Audit Cluster Properties

The following cluster properties configure the various thresholds used for auditing. To learn more about auditing, see the following topics:
9-5
The following cluster properties configure the various thresholds used for auditing. To learn more about auditing, see the following topics:
Property
Description
audit.adminThreshold
Minimum level to save an administrative audit record to the database. Value must be a valid severity level.
Default:
INFO
Setting this threshold to a level above INFO prevents most administrative audits from being saved or sent to an audit sink.
audit.assertionStatus
Assertion status level for saving a record. Use the highest assertion status level when checking if a record should be saved. When set to true, the highest level assertion status from the policy raises the audit level to be the same level. This can log INFO messages when the audit threshold is set to "WARNING.Value is a Boolean."
Default:
true
audit.auditDetailExcludeList
Audit detail codes to exclude at runtime. Separate each code with a space. The codes are not logged nor are visible in the Gateway Audit Events window.
This is a hidden property that is not selected from the drop-down list. Manually enter in this property in the Key field.
audit.batchExternal
Send audit details immediately or batch them by configure log sinks.
  • true
    = audits are recorded only when message processing is complete; when batched, the severity filters for audits are applied
  • false
    = audits are output immediately; filtering is not applied for audit details
Default:
true
audit.clientServicesThreshold
Minimum level for a token or policy request to be saved to the database. The WARNING level turns off auditing for all client services, as token/policy requests have an audit level of INFO. Value: must be a valid severity level.
Default:
WARNING
audit.detailThreshold
Minimum level for an audit detail message to be saved to the database.
Value: must be a valid severity level.
Default:
INFO
audit.detailThresholdRespected
Controls if a record is saved. Value is a Boolean.
Default:
true
audit.export.group_concat_
max_len
Exports audits using the session value for the variable, MySQL group_concat_max_len server.
Minimum value is 1024 bytes.
Default:
1048576
(bytes)
audit.external.name
Name of the data source to use for external auduiti persistence.
Default:
<blank>
audit.hinting
Controls if audit messages are displayed to provide hints for audited information (such as save code for the request). Value is a Boolean.
Default:
false
audit.includeClusterPropertyValues
Enable auditing of changes to cluster properties. Value is a Boolean.
  • true
    = All changes to cluster properties are recorded in audits and Gateway logs (see below for details).
  • false
    = No changes to cluster properties are recorded (pre-v8.3 behavior).
Default:
false
What is Logged
When this property is enabled, all cluster properties added to the Manage Cluster-Wide Properties dialog are recorded with a log entry similar to:
ClusterProperty #8164b8592610b74e1a75bd944a62e4a7 (test) created with value foobar
This is true whether the default value for the property is used or a new value is entered.
When a cluster property value is changed in the Manage Cluster-Wide Properties dialog, a log entry similar to this is recorded:
ClusterProperty #8164b8592610b74e1a75bd944a62e4a3 (test) updated (changed value) from foobar to widget
For more details on the next five
"audit.log.*"
properties, see "Customizing the Audit Format for Logging" in Gateway Auditing Threshold and Format.
audit.log.maxFormattedMessageSize
(Available in v10.0 CR1)
Maximum number of bytes that is allowed before truncating the Message Audit Record for a FormattedMessage.
Default:
10000
Maximum value:
1000000
audit.log.other.detailFormat
Format for other (non-service) audit details.
Default:
{0}: {1}
audit.log.other.format
Format for other (non-service) audit logs.
Default:
{1}
audit.log.service.detailFormat
Format for details related to a service audit.
Default:
{0}: {1}
audit.log.service.footerFormat
Format for the final (summary) log message of a service audit.
Default:
{1}
audit.log.service.headerFormat
Format for the first log message of a service audit.
Default:
Processing request for service: {3}
audit.lookup.cache.messageSizeLimit
Maximum audit message size that is cached from the audit lookup policy. A value of zero indicates unlimited size.
Default:
10485760
(bytes)
audit.lookup.policy.guid
GUID of the internal policy for audit lookup. A blank value indicates no audit lookup policy (Output audit records using audit sink policy check box in the Manage Audit Sink dialog is not selected).
This is a hidden property that is not selected from the drop-down list. Manually enter in this property in the Key field.
audit.managementStrategy
Specify how the Gateway should respond when the database exceeds the threshold defined in the
audit.archivershutdownthreshold
cluster property.  The value is case sensitive.
  • STOP:
    Gateway stops processing requests and terminates audit logging.
  • BYPASS:
    Gateway continues processing requests but terminates audit logging. Internal Gateway logging continues, with a SEVERE-level message that audit logging has stopped.
    As a best practice, if your organization plans to store audits in the Appliance Gateway's configuration database, the BYPASS setting should be used. For Container Gateways that use a database-less audit system, this setting does not have an effect.
Default:
STOP
audit.messageSizeLimit
Maximum message size for inclusion in an audit event. Messages that exceed this size are not audited. Instead, "Message not audited, message size exceeds limit." is logged. A value of zero indicates unlimited size.
Default:
10485760
(bytes)
This property does not apply to audits sent to an external audit sink.
audit.messageThreshold
Minimum level for a message at the end of processing before it is saved to the database. Value must be a valid severity level.
Default:
WARNING
auditmsg.override.XXXX
Overrides the text of audit message 'XXXX' with text of your choice. For details, see Audit Detail Codes. Changes take effect within 30 seconds without restarting the
Layer7 API Gateway
.
Example:
Message 6701 default text is: "Bad destination email address". Using auditmsg.override.6701, you change the message to "Cannot resolve the destination email address."
This is a hidden property that is not selected from the drop-down list. Manually enter in this property in the Key field.
The code for an audit message is also displayed in the Event Details section of the Gateway Audit Events window.
audit.originalMainPart.enable
Saves the original document for requests and responses. This enables the ".originalMainPart" suffix for context variables of type Message.
Restart the Gateway for the changes to take effect.
Default:
false
WARNING:
Enabling this cluster property reduces performance of the
Layer7 API Gateway
and may increase memory used during message processing. Consider reducing the maximum concurrency to compensate, by using the Apply Rate Limit Assertion.
audit.purgeMinimumAge
Determines which audits are removed when using the "Delete Old Audit Events" option in the Gateway Audit Events window. All non-severe audit older than this value are deleted.
Default:
168
(hours)
Audits at the SEVERE level are not removed, regardless of age.
audit.setDetailLevel.
<level>
Overrides the audit level of a particular audit code to suit your needs, where
<level>
is one of:
SEVERE
WARNING
INFO
CONFIG
FINE
FINER
FINEST
Enter a list of audit codes, separated by spaces, into the appropriate
<level>
cluster property. The audit code is overridden to that level for auditing purposes.
The original levels from Gateway Audit Events window.
This is a hidden property that is not selected from the drop-down list. Manually enter in this property in the Key field.
For more information on using this cluster property, see "Overriding the Audit Level" in View Gateway Audit Events.
audit.signing
Controls whether audit records are signed. The signed status of an audit record is shown in the Gateway Audit Events window. Value is a Boolean.
Default:
false
The
Layer7 API Gateway
does not support the signing of audit records using an ECC key.
audit.sink.fallbackToInternal
Controls whether auditing returns to the internal database if the configured audit sink policy fails:
  • true
    = audit records are saved to the database
  • false
    = an error is logged and the audit record is lost
Default:
true
If the Audit Sink Properties is configured for both the internal database and the audit sink, the audit record is always be saved to the database, regardless of the outcome of the audit sink policy.
audit.sink.url
Destination URL used by the audit sink policy if the route is not customized.
Default:
http://localhost:4680/
log.buffer.messageSizeLimit
Maximum size for unformatted log messages. The minimum value is 128; any value lower than this is rounded up to 128.
Default:
4096
(characters)
log.buffer.parameterSizeLimit
Maximum size for unformatted log message parameter. The minimum value is 128; any value lower than this is rounded up to 128.
Default:
4096
(characters)
log.console.threshold
Sets the logging threshold level for console logs using Java logging levels.
Default:
INFO
log.filenameTemplate
Template of the file name pattern for log file names.
Default:
{1}_{2}_{3}.log
Where:
{1}
= sink name
{2}
= generation number to distinguish rotated logs
{3}
= unique number to resolve conflicts
To change the format, omit or rearrange the placeholders. For example:
{2}_{3}.log excludes the sink name
{1}_{2}_{3}_QA_Environment.log appends "QA_Environment" to the log name
log.levels
Logger level for a specific node. Multiple levels can be defined. For details, see Gateway Logging Levels and Thresholds.
Default:
com.l7tech.level = CONFIG
Do not change this cluster property unless directed by Support.
log.stderrLevel
Level for logging messages from standard error. Value is one of: FINEST, FINER, FINE, INFO, WARNING, SEVERE.
Default:
WARNING
log.stdoutLevel
Level for logging messages from standard output. Value is one of: FINEST, FINER, FINE, INFO, WARNING, SEVERE.
Default:
INFO
syslog.dateFormat
Syslog date-time format. Default value is MMM d HH:mm:ss.SSS. Invalid Java SimpleDateFormat will be ignored and the default will be used.
This is a hidden property that is not selected from the drop-down list. Manually enter in this property in the Key field.