Managing Audit Sinks

The Policy Manager can be configured to send audit details to one or both of the following locations:
gateway91
The Policy Manager can be configured to send audit details to one or both of the following locations:
  • API Gateway
     database. You can view and manage the audit events using the Gateway Audit Events.
  • An audit sink policy. Every audit event is run through a special audit sink policy that performs a specific action on the event, for example:
    • Branch based on the information being audited.
    • Post information via HTTP, JMS, FTP, email, SNMP, or JDBC.
    • Transform messages before auditing them to remove passwords, etc.
An audit sink policy lets you send messages to an external database, message queue, or other location. For more information on this policy, see Working with the Audit Sink Policy.
 
When using an audit sink, consider changing the auditing threshold in the cluster property 
audit.messageThreshold 
from WARNING to INFO. This generates more events, but it ensures that the audit sink policy is invoked for all "bad request" issues that might otherwise be omitted.
 
To manage the audit sink
:
  1. Run the Manage Log/Audit Sinks task and then click [
    Manage Audit Sink
    ] on the Manage Log Sinks dialog. This opens the Audit Sink Properties.
  2. By default, the
    Save audit records to Gateway database
    check box is selected. This sends the audit events to the Gateway's own database, where you can examine them using the Gateway Audit Events. If you wish to disable the internal auditing, clear this check box.
  3. Select the
    Output audit records via audit sink policy
    check box to sends records to the audit sink. An audit sink policy must already be configured. To configure or reconfigure an audit sink policy, click [
    Configure
    ] and then complete the Configure External Audit Store Wizard.
    Clear this check box if you do not want the audit events processed by the audit sink policy. Note that clearing the check box does
    not
    remove any audit sink policy that already exists.
  4. Click [
    OK
    ].
Do the following next:
  • If you enabled a custom audit sink policy, you should edit the audit sink lookup policy now. This policy appears as "[
    Internal Audit Sink Policy
    ]" in the Services and Policies list on the interface. For more information, see Working with the Audit Sink Policy.
    The template audit sink policy created by the "custom" option is for illustrative purposes only and is designed to always fail, which causes auditing to fall back to the
    API Gateway
    database.
  • If you created an external JDBC audit sink, the lookup policy also appears as "[
    Internal Audit Sink Policy
    ]" in the Services and Policies list. Modify the policy as required by inserting assertions at the end, but do not modify the system -generated portion of the policy.