CA API Gateway 9.1

9.4 9.1

Audit Messages in Policy Assertion

The Audit Messages in Policy assertion is used to enable auditing of messages within a policy. It records events pertaining to the processing of a policy—for example, assertion violations, authentication failures, routing errors, etc. You can view these events later in the Gateway Audit Events window.
gateway
The
Audit Messages in Policy
assertion is used to enable auditing of messages within a policy. It records events pertaining to the processing of a policy—for example, assertion violations, authentication failures, routing errors, etc. You can view these events later in the Gateway Audit Events window.
For example, when used in an At least one assertion must evaluate to true assertion folder after an Evaluate Request XPath assertion, the Audit Messages in Policy assertion will execute and audit the request message only if the XPath assertion fails. When this happens, XPath query results are reported in the Gateway Audit Events window. If the XPath assertion in this scenario succeeds, then the Audit Messages in Policy assertion does not execute.
To learn more about the auditing process, including how the Audit Messages in Policy assertion interacts with the Add Audit Detail assertion and the various cluster properties, see About Message Auditing.
Using the Assertion
  1. Do one of the following:
    • To add the assertion to the Policy Development window, see Add an Assertion.
    • To change the configuration of an existing assertion, proceed to step 2 below.
  2. Right-click
    Audit Messages in Policy
    in the policy window and choose
    Audit Properties
     or double-click the assertion in the policy window. The assertion properties are displayed.
  3. Configure the properties as follows:
    Setting
    Description
    Record audit events at the following level beyond this point
    This setting changes the severity of the logged messages to either "Info" or "Warning". Whether the message is ultimately saved to the database depends on the
    audit.messageThreshold
    cluster property .
    Choose
    WARNING
     to set the severity of all messages to "Warning". This will cause all messages to be logged, regardless of whether the
    audit.messageThreshold
     cluster property is set to INFO or WARNING.
    Choose
    INFO
    to set the severity of all messages to "Info". Whether the messages are then logged depends on the
    audit.messageThreshold
     cluster property:
    • If the cluster property is set to INFO, all messages will be logged.
    • If the cluster property is set to WARNING, no messages will be logged.
    For a detailed description of the effects of the "trigger" threshold on auditing, see About Message Auditing.
    Save request
    Save response
    Indicate whether to save the code of the request or response:
    • Always:
       Save the code.
    • Never:
        Do not save the code.
    • No change:
       If used in a service policy, this is the same as 'Never'. If used in a debug trace policy, this setting will preserve the setting of any Audit Messages in Policy assertion in the service policy (if no such assertion appears in the service policy, then the code is not saved).
    Saving the code for the request/response will allow you to view them later in the Event Details Pane of the Gateway Audit Events window.
    Special Note for Trace Policy:
    When the Audit Messages in Policy assertion appears in a debug trace policy, the "Always" and "Never" settings here will
    override
     the equivalent settings in the target service policy. If there is no Audit Messages in Policy assertion in the service policy but one in the trace policy and it is set to "Always", then the code will be saved.
    Recording all message events or saving request/response code will increase the size of your log substantially.
  4. Click [
    OK
    ] when done.

Content feedback and comments