This appendix details audit log entries in the audit.log file. The entries in the audit log files have four components as shown in the following table:

Date Subject Action Resources
YYYY-MM-DD hh:mm:ss Subject is the module through which actions are performed: CLI, REST API or cluster Actions are the executed commands. Resources are the parameters associated with the actions.

Following are the subjects and their description:

Subject Description
cli CLI commands executed
rest_api REST API requests received by ASE
cluster Changes requested by peer node in a cluster

Here is sample output of an audit log file:

2019-06-13 10:45:12 | cli | delete_api | username=admin, api_id=cart
2019-06-13 10:46:13 | rest_api | GET /v4/ase/cluster | x-ase-access-key=admin, x-ase-secret-key=**********
2019-06-13 10:46:25 | cluster | delete_api | peer_node=192.168.11.108:8020, api_id=shop

CLI

The following table lists the actions and resources for ASE CLI

Action Resources
status -NA-
add_api username=, config_file_path=
list_api username=
api_info username=, api_id=
api_count username=
list_api_mappings username=
delete_api username=, api_id=
add_server

username=, api_id=, server=,

server_spike_threshold=, server_connection_quota=

list_server username=, api_id=
server_count username=, api_id=
delete_server username=, api_id=, server=
create_key_pair username=
create_csr username=
create_self_sign_cert username=
import_cert username=, cert_path=
health_status username=, api_id=
enable_health_check username=, api_id=
disable_health_check username=, api_id=
update_password username=
cluster_info username=
cookie_count username=, api_id=
enable_firewall username=
disable_firewall username=
enable_abs username=
disable_abs username=
enable_abs_attack username=
disable_abs_attack username=
abs_info username=
enable_xff username=
disable_xff username=
update_bytes_in_threshold username=, api_id=, bytes_in_threshold=
update_bytes_out_threshold username=, api_id=, bytes_out_threshold=
update_client_spike_threshold username=, api_id=, client_spike_threshold=
update_server_spike_threshold username=, api_id=, server=, server_spike_threshold=
update_server_connection_quota username=, api_id=, server=, server_connection_quota
get_auth_method -NA-
update_auth_method username=, auth_method=
enable_audit username=
disable_audit username=
stop username=

REST API

Action Resource
POST /v4/ase/api

Content-Type=application/json, x-ase-access-key=,

x-ase-secret-key=**********
GET /v4/ase/api -SAME AS ABOVE-
DELETE /v4/ase/api -SAME AS ABOVE-
POST /v4/ase/server -SAME AS ABOVE-
GET /v4/ase/server -SAME AS ABOVE-
DELETE /v4/ase/server -SAME AS ABOVE-
GET /v4/ase/cluster -SAME AS ABOVE-
POST /v4/ase/firewall -SAME AS ABOVE-
GET /v4/ase/firewall -SAME AS ABOVE-
POST /v4/ase/firewall/flowcontrol -SAME AS ABOVE-
GET /v4/ase/firewall/flowcontrol -SAME AS ABOVE-
POST /v4/ase/firewall/flowcontrol/server -SAME AS ABOVE-

Cluster

Action Resource
add_api peer_node=, api_id=
delete_api peer_node=, api_id=
add_server

peer_node=, api_id=, server=,

server_spike_threshold=, server_connection_quota=
delete_server peer_node=, api_id=, server
enable_health_check peer_node=, api_id=
disable_health_check peer_node=, api_id=
enable_firewall peer_node=
disable_firewall peer_node=
enable_abs peer_node=
disable_abs peer_node=
enable_abs_attack peer_node=
disable_abs_attack peer_node=
enable_xff peer_node=
disable_xff peer_node=
update_bytes_in_threshold peer_node=, api_id=, bytes_in_threshold=
update_bytes_out_threshold peer_node=, api_id=, bytes_out_threshold=
update_client_spike_threshold peer_node=, api_id=, client_spike_threshold=
update_server_spike_threshold peer_node=, api_id=, server=, server_spike_threshold=
update_server_connection_quota

peer_node=, api_id=, api_id=, server=,

server_connection_quota=
enable_audit peer_node=
disable_audit peer_node=
stop peer_node=