API Gateway 10.5 | Using API Gateway | API Gateway Administration | Audit Logging
 
Audit Logging
 
Configuring Audit Logs
Viewing Audit Logs
Downloading Audit Logs
The audit logging feature of API Gateway provides audit information for different categories of system transactions, events, and occurrences of specific events (for example, login attempts) over a period of time. You can use audit logs to view a detailed record of various auditable events that occurred on the API Gateway objects, user login and logout operations, and identify the users who are responsible for the changes. You can configure which audit events to log for a specific destination based on your auditing requirements.
You can configure API Gateway to log the auditable events for following destinations:
*API Gateway
*Database
*Digital Event Services (DES)
*Elasticsearch
The following auditable events can be configured to write to the API Gateway audit logs:
*API management events
API management consists of the following events:
*Creation, modification, and deletion of an API object.
*Activation and deactivation of an API.
*Approval management events
Approval management consists of the following events:
*Approval and rejection of a request to create, register, and modify an application.
*Approval and rejection of a request to subscribe a package in API Portal.
*Application management events
Application management consists of the following events:
*Creation, modification, and deletion of an Application object.
*Alias management events
Alias management consists of the following events:
*Creation, modification, and deletion of an Alias object.
*Team management events
Team management consists of the following events:
*Creation, modification, and deletion of teams.
*Analytics management events
Analytics management consists of the following events:
*Archiving, purging, and restoring of analytics data in the database.
*Group management events
Group management consists of the following events:
*Creation, modification, and deletion of a Group object.
*Policy management
Policy management consists of the following events:
*Creation, modification, and deletion of a global Policy object.
*Creation, modification, and deletion of an API level Policy object.
*Activation and deactivation of a global policy.
*Activation and deactivation of an API level policy.
*Package management events
Package management consists of the following events:
*Creation, modification, and deletion of a Package object.
*Plan management events
Plan management consists of the following events:
*Creation, modification, and deletion of a Plan object.
*Promotion management events
Promotion management consists of the following events:
*Creation, modification, and deletion of a Stage object.
*Promotion of an API stage.
*Rollback operation of an API stage.
*User management events
User management consists of the following events:
*A user logs in or fails to log in to API Gateway.
*A user logs out of API Gateway.
*Creation, modification, and deletion of a User object.
API Gateway writes the audit logging data to the Audit logs dashboard (in the API Gateway user interface, go to Analytics > Audit logs). You can view and download audit logs.
Best Practices for API Gateway Audit Logging
API Gateway's audit logging feature has been implemented on an event-driven approach. By default, the API Gateway destination is enabled to log the auditable events for all areas of management, such as APIs, policies, users, and so on. As a best practice, Software AG recommends that you enable audit logging for the required management areas in other supported destinations: Database, Digital Events, and Elasticsearch. This practice is especially important when you want to provide the audit log data to external sources for analytics and anomaly detections.