Audit Lookup Context Variables
This section describes context variables that the uses to reconstruct the audits coming in from an audit lookup policy. The policy must populate these context variables when queried. The query is accessible through the ${audit.recordQuery.*} context variables, described in Retrieving an Audit Record and Searching an Audit Record.
gateway83
This section describes context variables that the
API Gateway
uses to reconstruct the audits coming in from an audit lookup policy. The policy must populate these context variables when queried. The query is accessible through the ${audit.recordQuery.*}
context variables, described in Retrieving an Audit Record and Searching an Audit Record. These context variables contain values only when used in an audit lookup policy, or within a policy fragment that is included in an audit lookup policy. If called from any other policy, these variables will not exist and will be interpolated as blank (unless the template.strictMode cluster property is enforced, in which case the calling assertion will fail).
In the following table, an "X" in the variable name refers to the number for each count. The referenced mapped context variables are described in Working with the Audit Sink Policy.
Variable | Description |
|---|---|
${recordQuery.queryresult.count} | The number of records |
${recordQuery.id.X} | The entity ID of the audit record, referenced by the audit detail results |
${recordQuery.nodeid.X} | Maps to audit.nodeId |
${recordQuery.time.X} | Maps to audit.time |
${recordQuery.type.X} | Maps to audit.type |
${recordQuery.audit_level.X} | Maps to audit.audit_level |
${recordQuery.name.X} | Maps to audit.name |
${recordQuery.message.X} | Maps to audit.message |
${recordQuery.ip_address.X} | Maps to audit.ipAddress |
${recordQuery.user_name.X} | Maps to audit.user.name |
${recordQuery.user_id.X} | Maps to audit.user.id |
${recordQuery.provider_oid.X} | Maps to audit.user.idProv |
${recordQuery.signature.X} | Maps to audit.signature |
${recordQuery.entity_class.X} | Maps to audit.entity.class |
${recordQuery.entity_id.X} | Maps to audit.entity.oid |
${recordQuery.status.X} | Maps to audit.responseStatus |
${recordQuery.request_id.X} | Maps to audit.requestId |
${recordQuery.service_oid.X} | Maps to audit.serviceOid |
${recordQuery.operation_name.X} | Maps to audit.operationName |
${recordQuery.authenticated.X} | Maps to audit.authenticated |
${recordQuery.authenticationType.X String} | Maps to audit.authType |
${recordQuery.request_saved.X} | Maps to audit.savedRequestContentLength |
${recordQuery.response_saved.X} | Maps to audit.savedResponseContentLength |
${recordQuery.request_length.X} | Maps to audit.requestContentLength |
${recordQuery.response_length.X} | Maps to audit.responseContentLength |
${recordQuery.request_xml.X} | Maps to audit.reqZip |
${recordQuery.response_xml.X} | Maps to audit.reqZip |
${recordQuery.response_status.X} | Maps to audit.responseStatus |
${recordQuery.routing_latency.X} | Maps to audit.routingLatency |
${recordQuery.properties.X} | Maps to audit.properties |
${recordQuery.component_id.X} | Maps to audit.componentId |
${recordQuery.action.X} | Maps to audit.action |
${detailQuery.queryresult.count} | The number of details (associated logs) |
${detailQuery.audit_oid.X} | The entity ID of the audit record that this detail belongs to |
${detailQuery.time.X} | Maps to audit.details.X.time |
${detailQuery.component_id.X} | Maps to audit.details.X.componentId |
${detailQuery.ordinal.X} | Maps to audit.details.X.ordinal |
${detailQuery.message_id.X} | Maps to audit.details.X.messageId |
${detailQuery.exception_message.X} | Maps to audit.details.X.exception |
${detailQuery.properties.X} | Maps to audit.details.X.properties |
Retrieving an Audit Record
The following context variables retrieve an entire audit record (all values are null if searching for an audit):
Variable | Description |
|---|---|
${audit.recordQuery.guid} | The list of GUID of the audits to retrieve; returns null if searching for audits |
${audit.recordQuery.maxMessageSize} | The maximum size of an audit response/request XML to retrieve; returns null if not applicable |
Searching for an Audit Record
The following context variables search audits (all values are null when retrieving an audit):
Variable | Description |
|---|---|
${audit.recordQuery.minTime} | The start time, in milliseconds |
${audit.recordQuery.maxTime} | The end time, in milliseconds |
${audit.recordQuery.levels} | The list of log level numbers |
${audit.recordQuery.auditType} | The audit type ('%' for all) |
${audit.recordQuery.nodeId} | The node id ('%' for all) |
${audit.recordQuery.serviceName} | The service name ('%' for all) |
${audit.recordQuery.userName} | The user name ('%' for all) |
${audit.recordQuery.userIdOrDn} | The user provider ('%' for all) |
${audit.recordQuery.entityClassName} | The entity class name for admin audit record ('%' for all) |
${audit.recordQuery.entityId} | The entity ID for admin audit record ('%' for all) |
${audit.recordQuery.requestId} | The request ID for a message audit record ('%' for all) |
${audit.recordQuery.operation} | The operation name for a message audit record ('%' for all) |
${audit.recordQuery.messageId} | The audit detail message ID (null = any) |
${audit.recordQuery.operation} | The operation name for message audit record ('%' for all) |