Axway API Gateway Add-0n

userit922 — Tue, 29 Oct 2019 18:53:59 GMT

Hello,

I would like to use the following Splunk addon for Axway API Gateway to facilitate the reading of API Gateway's logs on Splunk side:
https://splunkbase.splunk.com/app/4723/#/details

Did anyone use this addon so far? It's not clear to me what configuration should be done on Gateway's side. Does it need a token for authentication?

Re: Axway API Gateway Add-0n

D2SI — Wed, 30 Oct 2019 09:23:21 GMT

Hello Ana,

Open logging should be enabled on the gateway, with care (maybe not on prod right away, to evaluate the impact).

Then, when logging is enabled, logs are being written to local files as documented here: link text

Then you got to put this data into Splunk. And there are several ways to do so.

The simpler: You have a Splunk Universal Forwarder in the gateway, and it just monitor the file with a simple configuration like:

[monitor:///<INSTALL_DIR>/apigateway/logs/group-*_instance-*_traffic.log]
sourcetype = axway:apigateway:traffic:json
index = <index>

the configuration needed to route data to your Splunk (outputs.conf).

Our AWS scenario, not the simpler, but we had to do it that way: You have a CloudWatch agent on the Gateway that forwards the open logging data to a CloudWatch Log Group, which is pushed to Splunk HTTP Event Collector via Kinesis Firehose.

In that case, yes, you need to configure a token on the Splunk side with the HEC input:

[http://<input name>]
index = <index>
indexes = <index>
sourcetype = axway:apigateway:traffic:json
token = <token>
useACK = 1

And the token should also be configured on the Kinesis Firehose stream.

There is some documentation on how to create a Kinesis Forehose stream (i.e. link text), except you do not have to use a Lambda function.

I hope it will help!

topic Axway API Gateway Add-0n in All Apps and Add-ons

Axway API Gateway Add-0n

Re: Axway API Gateway Add-0n