CA API Gateway 9.1

9.4 9.1

Managing Audit Sinks

The Policy Manager can be configured to send audit messages to one or both of the following locations:
gateway83
The Policy Manager can be configured to send audit messages to one or both of the following locations:
  • API Gateway
     database. You can view and manage the audit events using the Gateway Audit Events.
  • An audit sink policy. Every audit event is run through a special audit sink policy that performs a specific action on the event, for example:
    • Branch based on the information being audited.
    • Post information via HTTP, JMS, FTP, email, SNMP, or JDBC.
    • Transform messages before auditing them to remove passwords, etc.
An audit sink policy lets you send messages to an external database, message queue, or other location. For more information on this policy, see Working with the Audit Sink Policy.
 
When using an audit sink, consider changing the auditing threshold in the cluster property audit.messageThreshold from WARNING to INFO. This will generate more events, but it will ensure that the audit sink policy is invoked for all "bad request" issues that might otherwise be omitted.
 
To manage the audit sink
:
  1. In the Policy Manager, select [
    Tasks
    ] >
    Manage Log/Audit Sinks
     from the Main Menu.
    The Manage Log Sinks dialog is displayed (see Manage Log Sinks).
  2. On the Manage Log Sinks dialog, click [
    Manage Audit Sink
    ]. 
    The Audit Sink Properties appear.
  3. By default, the
    Save audit records to Gateway database
     check box is selected. This will send the audit events to the Gateway database, where you can examine them using the Gateway Audit Events. If you wish to disable the internal auditing, clear this check box.
  4. Select the
    Output audit records via audit sink policy
     check box to sends records to the audit sink. An audit sink policy must already be configured. To configure or reconfigure an audit sink policy, click [
    Configure
    ] and then complete the Configure External Audit Store Wizard.
    Clear this check box if you do not want the audit events processed by the audit sink policy. Clearing the check box does not remove the audit sink policy.
  5. Click [
    OK
    ] when done. You return to the Manage Log Sinks dialog.
Do the following next:
  • If you enabled a custom audit sink policy, you should edit the audit sink lookup policy now. This policy appears as "[
    Internal Audit Sink Policy
    ]" in the Services and Policies list on the interface. For more information, see Working with the Audit Sink Policy.
    The template audit sink policy created by the "custom" option is for illustrative purposes only and is designed to always fail, which causes auditing to fall back to the
    API Gateway
     database.
  • If you created an external JDBC audit sink, the lookup policy also appears as "[
    Internal Audit Sink Policy
    ]" in the Services and Policies list. Modify the policy as required by inserting assertions at the end, but do not modify the system -generated portion of the policy.

Content feedback and comments