Manage Log/Audit Sinks
The gateway supports any number of administrator-defined sinks for logging. Use the Manage Log Audit Sinks task to create, modify or remove a log sink.
Layer7 API Gatewaysupports any number of administrator-defined sinks for logging. Use the Manage Log Audit Sinks task to create, modify or remove a log sink.
You can also use this task to manage where audit records should be sent: either to the Gateway database and/or to a special audit sink policy that defines what happens to the audit event. For more information, see Managing Audit Sinks.
- If logging to a Syslog log sink, ensure that a Syslog daemon that supports either UDP or plain TCP from remote systems has been configured.For optimal performance, ensure that the Syslog server is located on the same network as the Gateways nodes writing to it.
- Ensure that all nodes can communicate on the network to the external database server for the log sink, otherwise the Gateway may fail to start properly.
Creating additional log sinks does not affect the built-in auditing features of the Gateway. Audit information can still be logged to the Gateway database and/or to an audit sink, even if information is also written to one or more log sinks.
IMPORTANT:Avoid creating too many log sinks, as this affects Gateway performance. CA Technologies recommends no more than three log sinks for best performance. Any detailed filtering should be handled by external systems.
To manage log sinks:
- In the Policy Manager, select[Tasks] > Logging and Auditing > Manage Log/Audit Sinksfrom the Main Menu (on the browser client, from the Manage menu).The Manage Log Sinks dialog appears.
- Select a task to perform:To...Do this...Create a new log sink
Clone an existing log sink
- Click [Create].
- Complete the Log Sink Properties.
Remove a log sink
- Select the log to clone.
- Click [Clone].
- Edit the Log Sink Properties as required.
View or edit the properties of a log sink
- Select the log to remove.
- Click [Remove].
Control how audit records are handled
- Select the log to view.
- Click [Properties]. See Log Sink Properties for details.
- Click [Close] when done.
How information is logged depends on whether the log sink outputs to a file or a Syslog server:
- If a file, log/audit information will be written in the 'Standard' format. For more information, see Log Sink Properties, [File Settings] tab, Format field.
- If Syslog, log/audit information will be mapped to the Syslog items as follows:
- Facility: As configured
- Severity: Mapped from the log/audit level.
- Timestamp: As per the log/audit event
- Hostname: The hostname of the Gateway
- Tag: Identifier for the process, which is the Gateway plus "default_" and thread (for example: Gateway1-default_)
- Content: As per the log/audit event, truncated to size limit (line feeds are replaced with a single space if TCP)
These items are a standard part of the Syslog protocol as defined in RFC 3164 - The BSD Syslog Protocol. For more information, see http://www.faqs.org/rfcs/rfc3164.html.
Emergency: system is unusable
Alert: action must be taken immediately
Critical: critical conditions
Error: error conditions
Warning: warning conditions
Notice: normal but significant conditions
Informational: informational messages
Debug: debug-level messages
CONFIG, FINE, FINER, FINEST
Note that you cannot save debug messages in the default configurations.