Working with the Audit Lookup Policy

You can configure a special audit lookup policy to look up audit records in an external audit store. This policy is created automatically when the audit sink is first enabled and is overwritten when the external audit store is changed.
gateway83
You can configure a special audit lookup policy to look up audit records in an external audit store. This policy is created automatically when the audit sink is first enabled and is overwritten when the external audit store is changed.
The audit lookup policy is found in the Services and Policies list on the Policy Manager interface:
AuditLookupPolicyGUIl.png
The following characteristics are unique to the audit lookup policy:
  • Only one audit lookup policy is created per 
    CA API Gateway
    cluster.
  • Disabling the audit sink does not remove the audit lookup policy.
  • An audit lookup policy can be deleted only when the audit sink is disabled in the Audit Sink Properties.
  • After the audit lookup policy is deleted, re-enabling the audit sink does not recreate the policy—you must run the Configure External Audit Store Wizard  again.
    • An audit lookup policy can access a large number of auditing-specific context variables that are not available elsewhere in the system. See Audit Lookup Context Variables for details.
    • The properties for an audit lookup policy cannot be modified.
    • Similar to the audit sink policy, there is no request XML coming into the policy.
Aside from the above exceptions, you configure and edit audit lookup policies in a similar fashion to an ordinary policy. This includes creating multiple policy revisions exporting or importing the audit lookup policy.
Deleting the Audit Lookup Policy
When the audit lookup policy is no longer required (that is, the audit sink has been disabled), you can delete it by right-clicking it in the Services and Policies list and selecting
Delete Policy
.
Understanding the Default Audit Lookup Policies
Different default audit lookup policies display in the Policy Manager depending on the type of audit store that was configured in the Configure External Audit Store Wizard
To view the retrieved audits in the Gateway Audit Events window, ensure that your customized audit lookup policy populates the context variables listed in Audit Lookup Context Variables.
Context Variables for the Audit Lookup Policy
The Audit Lookup Policy uses special context variables that only work within a lookup policy. For details, see Audit Lookup Context Variables.
General purpose auditing-related context variables are described in Audit Context Variables.