Apigee Edge Auditing

Sai Saran Vaidyanathan

created · Jun 28, 2016 at 07:15 AM · 3.8k Views · edited · Aug 09, 2016 at 07:20 PM

Auditing

Introduction:

This article discusses the auditing capabilities and APIs that are available out of the box in Apigee Edge. Auditing is extremely important like any other component for a software or a platform. As an admin, you would want to know what are the different actions and events performed on the platform. In case of any issues, it is this feature that comes to the rescue or at least helps you track and narrow down the potential cause.

Using auditing, you can check not only the calls made but also check the entitlements for each calling user. It is very important that the admins understand this and use it correctly.

Below are the different aspects of Apigee Edge's out-of-the-box auditing capabilities:

Logs a record for every call made to the management API and stores it in the Apigee Edge data store
These records can be viewed using:
- Management UI
- Management API
Audit logs are stored in Apigee Edge central data store and be viewed using:
- Apigee Management API
- Apigee Enterprise UI under Admin → Organization History
- Apigee Enterprise UI under API Proxy → Project → API Proxy History
These records can be useful for CI/CD pipeline to understand the different deployments across various teams happening in each environment.
Useful to audit RBAC entitlements for different users of Apigee Edge (API Developers, non-human users used for deployments and automation, etc.)

What is being logged as part of an audit?

The following information is logged as part of an audit:

Operation: create, update, delete
Request URI
Request
Response code
User
Timestamp

Can I get audit records just for a developer or any other entities?

Apigee Edge Auditing gives you different levels of auditing as well. Depending on the audit requirements, you can pull the audits appropriately. The different levels of auditing are:

Developers (all, single)
Apigee Edge Users
Organization
API Products
API Proxies
Apps
Trace sessions

Reference:

Management API: http://docs.apigee.com/api/audits-0

Apigee Audit Documentation: http://docs.apigee.com/api-services/content/view-api-history

Audit on the Edge UI looks like

Add comment Show 5

10 |5000 characters needed characters left characters exceeded

Kurt Googler Kanaskie ♦ · Mar 15, 2018 at 02:08 PM 0

Link

Great article, is there a retention period on audit logs?

GargiTalukdar

· Jun 18, 2018 at 06:01 PM 0

Link

@Sai Saran Vaidyanathan

Where this org history is stored ? Is it cassandra? and is there a retention period ?

Iuliana Cosmina · Jan 28, 2019 at 09:43 AM 0

Link

Was this written before the official documentation came out? Because to me it looks like everything in this article can be found in the official documentation.

I am interested in finding out the retention period for audit entries, if it can be configured and if what is audited can be configured too.

But this information is missing from the official documentation too.

Nicola ♦ · Oct 04, 2019 at 01:00 PM 1

Link

Audit logs are stored in a dedicated Cassandra DB keyspace "audit" and table called "audits". The audit entries are persisted forever and there is no job periodical activity to purge them by their age.

If needed for compliance, this can be added as a daily purge, using the timestamp field.

Audits schema is below:

audit.audits ( key text PRIMARY KEY, clientip text, id text, operation text, request text, requesturi text, response text, responsecode text, serverhostname text, serverip text, timestamp bigint, type text, user text, "x-forwarded-for" text )

Additionally, audits_ref reference table is below:

audit.audits_ref ( key text, column1 'org.apache.cassandra.db.marshal.DynamicCompositeType(org.apache.cassandra.db.marshal.UTF8Type, org.apache.cassandra.db.marshal.LongType)', value blob, PRIMARY KEY (key, column1) )