We have a problem with our Logging .
For our Layer7 API Management systems we have a Log Sink for our internal Logging. This Log Sink is defined with:
Type: Syslog
Severity Threshold: Info
Filters: Category=Audits
We have installed: Layer7 API Gateway 10.1 CR03
When I login into Policy Manager our local ssg-Log shows (e.g) the following log-messages:2023-05-16T14:34:24.295+0200 INFO 390 com.l7tech.server.admin.AdminLoginImpl: User 'username ' logged in from IP 'xxx.xxx.xxx.xxx'.
2023-05-16T14:34:24.295+0200 INFO 390 com.l7tech.server.admin: User logged in
But our defined Logger didn't show all of this messages. The message with which user logs in is not logged.
I thought all of these messages are audit-messages and should be sent to the log system with this logger configuration. But the log-message:
2023-05-16T14:34:24.295+0200 INFO 390 com.l7tech.server.admin.AdminLoginImpl: User 'username' logged in from IP 'xxx.xxx.xxx.xxx''.
doesn't appear in the LOG -system.
What do I need to change within our log sink configuration so that we also receive this message?
Release : 10.1
Gateway events are talking about gateway management.
Logging in via policy manager is privileged activity, and therefore related to gateway management rather than end user activity.
As a workaround you can create a log sink and filter on Package.
Create a new log sink include Gateway log and then add a filter type Package with com.l7tech.server.admin.AdminLoginImp
This will only log this specific message to this logger.