This appendix details audit log entries in the audit.log file.
The following table shows the four components of entries in the audit log files.
Date | Subject | Action | Resources |
---|---|---|---|
|
Subject is the module through which actions are performed: command-line interface (CLI), REST API, or cluster |
Actions are the ran commands. |
Resources are the parameters associated with the actions. |
The following table shows the subjects and their description.
Subject | Description |
---|---|
|
CLI commands ran |
|
REST API requests received by API Security Enforcer (ASE) |
|
Changes requested by peer node in a cluster |
Here is sample output of an audit log file:
2019-06-13 10:45:12 | cli | delete_api | username=admin, api_id=cart
2019-06-13 10:46:13 | rest_api | GET /v4/ase/cluster | x-ase-access-key=admin, x-ase-secret-key=**********
2019-06-13 10:46:25 | cluster | delete_api | peer_node=192.168.11.108:8020, api_id=shop
CLI
The following table lists the actions and resources for ASE CLI.
Action | Resources |
---|---|
status |
N/A |
add_api |
|
list_api |
|
api_info |
|
api_count |
|
list_api_mappings |
|
delete_api |
|
add_server |
|
list_server |
|
server_count |
|
delete_server |
|
create_key_pair |
|
create_csr |
|
create_self_sign_cert |
|
import_cert |
|
health_status |
|
enable_health_check |
|
disable_health_check |
|
update_password |
|
cluster_info |
|
cookie_count |
|
enable_firewall |
|
disable_firewall |
|
enable_abs |
|
disable_abs |
|
enable_abs_attack |
|
disable_abs_attack |
|
abs_info |
|
enable_xff |
|
disable_xff |
|
update_bytes_in_threshold |
|
update_bytes_out_threshold |
|
update_client_spike_threshold |
|
update_server_spike_threshold |
|
update_server_connection_quota |
|
get_auth_method |
N/A |
update_auth_method |
|
enable_audit |
|
disable_audit |
|
stop |
|
REST API
Action | Resource |
---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Cluster
Action | Resource |
---|---|
add_api |
|
delete_api |
|
add_server |
|
delete_server |
|
enable_health_check |
|
disable_health_check |
|
enable_firewall |
|
disable_firewall |
|
enable_abs |
|
disable_abs |
|
enable_abs_attack |
|
disable_abs_attack |
|
enable_xff |
|
disable_xff |
|
update_bytes_in_threshold |
|
update_bytes_out_threshold |
|
update_client_spike_threshold |
|
update_server_spike_threshold |
|
update_server_connection_quota |
|
enable_audit |
|
disable_audit |
|
stop |
|