Audit Logging
The audit logging feature of API Gateway provides audit information for different categories of system transactions, events, and occurrences of specific events (for example, login attempts) over a period of time. You can use audit logs to view a detailed record of various auditable events that occurred on the API Gateway objects, user login and logout operations, and identify the users who are responsible for the changes. You can configure which audit events to log for a specific destination based on your auditing requirements.
You can configure API Gateway to log the auditable events for following destinations:
API GatewayDatabase
Digital Event Services (DES)
Elasticsearch
The following auditable events can be configured to write to the API Gateway audit logs:
API management events API management consists of the following events:
Creation, modification, and deletion of an API object.
Activation and deactivation of an API.
Approval management events Approval management consists of the following events:
Approval and rejection of a request to create, register, and modify an application.
Approval and rejection of a request to subscribe a package in
API Portal.
Application management events Application management consists of the following events:
Creation, modification, and deletion of an Application object.
Alias management events Alias management consists of the following events:
Creation, modification, and deletion of an Alias object.
Team management events Team management consists of the following events:
Creation, modification, and deletion of teams.
Analytics management events Analytics management consists of the following events:
Archiving, purging, and restoring of analytics data in the database.
Group management events Group management consists of the following events:
Creation, modification, and deletion of a Group object.
Policy management Policy management consists of the following events:
Creation, modification, and deletion of a global Policy object.
Creation, modification, and deletion of an API level Policy object.
Activation and deactivation of a global policy.
Activation and deactivation of an API level policy.
Package management events Package management consists of the following events:
Creation, modification, and deletion of a Package object.
Plan management events Plan management consists of the following events:
Creation, modification, and deletion of a Plan object.
Promotion management events Promotion management consists of the following events:
Creation, modification, and deletion of a Stage object.
Promotion of an API stage.
Rollback operation of an API stage.
User management events User management consists of the following events:
A user logs in or fails to log in to
API Gateway.
A user logs out of
API Gateway.
Creation, modification, and deletion of a User object.
API Gateway writes the audit logging data to the Audit logs dashboard (in the API Gateway user interface, go to Analytics > Audit logs). You can view and download audit logs.
Best Practices for API Gateway Audit Logging
API Gateway's audit logging feature has been implemented on an event-driven approach. By default, the API Gateway destination is enabled to log the auditable events for all areas of management, such as APIs, policies, users, and so on. As a best practice, Software AG recommends that you enable audit logging for the required management areas in other supported destinations: Database, Digital Events, and Elasticsearch. This practice is especially important when you want to provide the audit log data to external sources for analytics and anomaly detections.