Audit for CA API GW policies and/or configuration changes
search cancel

Audit for CA API GW policies and/or configuration changes

book

Article ID: 233588

calendar_today

Updated On:

Products

CA API Gateway

Issue/Introduction

Please kindly advice if CA API Gateway has out of box mechanism to be able to audit the activates and  changes done by privileged account (e.g. Admin) ?

e.g. if user do changing LDAP configuration , global polices parameters and/or policies updates in  API GW how and where to find who , when and what was changed?    

Environment

Release : 10.0

Component : API GATEWAY

Resolution

For policy/services changes you can right click a specific policy/service and look at “Revision History”.  This keeps a record of the changes and who made the changes 

Limit auditing in this area - the configuration of audit assertions occurring in policy.  What does get place in audit and SSG log is the log in of the user into policy manager:

 

Node                : Gateway1

Time                : 20220201 10:59:32.557

Severity            : INFO

Message             : User logged in

Audit Record ID     : 213f0d05356b7755078e033c91577f91

 

Event Type          : Manager Action

Admin User Name     : <username>

Admin User ID       : 213f0d05356b7755078e033c91577f82

Identity Provider ID: 0000000000000000fffffffffffffffe

Admin IP            : <UserIP>

Action              : Admin Login

 

Changes to LDAP provided there is also some info audit.  Logs the ID making the change but no details on exact change.

Node                : Gateway1

Time                : 20220201 11:01:45.930

Severity            : INFO

Message             : LdapIdentityProviderConfig #616899ee2f44f514a14251da8f715cdf (<LDAP Hostname>) updated (changed serializedProps)

Audit Record ID     : 213f0d05356b7755078e033c91577fb5

 

Event Type          : Manager Action

Admin User Name     : <username>

Admin User ID       : 213f0d05356b7755078e033c91577f82

Identity Provider ID: 0000000000000000fffffffffffffffe

Admin IP            : <UserIP>

 

Action              : Object Changed

Entity Name         : <LDAP Hostname>

Entity ID           : 616899ee2f44f514a14251da8f715cdf

Entity Type         : identity.ldap.LdapIdentityProviderConfig

 

Changes to existing policy.  Audits ID  in the message as well as the policy changed  - but no details on exact change.

 

Node                : Gateway1

Time                : 20220201 11:11:56.678

Severity            : INFO

Message             : Policy #616899ee2f44f514a14251da8f72b223 (Policy for service #616899ee2f44f514a14251da8f72b221, Route-1) updated (changed xml)

Audit Record ID     : 213f0d05356b7755078e033c91578033

 

Event Type          : Manager Action

Admin User Name     : <username>

Admin User ID       : 213f0d05356b7755078e033c91577f82

Identity Provider ID: 0000000000000000fffffffffffffffe

Admin IP            : <UserIP>

 

Action              : Object Changed

Entity Name         : Policy for service #616899ee2f44f514a14251da8f72b221, Route-1

Entity ID           : 616899ee2f44f514a14251da8f72b223

Entity Type         : policy.Policy

Powered by Wolken Software