In our production environment one of the service facing Intermittent issues. We disabled all audits with SEVERE condition to avoid audit database fill ups and there is no option to find out root cause Goal We want enable audit for that service only with INFO condition and the other services remain @SEVERE
Release : 10.1
Component :
You do not need to change anything in Cluster-Wide properties.
Recommend creating new log sink (example Route-3), selecting Service for filter type, then click the service to log
Need to add Category-Gateway Log n the log Sink Properties
Make sure Audit Message in Policy is also present
Audit details in policy , logging to custom logger name (Example Route3)
Tail the Route3 log
2022-01-07T14:27:05.258-0500 WARNING 8531 com.l7tech.log.custom.Route3: -5: Policy#: 7| assertion.lat=0| ElapsedTime=1| GatewayTime: 2022-01-07T19:27:05.256Z| Elapsed time: |
Status Code MYBUY: 0|Routing latency:| Reason code:
2022-01-07T14:27:05.270-0500 WARNING 8531 com.l7tech.log.custom.Route3: -5: Policy#: 9| assertion.lat=7| ElapsedTime=14| GatewayTime: 2022-01-07T19:27:05.256Z| Elapsed time: |
Status Code MYBUY: 200|Routing latency:5| Reason code: 200