Manage Log/Audit Sinks

The gateway supports any number of administrator-defined sinks for logging. Use the Manage Log Audit Sinks task to create, modify or remove a log sink.
gateway92
The 
CA API Gateway
supports any number of administrator-defined sinks for logging. Use the Manage Log Audit Sinks task to create, modify or remove a log sink.
You can also use this task to manage where audit records should be sent: either to the Gateway database and/or to a special audit sink policy that defines what happens to the audit event. For more information, see  Managing Audit Sinks.
Prerequisite
:
  • If logging to a Syslog log sink, ensure that a Syslog daemon that supports either UDP or plain TCP from remote systems has been configured.
    For optimal performance, ensure that the Syslog server is located on the same network as the Gateways nodes writing to it.
  • Ensure that all nodes can communicate on the network to the external database server for the log sink, otherwise the Gateway may fail to start properly.
Creating additional log sinks does not affect the built-in auditing features of the Gateway. Audit information can still be logged to the Gateway database and/or to an audit sink, even if information is also written to one or more log sinks.
IMPORTANT:
Avoid creating too many log sinks, as this affects Gateway performance. CA Technologies recommends no more than three log sinks for best performance. Any detailed filtering should be handled by external systems.
To manage log sinks
:
  1. In the Policy Manager, select
    [Tasks] > Logging and Auditing > Manage Log/Audit Sinks
    from the Main Menu (on the browser client, from the Manage menu).
    The Manage Log Sinks dialog appears.
  2. Select a task to perform:
    To...
    Do this...
    Create a new log sink
    1. Click [
      Create
      ].
    2. Complete the  Log Sink Properties.
    Clone an existing log sink
    1. Select the log to clone.
    2. Click [
      Clone
      ].
    3. Edit the  Log Sink Properties as required.
    Remove a log sink
    1. Select the log to remove.
    2. Click [
      Remove
      ].
    View or edit the properties of a log sink
    1. Select the log to view.
    2. Click [
      Properties
      ]. See  Log Sink Properties for details.
    Control how audit records are handled
  3. Click [
    Close
    ] when done.
Logged Information
How information is logged depends on whether the log sink outputs to a file or a Syslog server:
  • If a file, log/audit information will be written in the 'Standard' format. For more information, see  Log Sink Properties, [
    File Settings
    ] tab, Format field.
  • If Syslog, log/audit information will be mapped to the Syslog items as follows:
    • Facility
      : As configured
    • Severity
      : Mapped from the log/audit level.
    • Timestamp
      : As per the log/audit event
    • Hostname
      : The hostname of the Gateway
    • Message
      • Tag
        : Identifier for the process, which is the Gateway plus "default_" and thread (for example: Gateway1-default_[17282])
      • Content
        : As per the log/audit event, truncated to size limit (line feeds are replaced with a single space if TCP)
These items are a standard part of the Syslog protocol as defined in RFC 3164 - The BSD Syslog Protocol. For more information, see http://www.faqs.org/rfcs/rfc3164.html.
Code
Severity
Levels
0
Emergency: system is unusable
1
Alert: action must be taken immediately
2
Critical: critical conditions
3
Error: error conditions
SEVERE
4
Warning: warning conditions
WARNING
5
Notice: normal but significant conditions
6
Informational: informational messages
INFO
7
Debug: debug-level messages
CONFIG, FINE, FINER, FINEST
Note that you cannot save debug messages in the default configurations.