PingIntelligence

Audit log

This appendix details audit log entries in the audit.log file.

The following table shows the four components of entries in the audit log files.

Date Subject Action Resources

YYYY-MM-DD hh:mm:ss

Subject is the module through which actions are performed: command-line interface (CLI), REST application programming interface (API), or cluster

Actions are the ran commands.

Resources are the parameters associated with the actions.

The following table shows the subjects and their description.

Subject Description

cli

CLI commands ran

rest_api

REST API requests received by API Security Enforcer (ASE)

cluster

Changes requested by peer node in a cluster

Here is sample output of an audit log file:

2019-06-13 10:45:12 | cli | delete_api | username=admin, api_id=cart
2019-06-13 10:46:13 | rest_api | GET /v4/ase/cluster | x-ase-access-key=admin, x-ase-secret-key=
2019-06-13 10:46:25 | cluster | delete_api | peer_node=192.168.11.108:8020, api_id=shop

CLI

The following table lists the actions and resources for ASE CLI.

Action Resources

status

N/A

add_api

username=, config_file_path=

list_api

username=

api_info

username=, api_id=

api_count

username=

list_api_mappings

username=

delete_api

username=, api_id=

add_server

username=, api_id=, server=,

server_spike_threshold=, server_connection_quota=

list_server

username=, api_id=

server_count

username=, api_id=

delete_server

username=, api_id=, server=

create_key_pair

username=

create_csr

username=

create_self_sign_cert

username=

import_cert

username=, cert_path=

health_status

username=, api_id=

enable_health_check

username=, api_id=

disable_health_check

username=, api_id=

update_password

username=

cluster_info

username=

cookie_count

username=, api_id=

enable_firewall

username=

disable_firewall

username=

enable_abs

username=

disable_abs

username=

enable_abs_attack

username=

disable_abs_attack

username=

abs_info

username=

enable_xff

username=

disable_xff

username=

update_bytes_in_threshold

username=, api_id=, bytes_in_threshold=

update_bytes_out_threshold

username=, api_id=, bytes_out_threshold=

update_client_spike_threshold

username=, api_id=, client_spike_threshold=

update_server_spike_threshold

username=, api_id=, server=, server_spike_threshold=

update_server_connection_quota

username=, api_id=, server=, server_connection_quota

get_auth_method

N/A

update_auth_method

username=, auth_method=

enable_audit

username=

disable_audit

username=

stop

username=

REST API

Action Resource

POST /v4/ase/api

Content-Type=application/json, x-ase-access-key=,

x-ase-secret-key=

GET /v4/ase/api

Content-Type=application/json, x-ase-access-key=,

x-ase-secret-key=

DELETE /v4/ase/api

Content-Type=application/json, x-ase-access-key=,

x-ase-secret-key=

POST /v4/ase/server

Content-Type=application/json, x-ase-access-key=,

x-ase-secret-key=

GET /v4/ase/server

Content-Type=application/json, x-ase-access-key=,

x-ase-secret-key=

DELETE /v4/ase/server

Content-Type=application/json, x-ase-access-key=,

x-ase-secret-key=

GET /v4/ase/cluster

Content-Type=application/json, x-ase-access-key=,

x-ase-secret-key=

POST /v4/ase/firewall

Content-Type=application/json, x-ase-access-key=,

x-ase-secret-key=

GET /v4/ase/firewall

Content-Type=application/json, x-ase-access-key=,

x-ase-secret-key=

POST /v4/ase/firewall/flowcontrol

Content-Type=application/json, x-ase-access-key=,

x-ase-secret-key=

GET /v4/ase/firewall/flowcontrol

Content-Type=application/json, x-ase-access-key=,

x-ase-secret-key=

POST /v4/ase/firewall/flowcontrol/server

Content-Type=application/json, x-ase-access-key=,

x-ase-secret-key=

Cluster

Action Resource

add_api

peer_node=, api_id=

delete_api

peer_node=, api_id=

add_server

peer_node=, api_id=, server=,

server_spike_threshold=, server_connection_quota=

delete_server

peer_node=, api_id=, server

enable_health_check

peer_node=, api_id=

disable_health_check

peer_node=, api_id=

enable_firewall

peer_node=

disable_firewall

peer_node=

enable_abs

peer_node=

disable_abs

peer_node=

enable_abs_attack

peer_node=

disable_abs_attack

peer_node=

enable_xff

peer_node=

disable_xff

peer_node=

update_bytes_in_threshold

peer_node=, api_id=, bytes_in_threshold=

update_bytes_out_threshold

peer_node=, api_id=, bytes_out_threshold=

update_client_spike_threshold

peer_node=, api_id=, client_spike_threshold=

update_server_spike_threshold

peer_node=, api_id=, server=, server_spike_threshold=

update_server_connection_quota

peer_node=, api_id=, api_id=, server=,

server_connection_quota=

enable_audit

peer_node=

disable_audit

peer_node=

stop

peer_node=