We are wanting to have the API Gateway (10.1) output  "Enriched Logging in JSON Format" logging as described in this page:

https://techdocs.broadcom.com/us/en/ca-enterprise-software/layer7-api-management/api-gateway/congw-10-1/administer-the-gateway/enriched-logging-in-json-format.html

I was wondering if the functionality described in this web page is available in a regular API gateway (NOT "container gateway")?

Release : 10.1

Why json format does not work the same as container, the container architecture does not  create a local log file in the container. For the container SSG log is send to STDOUT/console.  For the appliance to log the same it will need to be configure to log to console/STDOUT - see last part 

Without logging to the console/STDOUT  The SSG message can be changed to JSON as below.

Updates required 

Container documentation:

https://techdocs.broadcom.com/us/en/ca-enterprise-software/layer7-api-management/api-gateway/congw-10-1/administer-the-gateway/enriched-logging-in-json-format.html

For Gateway Appliance make three changes to the following files then restart the gateway:

# vi /opt/SecureSpan/Gateway/node/default/etc/conf/ssglog.properties add the following at the end:

handlers = com.l7tech.server.log.GatewayRootLoggingHandler, com.l7tech.server.log.ConsoleMessageSink$L7ConsoleHandler

com.l7tech.server.log.GatewayRootLoggingHandler.formatter = com.l7tech.util.JsonLogFormatter

java.util.logging.SimpleFormatter.format=

com.l7tech.server.log.ConsoleMessageSink$L7ConsoleHandler.formatter = com.l7tech.util.JsonLogFormatter

com.l7tech.server.log.ConsoleMessageSink$L7ConsoleHandler.level = CONFIG  

# vi /opt/SecureSpan/Gateway/node/default/etc/conf/node.properties

Added the follow to the node.properties file:

So the node.properties change is
node.java.opts=-Dcom.l7tech.server.audit.log.format=json

The result of the change in the logging:

FROM:

2023-03-01T10:31:41.093-0500 WARNING 147 com.l7tech.server.policy.assertion.ServerAuditDetailAssertion: -5: Policy line: #3 TIME 2023-03-01T15:31:41.092Z; assertion.latency=0,elapsedTime= 42; URI  /echo; Method:  GET; ContentLength: 

2023-03-01T10:31:41.115-0500 INFO    147 com.l7tech.server.message: Processing request for service: Echo [/echo]

TO:

2023-03-01T10:24:48.582-0500 WARNING 148 com.l7tech.server.policy.assertion.ServerAuditDetailAssertion: {"detail-id":-5.0,"message":"Policy line: #3 TIME 2023-03-01T15:24:48.582Z; assertion.latency\u003d0,elapsedTime\u003d 45; URI  /echo; Method:  GET; ContentLength: ","service":"Echo [/echo]","service-folder-path":"/","listen-port":"Default HTTP (8080)","client-ip":"###.###.###.###","request-id":"2870993449beb592-65a2fabf70fbab9e"}

2023-03-01T10:24:48.606-0500 WARNING 148 com.l7tech.server.message: {"assertion-status":"No Error","authenticated":false,"client-ip":"###.###.###.###","id":"c9090a9a-4e2b-4bbf-a1fb-b417caf6fcc1","message":"Message processed successfully","node-id":"45787e7fd5d14e37bfaa0c9672f245c4","request-id":"2870993449beb592-65a2fabf70fbab9e","routing-http-status":200,"routing-latency":0,"service":"Echo [/echo]","type":"message"}

Complete log message to JSON for the appliance to log same as container need to it edit rsyslog.conf,  then reboot the VM

For console you can just add local5 and remove all others

# vi /etc/rsyslog.conf

local5.* -/var/log/localmessages

Results request to gateway service ECHO:

# tail -f  /var/log/localmessages

2023-03-02T08:35:42.053769-08:00 <HostName> ssg: {"package":"com.l7tech.server.policy.assertion.ServerAuditDetailAssertion","level":"WARNING","log":{"detail-id":-5.0,"message":"Policy line: #3 TIME 2023-03-02T16:35:42.051Z; assertion.latency\u003d0,elapsedTime\u003d 5; URI  /echo; Method:  GET; ContentLength: ","service":"Echo [/echo]","service-folder-path":"/","listen-port":"Default HTTP (8080)","client-ip":"###.###.###.###","request-id":"e17b0295745f8f11-2f4a26869e1a9167"},"time":"2023-03-02T08:35:42.052-0800"}

2023-03-02T08:35:42.056374-08:00 <HostName> ssg: {"package":"com.l7tech.server.message","level":"WARNING","log":{"assertion-status":"No Error","authenticated":false,"client-ip":"###.###.###.###","id":"0fe8b8c4-bb47-4674-9dbd-1d2bde53dc76","message":"Message processed successfully","node-id":"88b33092a2b64ed5bc7f62bcb2c0a813","request-id":"e17b0295745f8f11-2f4a26869e1a9167","routing-http-status":200.0,"routing-latency":0.0,"service":"Echo [/echo]","type":"message","service-folder-path":"/","listen-port":"Default HTTP (8080)"},"time":"2023-03-02T08:35:42.055-0800"}

2023-03-02T08:35:42.322691-08:00 <HostName> ssg: {"package":"com.l7tech.server.MessageProcessor","level":"INFO","log":{"client-ip":"###.###.###.###","request-id":"e17b0295745f8f11-2f4a26869e1a9168","message":"Request URL not resolved: http://<HostName>:8080/favicon.ico","listen-port":"Default HTTP (8080)"},"time":"2023-03-02T08:35:42.321-0800"}

Additional information

The /etc/rsyslog.conf file exists in the BSD and linux distributions in contrast to the SYSV-driven systems such as HP-UX and Solaris which use the file /etc/syslog.conf

The rsyslog.conf is the configuration file of /sbin/rsyslogd you can find out about local0 to 7 by

man rsyslog.conf  local0-local7 are local facilities defined by the user, to log specific deamons

For console you can just add local5 and remove all others

local5.* -/var/log/localmessages