Google Cloud Pub/Sub is an enterprise event-driven message system. API Security Enforcer (ASE) integrates with Google Pub/Sub in ASE sideband mode. When you enable Google Pub/Sub in the ase.conf file, ASE sends the event message in a JSON file to Google Cloud.
You can verify that Google Pub/Sub is enabled by running the status command:
/opt/pingidentity/ase/bin/cli.sh status -u admin -p admin
API Security Enforcer
status : started
mode : sideband
http/ws : port 80
https/wss : port 443
firewall : enabled
abs : disabled, ssl: enabled
abs attack : disabled
audit : enabled
sideband authentication : disabled
ase detected attack : disabled
attack list memory : configured 128.00 MB, used 25.60 MB, free 102.40 MB
google pubsub : enabled
Configure Google Pub/Sub in ASE:
ASE sends the event information to Google Pub/Sub in a JSON message. The message captures the following information:
- Method
- URL
- Host
- Request time-stamp
- Request length
- Source IP
- X-forwarded-for IPs
- Response code
- Response length, and
- Latency in milliseconds
ASE makes three attempts to publish the message to Google Pub/Sub, after which the entire message is logged in failed log file. The message that is logged in the failed log file is not in plain text. If the message is not published to Google Pub/Sub, you can check the reason for failure in balancer.log file. For more information on balancer.log file, see ASE access, management, and audit logs.
When messages are successfully published to Google Pub/Sub, the message ID is logged in the success log file. The following is a snippet of an event message JSON file logged in balancer.log file when ASE is running in debug mode:
{
"method": "PUT",
"url": "/shopapi-books/order",
"host": "shop-electronics.cloudhub.io",
"request_timestamp": "1573767522429",
"request_length": "464",
"source_ip": "1.2.3.4",
"x_forwarded_for": "1.1.1.1, 1.1.1.2",
"response_code": "200",
"response_length": "26",
"latency_ms": "208"
}