This appendix details audit log entries in the audit.log file. The entries in the audit log files have four components as shown in the following table:
Date | Subject | Action | Resources |
YYYY-MM-DD hh:mm:ss
|
Subject is the module through which actions are performed: CLI, REST API or cluster | Actions are the executed commands. | Resources are the parameters associated with the actions. |
Following are the subjects and their description:
Subject | Description |
cli
|
CLI commands executed |
rest_api
|
REST API requests received by ASE |
cluster
|
Changes requested by peer node in a cluster |
Here is sample output of an audit log file:
2019-06-13 10:45:12 | cli | delete_api | username=admin, api_id=cart
2019-06-13 10:46:13 | rest_api | GET /v4/ase/cluster | x-ase-access-key=admin, x-ase-secret-key=**********
2019-06-13 10:46:25 | cluster | delete_api | peer_node=192.168.11.108:8020, api_id=shop
CLI
The following table lists the actions and resources for ASE CLI
Action | Resources |
status
|
-NA- |
add_api
|
username=, config_file_path=
|
list_api
|
username=
|
api_info
|
username=, api_id=
|
api_count
|
username=
|
list_api_mappings
|
username=
|
delete_api
|
username=, api_id=
|
add_server
|
|
list_server
|
username=, api_id=
|
server_count
|
username=, api_id=
|
delete_server
|
username=, api_id=, server=
|
create_key_pair
|
username=
|
create_csr
|
username=
|
create_self_sign_cert
|
username=
|
import_cert
|
username=, cert_path=
|
health_status
|
username=, api_id=
|
enable_health_check
|
username=, api_id=
|
disable_health_check
|
username=, api_id=
|
update_password
|
username=
|
cluster_info
|
username=
|
cookie_count
|
username=, api_id=
|
enable_firewall
|
username=
|
disable_firewall
|
username=
|
enable_abs
|
username=
|
disable_abs
|
username=
|
enable_abs_attack
|
username=
|
disable_abs_attack
|
username=
|
abs_info
|
username=
|
enable_xff
|
username=
|
disable_xff
|
username=
|
update_bytes_in_threshold
|
username=, api_id=, bytes_in_threshold=
|
update_bytes_out_threshold
|
username=, api_id=, bytes_out_threshold=
|
update_client_spike_threshold
|
username=, api_id=, client_spike_threshold=
|
update_server_spike_threshold
|
username=, api_id=, server=, server_spike_threshold=
|
update_server_connection_quota
|
username=, api_id=, server=, server_connection_quota
|
get_auth_method
|
-NA - |
update_auth_method
|
username=, auth_method=
|
enable_audit
|
username=
|
disable_audit
|
username=
|
stop
|
username=
|
REST API
Action | Resource |
POST /v4/ase/api
|
Content-Type=application/json, x-ase-access-key=, x-ase-secret-key=********** |
GET /v4/ase/api
|
-SAME AS ABOVE- |
DELETE /v4/ase/api
|
-SAME AS ABOVE- |
POST /v4/ase/server
|
-SAME AS ABOVE- |
GET /v4/ase/server
|
-SAME AS ABOVE- |
DELETE /v4/ase/server
|
-SAME AS ABOVE- |
GET /v4/ase/cluster
|
-SAME AS ABOVE- |
POST /v4/ase/firewall
|
-SAME AS ABOVE- |
GET /v4/ase/firewall
|
-SAME AS ABOVE- |
POST /v4/ase/firewall/flowcontrol
|
-SAME AS ABOVE- |
GET /v4/ase/firewall/flowcontrol
|
-SAME AS ABOVE- |
POST /v4/ase/firewall/flowcontrol/server
|
-SAME AS ABOVE- |
Cluster
Action | Resource |
add_api
|
peer_node=, api_id= |
delete_api
|
peer_node=, api_id= |
add_server
|
peer_node=, api_id=, server=, server_spike_threshold=, server_connection_quota= |
delete_server
|
peer_node=, api_id=, server |
enable_health_check
|
peer_node=, api_id= |
disable_health_check
|
peer_node=, api_id= |
enable_firewall
|
peer_node= |
disable_firewall
|
peer_node= |
enable_abs
|
peer_node= |
disable_abs
|
peer_node= |
enable_abs_attack
|
peer_node= |
disable_abs_attack
|
peer_node= |
enable_xff
|
peer_node= |
disable_xff
|
peer_node= |
update_bytes_in_threshold
|
peer_node=, api_id=, bytes_in_threshold= |
update_bytes_out_threshold
|
peer_node=, api_id=, bytes_out_threshold= |
update_client_spike_threshold
|
peer_node=, api_id=, client_spike_threshold= |
update_server_spike_threshold
|
peer_node=, api_id=, server=, server_spike_threshold= |
update_server_connection_quota
|
peer_node=, api_id=, api_id=, server=, server_connection_quota= |
enable_audit
|
peer_node= |
disable_audit
|
peer_node= |
stop
|
peer_node= |