Imperva gw-audit messages logged consistently in the log file

book

Article ID: 167896

calendar_today

Updated On:

Products

XOS

Issue/Introduction

The gw-audit messages are seen in the log file due to the action-set not being configured correctly to send syslog.The following messages appear in the log:
Jul 18 12:05:04 imp_2 gw-audit: 00000000000000000000,00993812025799991000,05584535067130038343,09199652542683944512,test
Jul 18 12:05:14 imp_2 gw-audit: 00000000000000000000,00993812025799991000,05584535067130038343,16883339170579214213,test
Jul 18 12:05:14 imp_2 last message repeated 25 times
Jul 18 12:05:22 imp_1 gw-audit: 00000000000000000000,00993812025799991000,05584535067130038343,16883339170579214213,test
Jul 18 12:05:22 imp_1 last message repeated 28 times
Jul 18 12:05:29 imp_2 gw-audit: 00000000000000000000,00993812025799991000,05584535067130038343,16883339170579214213,test
Jul 18 12:05:29 imp_2 last message repeated 23 times
Jul 18 12:05:29 imp_1 gw-audit: 00000000000000000000,00993812025799991000,05584535067130038343,16883339170579214213,test
Jul 18 12:05:33 imp_1 last message repeated 23 times
Jul 18 12:05:37 imp_2 gw-audit: 00000000000000000000,00993812025799991000,05584535067130038343,16883339170579214213,test
Jul 18 12:05:37 imp_2 last message repeated 12 times


The gw-audit log entries are logged consistently for the Imperva vap-group.

Cause

The issue occurs due to the Imperva application not sending syslog for Audit Info.

Resolution

Review the action-set definitions to identify the action-set which is not configured correctly to send syslog, and enable syslog.

It is recommended to open a case with Imperva support, to discuss the issue and perform appropriate changes to resolve the issue.

Workaround

N/A