Frequently Asked Questions and Answers

Question 1: How many main categories does the logging mechanism in Apinizer fall into?

Logging in Apinizer is basically divided into two main categories:

  • Traffic Logs: Contains all API traffic information passing through Apinizer and is recorded in the Elasticsearch application by default.
  • System Logs (Audit & Application): Records system-related operations and events. These are stored in the MongoDB database by default.

Question 2: What subcategories are system logs divided into, and which ones can be sent to external systems via Syslog?

System Logs are divided into five subcategories. Three of these can be sent to an external product via Syslog:

  • Audit Log (System Operations): Logs related to changes and operations performed in the Apinizer management application.
  • Token Log: Contains logs related to token acquisition when Apinizer is used as a token provider.
  • Application Log: These are the software logs of Apinizer applications/modules. They are kept at the error level by default, and users can change the level as needed.
  • Test Console Audit: These are audit logs related to the use of the Test Console in the Apinizer management application interface. They are not sent externally to syslog products.
  • Login Audit: These are log records of successful and unsuccessful login attempts to the Apinizer management application interface. They are not sent externally to syslog products.

Question 3: What are the challenges of sending logs to an SIEM product such as QRadar?

The relevant parameters in JSON format logs must be parsed and stored in this way. Therefore, it is necessary to work with people who manage/use the Apinizer product or are familiar with web services to determine the areas that are important for the organization.

In some cases, the length of the log record that can be retrieved in a single request may also pose an issue. In such cases, when enabling syslog integration, it is possible to configure the system to send only a certain number of characters from the body field.

Question 4: Do System Audit logs received via Syslog correspond to User Audit logs? What are the differences between them?

No, the System Audit logs that can be sent via Syslog and the User Audit logs mentioned above have different contents:

  • System Audit Logs: These are general logs related to changes made on the system, i.e., “who did what on which page.”
  • User Audit Logs: There is no separate “user audit” log in this definition. User-focused audits are generally handled under specific category logs such as Login Audit and Test Console Usage Audit, and these are not currently sent to an external application.

Transferring API Traffic and System Logs to Syslog and Log Templates

First, you need to configure the Syslog connection settings. For these connection settings, please refer to the  Syslog Connector

You can visit this page for settings for sending Apinizer traffic logs to syslog.

You can visit this page for settings for sending Apinizer system logs to syslog.