This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

How can I stream the admin audit logs to Sumologic?

Posted on 05-29-2019 08:53 AM
alamm
New Member
Reply posted on --/--/---- --:-- AM

Hi,

I am looking to stream the admin audit logs (the ones that are shown in UI) to Sumologic. When I used curl to query the manage API for audit logs, I can blank responses. Even if I do specific products, its blank. I want to be able to just stream it for my org.

curl -X GET --header "Content-Type: application/octet-stream" --header "Authorization: Basic <some-key>" "https://api.enterprise.apigee.com/v1/audits/o/<my-org>/apiproducts?expand=true"

{

"auditRecord" : [ ]

}%

0 1 106
Topic Labels
0 Likes
1 REPLY 1

Posted on --/--/---- --:-- AM
dchiesa1
Staff
Reply posted on --/--/---- --:-- AM

There is no builtin mechanism within Apigee Edge to "stream" the audit logs to a different sink .

You could of course poll the audit logs and when you get updated records, post them to sumologic. That requires a cron job or something similar.

For example, every 10 minutes, query the audit log and query the records for the past hour. You'd need to track the most recently received Audit record by timestamp, and then filter out any audit records in the response that have already been seen. Then write the remaining records to sumo.

0 Likes