search cancel

The difference of "Download Audit Events"(.dat file) and "Save As"(.ssga file)

book

Article ID: 253005

calendar_today

Updated On:

Products

CA API Gateway

Issue/Introduction

Hi support team,

Good day to you, I am trying to download audit event log and view it again in the exact same format as how we can normally see it in the audit event windows. Below are the 2 steps I tried.

1. View > Gateway Audit Events > File > Download Audit Events > Download

2. View > Saved Events > loaded the .dat / .xml file > unable to see any audit event that i downloaded from 1st step

Please advise if it is possible / how i can do it. I tried reading the .dat file in notepad++ / editor but is kinda messy thus wanna try loading back to policy manager to view the logs in a better view.

 

Thank you.

Environment

Release : 10.0

Resolution

Only the "Saved events"(.ssga file) can be viewed/loaded by audit event viewer.

To save events, you can do it from the Gateway Audit Events window, select [File] > Save as

It will be a .ssga file.

Note that the .ssga file only save the current searched(or displayed) events, and it cannot be more than 1000 records.

 

The "Download Audit Events" is in different format (colon-delimited plain text format), it cannot be read by audit event viewer.

On the other hand, the .ssga is binary data which can be read directly by audit event viewer.

 

The purpose of "Download Audit Events" is to save/backup the audit data before "Delete Old Audit Events". And the .dat format is easier to be imported to other datastore/report system for analysis later. (the .ssga binary fomat cannot be imported to other system)

 

Additional Information

https://techdocs.broadcom.com/us/en/ca-enterprise-software/layer7-api-management/api-gateway/10-1/security-configuration-in-policy-manager/tasks-menu-security-options/view-gateway-audit-events.html