Audit Sink Context Variables

The following context variables are relevant only when used in an audit sink policy, or within a policy fragment that is included in an audit sink policy. If called from any other policy, these variables do not exist and are interpolated as blank. If the template.strictMode cluster property is enforced, the calling assertion fails.
gateway83
The following context variables are relevant only when used in an audit sink policy, or within a policy fragment that is included in an audit sink policy. If called from any other policy, these variables do not exist and are interpolated as blank. If the
template.strictMode
cluster property is enforced, the calling assertion fails.
Variable
Description
${audit.action}
For system audit records (audit.type="system"): This returns short description of the action that was happening when the audit event was generated; for example: "Initializing".
For administrative audit records (audit.type="admin"): This returns the type of event that generated this record (C=Created, U=Updated, D=Deleted, L=Login, X=Logout, O=Other).
${audit.authType}
How the user was authenticated (for example, "HTTP Basic" ).
${audit.component}
The component, for example, "Certificate Signing Service" (for audit.type="system").
${audit.componentId}
For system audit records (audit.type="system"): This returns the ID of the component this audit record relates to.
${audit.entity.class}
The entity class that is changed by the admin request (for audit.type="admin"); for example: "com.l7tech.identity.User".
${audit.entity.oid}
The ID of the entity instance that is changed by the admin request (for audit.type="admin").
${audit.ipAddress}
IP address of client (if audit.type="message" or "admin") or
Layer7 API Gateway
node (if audit.type="system").
${audit.level}
The numeric value of the audit level:
1000 = SEVERE
900 = WARNING
800 = INFO
700 = CONFIG
500 = FINE
400 = FINER
300 = FINEST
${audit.levelStr}
The string value of the audit level (for example, "INFO").
${audit.message}
The audit message in human-readable format.
${audit.name}
The name of the service (if audit.type="message"), admin user (if audit.type="admin"), or subsystem (if audit.type="system").
${audit.nodeId}
The ID of the
Layer7 API Gateway
cluster node that produced this audit record.
${audit.policyExecution
Attempted}
Initially "false"; set to "true" if processing reached the point of resolving and running a target policy for the request.
When this variable returns "true", you may assume that further audit decisions could have been made by the policy. If it returns "false", then the request has relevance only in the audit sink policy.
${audit.properties}
The mapping values and any additional fields in XML form
${audit.requestId}
The
Layer7 API Gateway
-assigned internal ID of the request that was processed (if audit.type="message" or "admin").
${audit.sequenceNumber}
The sequence number that is assigned to this audit record, useful for ordering the records later.
${audit.signature}
The signature of the audit
${audit.time}
The timestamp of the audit record, in milliseconds since 1970-Jan-01.
${audit.type}
The type of audit record: "message", "system", or "admin". For more information about the different types, see About Message Auditing.
${audit.user.id}
The ID of the last authenticated user (if audit.type="message") or the administrator (if audit.type="admin").
${audit.user.idProv}
The ID of the identity provider in which the user ID and user name is meaningful.
${audit.user.name}
The name of the last authenticated user (if audit.type="message") or the administrator (if audit.type="admin").
For message audit records (audit.type="message"), the following lists more context variables that are available. The values from the Request and Response messages are as of the end of message processing.
Variable
Description
${audit.authenticated}
The request was authenticated for an identity.
${audit.filteredrequest}
The actual request that is sent to the back-end service. This request may have been altered and encrypted by an audit message filter (AMF) internal use policy.
If you want to retrieve the actual original request, before any filtering has occurred, use the
${audit.request}
variable instead.
Unlike
${
audit.request}
, the
${audit.filteredrequest
}
variable is type String rather than type Message. This means you cannot use the
.mainpart
suffix when interpolating the variable.
${audit.filteredresponse}
The actual response that is returned. This is the response that is displayed in the internal use policy.
CA Technologies recommends using
${audit.filteredresponse}
instead of
${audit.response}
if you want to view the actual response.
Reason:
The
${audit.response}
variable may be retrieved from any point in the policy. As a result, it may be empty or different from the actual final response in case of error.
Unlike
${
audit.response}
, the
${audit.filteredreresponse
}
variable is type String rather than type Message. This means you cannot use the
.mainpart
suffix when interpolating the variable.
${audit.mappingValuesOid}
The ID of the custom mapping value in effect when this record was processed (if any).
${audit.operationName}
The name of the SOAP operation that was invoked.
${audit.requestContentLength}
The size of the final request message, in bytes.
${audit.requestSavedFlag}
Whether the audit record flags that the final request should be saved (true/false).
${audit.responseContentLength}
The size of the final response message, in bytes.
${audit.responseSavedFlag}
Whether the audit record flags that the final response should be saved (true/false).
${audit.responseStatus}
The HTTP status code of the back-end response
${audit.reqZip}
The zipped request message in binary array
${audit.resZip}
The zipped response message in binary array
${audit.routingLatency}
The number of milliseconds that elapsed inside the last outbound routing assertion.
${audit.savedRequestContentLength}
The size of the saved request message, in bytes, -1 for not saved
${audit.savedResponseContentLength}
The size of the saved response message, in bytes, -1 for not saved
${audit.serviceOid}
The ID of the service that accepted the request.
${audit.status}
The final assertion status that is returned by the original policy.
${audit.request}
The original request message. Compare this to
${audit.filteredrequest}
.
${audit.response}
The response message from a particular point during policy execution.
If you need the
actual
response that is returned, use
${audit.filteredresponse}
instead. If policy execution is successful, both 
${audit.response}
and
${audit.filteredresponse}
return the same thing. But upon error,
${audit.response}
may be empty or it may radically differ from
${audit.filteredresponse}
.
${audit.var.<originalContextVar>}
The "${audit.var}" prefix provides access to the original message processing context variables. For example,
${audit.var.httpRouting.latency}
would return the number of milliseconds it took to do downstream routing of the original request.
Avoid using the "${audit.var}" prefix to access time-related variables. For example, the variables
${audit.var.request.elapsedTime}
vs.
${request.elapsedTime}
may return slightly different values, even though both return the "elapsed time" of the request. In this example, it is best to use the  Add Audit Detail Assertion the service policy to display the value for
${request.elapsedTime}
, rather than using
${audit.var.request.elapsedTime}
in an audit sink policy.