search cancel

Emulating the Apache httpd access_log via a Gateway log sink

book

Article ID: 42533

calendar_today

Updated On:

Products

STARTER PACK-7 CA Rapid App Security CA API Gateway

Issue/Introduction

The Apache httpd access_log?is used by administrators to obtain an at-a-glance idea of recent HTTP requests against a web server. It provides simple information such as the requestor IP address, the system time when the request was received, the resource being requested, and other pertinent information regarding the request and response.

The CA API Gateway does not possess an equivalent log as it relies on the Gateway Audit Event Viewer to provide low-level logging and auditing. It may be desirable to construct such a log sink in order to integrate the Gateway into existing HTTP and web services monitoring systems.

Environment

Release:
Component: APIGTW

Resolution

Deploying a solution that services as an analog to the access_log involves several specific functional steps that will be discussed in this document. It involves defining a global policy, template log message, and Gateway log sink.


Deploying a global policy

CA Support recommends leveraging a Global Policy Fragment to contain this solution. This will ensure that the log entry is generated for all requests against all services published on the Gateway. Use a global policy such as message-completed or post-service to ensure that all of the necessary variables and data are available to be logged.


Defining a template log message

An example access_log definition may contain the following items if they are present or defined:

  • Requestor TCP IP address
  • Authenticated user
  • Current system time
  • HTTP method used
  • Resource accessed
  • HTTP status code returned
  • Response message size

These pieces of information are available as context variables within a policy defined on the API Gateway. The following respective variables can be used (although others can be added or removed as preferred):

  • request.tcp.remoteAddress
  • request.authenticateduser
  • request.time.local
  • request.http.method
  • request.url.path
  • response.http.status
  • response.mainpart.size

The template log message should be set in the Add Audit Details assertion. This assertion allows an administrator or policy author to create a customized log entry to be generated by a policy. The following XML is a sample Add Audit Details assertion using the context variables specified above:

<?xml version="1.0" encoding="UTF-8"?>
<wsp:Policy xmlns:L7p="http://www.layer7tech.com/ws/policy" xmlns:wsp="http://schemas.xmlsoap.org/ws/2002/12/policy">
    <wsp:All wsp:Usage="Required">
        <L7p:AuditDetailAssertion>
            <L7p:CustomLoggerSuffix stringValue="access"/>
            <L7p:Detail stringValue="${request.tcp.remoteAddress} | ${request.authenticateduser} | [${request.time.local}] | &quot;${request.http.method} ${request.url.path}&quot; | ${response.http.status} | ${response.mainpart.size}"/>
            <L7p:LoggingOnly booleanValue="true"/>

        </L7p:AuditDetailAssertion>
    </wsp:All>
</wsp:Policy>


This XML can be copied and pasted into a policy for inspection or modification. The presence of this assertion in a policy will result in the specified detail message being logged to the Gateway as customized Java class. The example above will result in the following log message once a valid log sink is configured

INFO   142 com.l7tech.log.custom.access: -4: 10.15.2.22?| ?| [2014-02-11T17:58:23.262Z] | "GET /rest/service/path" | 200 | 0



Creating a custom log sink

A log sink must be created to leverage the custom logger set in the Add Audit Details assertion. Open the Manage Log/Audit Sinks task and select Create to build a new log sink. Fill out the following dialogs as follows:










<Please see attached file for image>



<Please see attached file for image>



Resolution


The log sink should be visible in the View Logs area of the Policy Manager as follows:


 

<Please see attached file for image>



 

The log sink should contain logs similar to the following


 

<Please see attached file for image>



 

Attachments

1558722760987000042533_sktwi1f5rjvs16wlr.jpeg get_app
1558722759114000042533_sktwi1f5rjvs16wlq.jpeg get_app
1558722757145000042533_sktwi1f5rjvs16wlp.jpeg get_app
1558722755021000042533_sktwi1f5rjvs16wlo.jpeg get_app