Enabling API audit traffic logging
Enable API audit logging including request and responses.
Steps
-
Edit the
<PA_HOME>/conf/log4j2.xml
file. -
In the Logger section, uncomment the
AppenderRef
element for the API audit log HAR file.Example:
<!-- Audit Log Configuration--> <Logger name="apiaudit" level="INFO" additivity="false"> <AppenderRef ref="APIAuditLog-File"/> <!--<AppenderRef ref="ApiAuditLog-Database-Failover"/>--> <!--<AppenderRef ref="ApiAuditLog-SQLServer-Database-Failover"/>--> <!--<AppenderRef ref="ApiAuditLog-PostgreSQL"/>--> <!--<AppenderRef ref="ApiAudit2Splunk"/>--> <AppenderRef ref="ApiAuditLog-HarFile"/> </Logger>
-
In the Appenders section, uncomment the
RollingFile
.Example:
<Appenders> ... <RollingFile name="ApiAuditLog-HarFile" fileName="${sys:pa.home}/log/pingaccess_api_audit_har.log" filePattern="${sys:pa.home}/log/pingaccess_api_audit_har.%d{yyyy-MM-dd}.log" ignoreExceptions="false"> <StatusCodeRegExFilter regex=".*"/> <HarLogLayout> <KeyValuePair key="AUDIT.metadata" value="true"/> <KeyValuePair key="AUDIT.http-client" value="true"/> </HarLogLayout> <Policies> <TimeBasedTriggeringPolicy /> </Policies> </RollingFile>
-
Optional: To filter the entries to add to the log file, edit the value of the
StatusCodeRegExFilter
element. -
Optional: To specify what information to log, add or edit the values in the
HarLogLayout
section of theRollingFile
element.You can add or edit metadata and client response values. For more information, see Traffic logging reference.
Result
Logging begins when the configuration reloads. The configuration reloads at regular intervals according to the monitorInterval
value.