to the database. 

     

    The difference between logging and auditing is as follows:

       - Audits are stored in the SSG Database; are written at runtime of the assertion (adds time to service execution); and should not be used in a production environment. 

       - Logs are written as flat files stored on the Gateway box; are spooled until the service has finished execution before writing to the files; and will keep 10 log files at 20 mb each by default

     

    The log sink properties can be found under Tasks > Logging and Auditing > Manage Log/Audit Sinks.

     

    More about the assertion can be found here: Add Audit Detail Assertion - CA API Gateway - 9.2 - CA Technologies Documentation 

    more about Audit levels can be found here: About Message Auditing - CA API Gateway - 9.2 - CA Technologies Documentation  

     

    Hope this helps!



  • 3.  Re: Custom Log Messages in Policy Manager

    Posted Aug 18, 2017 01:10 PM

    Thanks for the answer. It clears some things from my mind.

    So now if I check View Logs in Policy Manager/Gateway logs will I see the message User shall not pass!!

     

    I know that Audit messages have toll on processing time, I am asked by my client to disable auditing in Prod env. So is there anyway we have custom error message in logs without Auditing?



  • 4.  Re: Custom Log Messages in Policy Manager

    Broadcom Employee
    Posted Aug 20, 2017 10:33 PM

    By default, all the audits are logged to ssg log file as well. Just not so convenient to search and view as  the audit event viewer.



  • 5.  Re: Custom Log Messages in Policy Manager

    Broadcom Employee
    Posted Aug 18, 2017 02:20 PM

    In the assertion properties there is a Audit radio button and Log radio button you can choose log and that will not send it to audits but will still send to the logs.