Layer7 API Management

Hi There,

After I migrateIn i wanted to know using some query on mysql or some other way,like what are all the various other services being impcated(updated).Note: I just want to update a specific policy which contain multiple policy fragments leaving them untouched and I want to update the policy only,I could go through ignore option ignoring all that update only policy,but still I wanted to know what all changes made on the gw services during that time of deployment?s there a way to look at like what are changes are made interms of service/policy during that migrate-In of policy.pls advice.

Good afternoon,

Any change made by the GMU will result in an audit/log being written as to entities that have been changed.

Sincerely,

Stephen Hughes

Broadcom Support

Hi Stephen,

Essentially,am looking to find out what are all the changes being made to the gateway polices in last one hour or a day or 2 days or etc? 

I know reversion history but we have significant policies is there any other mechanism for it such query mysql policy table?

The audit logs will record all the changes to policies and other entities so it is your best source of truth.

Sincerely,

Stephen Hughes

Broadcom Support

Thanks Stephen.Apparently, we have disabled audit that apparently logs in to DB.Is there are any other mechanism that we could query the mysql DB with some sql queries? If so could you pls kindly share those.

Even if you are disabling the audits to the DB you can still push the audits through logs to a central logging system where it can be aggregated. Trying to track the changes at a DB level would be very complicated and is not something we have a write up on.

Sincerely,

Stephen Hughes

Broadcom Support

I have write a query to solve this problem. 

mysql> select distinct p.name as policy_name, p.version as policy_version, f.name as folder_name, v.user_login, FROM_UNIXTIME(v.time/1000, '%Y/%m/%d') as change_date from policy as p, folder as f, policy_version as v where p.folder_goid = f.goid and p.goid = v.policy_goid order by v.time desc  limit 100;

+--------------------------------------------------------------------------------------------------------------+----------------+-----------------------------+------------+-------------+

| policy_name                                                                                                  | policy_version | folder_name                 | user_login | change_date |

+--------------------------------------------------------------------------------------------------------------+----------------+-----------------------------+------------+-------------+

| Policy for service #55cec604d2b11a2e2651c19b76e57a76, tokenServiceV3                                         |             15 | Services                    | admin      | 2019/05/09  |

| Policy for service #55cec604d2b11a2e2651c19b76e57a76, tokenServiceV3                                         |             15 | Services                    | admin      | 2019/05/08  |

| Policy for service #55cec604d2b11a2e2651c19b76e57a76, tokenServiceV3                                         |             15 | Services                    | admin      | 2019/05/07  |

| OTK CIBC SAML Preprocessing                                                                                  |              7 | Customizations              | admin      | 2019/05/07  |

| Policy for service #0e765a26299efb6ea367bb919b835042, tokenServiceV5                                         |              0 | Tests                       | admin      | 2019/05/07  |

| Policy for service #08edcefaf677bcb3fa42b406362c0944, samlSimulator                                          |             10 | Y-Util                      | admin      | 2019/05/07  |

Thanks for the effort,but this would get all most all the services, but how could we filter based up on the last hour.Probably do we need to tweek the following? FROM_UNIXTIME(v.time/1000, '%Y/%m/%d')

PopleysYsb:

Below query give past 100 hours change. You can change the value to whatever hour number. I am no mysql expert, so my way might be crude.

mysql> select distinct p.name as policy_name, p.version as policy_version, f.name as folder_name, v.user_login, FROM_UNIXTIME(v.time/1000, '%Y/%m/%d') as change_date from policy as p, folder as f, policy_version as v where p.folder_goid = f.goid and p.goid = v.policy_goid and v.time > (unix_timestamp()-3600*100)*1000 order by v.time desc;

+

Please ignore it, this should be fine.Thanks.