WSO2 Micro-integrator is an integration product that is widely used in integrating services in microservices environments. Integration is an essential component of inter-service communication in microservices. WSO2 Micro-integrator provides thousands of features to solve integration requirements.
Micro-integrator is available as a Docker container where you can directly pull the Docker image to the target platform and start the Micro-integrator service. Micro-integrator provides observability to observe system status. It includes all three main pillars of observability which are logs, traces, and metrics. Engineers can get the health status of the Micro-integrator as well as the system status.
The audit log is a recent feature coming along with WSO2 Micro-integrator 4.1.0 to log the changes applied on the Micro-integrator via management API. management API lets you perform changes on the Micro-integrator such as changing log levels, getting artifacts status, etc.
Why are Audit logs important?
When you are running a micro-integrator on a microservices environment, administrators who have admin access to the micro-integrator are able to change its configurations via management API. When someone needs to debug the system and find out which person did what change, then the micro-integrator needs to keep a log of activities performed on the micro-integrator. Audit logs are simply a set of logs that let you find what are the changes performed on the micro-integrator instance.
Audit logs are enabled by default in Micro-integrator. However, you can configure logging configurations by editing log4j2.properties file which is located in the product home “conf” directory. By default, logs are appended to the audit.log file located on the product home “repository/logs/” directory. The default audit log configuration is as follows:
appender.AUDIT_LOGFILE.type = RollingFileappender.AUDIT_LOGFILE.name = AUDIT_LOGFILE
appender.AUDIT_LOGFILE.fileName = ${sys:carbon.home}/repository/logs/audit.log
appender.AUDIT_LOGFILE.filePattern = ${sys:carbon.home}/repository/logs/audit-%d{MM-dd-yyyy}.log
appender.AUDIT_LOGFILE.layout.type = PatternLayout
appender.AUDIT_LOGFILE.layout.pattern = [%d] %5p {%c} - %m%ex%n
appender.AUDIT_LOGFILE.policies.type = Policies
appender.AUDIT_LOGFILE.policies.time.type = TimeBasedTriggeringPolicy
appender.AUDIT_LOGFILE.policies.time.interval = 1
appender.AUDIT_LOGFILE.policies.time.modulate = true
appender.AUDIT_LOGFILE.policies.size.type = SizeBasedTriggeringPolicy
appender.AUDIT_LOGFILE.policies.size.size=10MB
appender.AUDIT_LOGFILE.strategy.type = DefaultRolloverStrategy
appender.AUDIT_LOGFILE.strategy.max = 20
appender.AUDIT_LOGFILE.filter.threshold.type = ThresholdFilterappender.AUDIT_LOGFILE.filter.threshold.level = INFOAs mentioned earlier, the audit log let you log administration operations. Following are the list of operation that track and details it prints:
logging in to the management services
You can execute the following command to login into the MI management API:
curl -X GET "https://localhost:9164/management/login" -H "accept: application/json" -H "Authorization: Basic YWRtaW46YWRtaW4=" -k -iMake sure you set the current Authorization credentials to log into the MI instance. Here we have given admin:admin default credentials. This will respond to you with a token that you can use to access MI management API. While it also prints the audit logs into the audit log you have specified. With the default log4j2.properties configuration files, you can find the following logline on the <MI_HOME>/repository/logs/audit.log file:
[2022-03-23 20:04:53,321] INFO {AUDIT_LOG} - admin logged in at [Wed Mar 23 20:04:53 IST 2022]Now you can perform different operations on the MI with the token you have. For example, if you need to deactivate a proxy service, you can use the following curl command with the token you have received in the previous step.
curl -X POST https://localhost:9164/management/proxy-services -H 'authorization: Bearer TOKEN -H 'content-type: application/json' -d '{"name": "backend","status": "inactive"}' -k -iThis will generate the following logline in the audit.log file:
[2022-03-23 20:06:04,938] INFO {AUDIT_LOG} - {"performedBy":"admin","action":"disabled","type":"proxy_service","info":"{\"proxyName\":\"backend\"}"}In the same way, you can perform operations on the MI instance and check what changes happened to the MI instance through the MI audit logs files. You can use separate log collection stacks, such as ELK to collect those logs and analyze them. The audit log simply, let you identify what changes happened to the MI instance, who changed, and when it changed.
For more information, check the following WSO2 document:
Comments
Post a Comment