PingIntelligence

Audit log

This appendix details audit log entries in the audit.log file. The entries in the audit log files have four components as shown in the following table:

Date Subject Action Resources

YYYY-MM-DD hh:mm:ss

Subject is the module through which actions are performed: CLI, REST API or cluster

Actions are the executed commands.

Resources are the parameters associated with the actions.

Following are the subjects and their description:

Subject Description

cli

CLI commands executed

rest_api

REST API requests received by ASE

cluster

Changes requested by peer node in a cluster

Here is sample output of an audit log file:

2019-06-13 10:45:12 | cli | delete_api | username=admin, api_id=cart
2019-06-13 10:46:13 | rest_api | GET /v4/ase/cluster | x-ase-access-key=admin, x-ase-secret-key=
2019-06-13 10:46:25 | cluster | delete_api | peer_node=192.168.11.108:8020, api_id=shop

CLI

The following table lists the actions and resources for ASE CLI

Action Resources

status

-NA-

add_api

username=, config_file_path=

list_api

username=

api_info

username=, api_id=

api_count

username=

list_api_mappings

username=

delete_api

username=, api_id=

add_server

username=, api_id=, server=,

server_spike_threshold=, server_connection_quota=

list_server

username=, api_id=

server_count

username=, api_id=

delete_server

username=, api_id=, server=

create_key_pair

username=

create_csr

username=

create_self_sign_cert

username=

import_cert

username=, cert_path=

health_status

username=, api_id=

enable_health_check

username=, api_id=

disable_health_check

username=, api_id=

update_password

username=

cluster_info

username=

cookie_count

username=, api_id=

enable_firewall

username=

disable_firewall

username=

enable_abs

username=

disable_abs

username=

enable_abs_attack

username=

disable_abs_attack

username=

abs_info

username=

enable_xff

username=

disable_xff

username=

update_bytes_in_threshold

username=, api_id=, bytes_in_threshold=

update_bytes_out_threshold

username=, api_id=, bytes_out_threshold=

update_client_spike_threshold

username=, api_id=, client_spike_threshold=

update_server_spike_threshold

username=, api_id=, server=, server_spike_threshold=

update_server_connection_quota

username=, api_id=, server=, server_connection_quota

get_auth_method

-NA-

update_auth_method

username=, auth_method=

enable_audit

username=

disable_audit

username=

stop

username=

REST API

Action Resource

POST /v4/ase/api

Content-Type=application/json, x-ase-access-key=,

x-ase-secret-key=

GET /v4/ase/api

-SAME AS ABOVE-

DELETE /v4/ase/api

-SAME AS ABOVE-

POST /v4/ase/server

-SAME AS ABOVE-

GET /v4/ase/server

-SAME AS ABOVE-

DELETE /v4/ase/server

-SAME AS ABOVE-

GET /v4/ase/cluster

-SAME AS ABOVE-

POST /v4/ase/firewall

-SAME AS ABOVE-

GET /v4/ase/firewall

-SAME AS ABOVE-

POST /v4/ase/firewall/flowcontrol

-SAME AS ABOVE-

GET /v4/ase/firewall/flowcontrol

-SAME AS ABOVE-

POST /v4/ase/firewall/flowcontrol/server

-SAME AS ABOVE-

Cluster

Action Resource

add_api

peer_node=, api_id=

delete_api

peer_node=, api_id=

add_server

peer_node=, api_id=, server=,

server_spike_threshold=, server_connection_quota=

delete_server

peer_node=, api_id=, server

enable_health_check

peer_node=, api_id=

disable_health_check

peer_node=, api_id=

enable_firewall

peer_node=

disable_firewall

peer_node=

enable_abs

peer_node=

disable_abs

peer_node=

enable_abs_attack

peer_node=

disable_abs_attack

peer_node=

enable_xff

peer_node=

disable_xff

peer_node=

update_bytes_in_threshold

peer_node=, api_id=, bytes_in_threshold=

update_bytes_out_threshold

peer_node=, api_id=, bytes_out_threshold=

update_client_spike_threshold

peer_node=, api_id=, client_spike_threshold=

update_server_spike_threshold

peer_node=, api_id=, server=, server_spike_threshold=

update_server_connection_quota

peer_node=, api_id=, api_id=, server=,

server_connection_quota=

enable_audit

peer_node=

disable_audit

peer_node=

stop

peer_node=