Skip to main content

Apinizer Syslog Integration

Frequently Asked Questions and Answers

Question 1: How many main categories is the logging mechanism divided into in Apinizer?

Logging in Apinizer is basically divided into two main categories:
  • Traffic Logs: Contains all API traffic information passing through Apinizer and is recorded to the Elasticsearch application by default.
  • System Logs (Audit & Application): Records operations and events related to the system. These are sent to the MongoDB database by default.

Question 2: What subcategories are System Logs divided into and which ones can be sent to external systems via Syslog?

System Logs are divided into five subcategories. Three of them can be sent to an external product via Syslog:
  • Audit Log (Operations on System): Logs related to changes and operations made in the Apinizer management application.
  • Token Log: Contains logs related to token acquisition when Apinizer is used as a token provider.
  • Application Log: Software logs of Apinizer applications/modules. It is kept at error (Error) level by default and users can change its level according to their needs.
  • Test Console Audit: Audit logs related to the use of the Test Console in the Apinizer management application interface. It is not sent to external syslog products.
  • Login Audit: Log records of successful and unsuccessful login operations made to the Apinizer management application interface. It is not sent to external applications.

Question 3: What are the difficulties encountered when sending logs to a SIEM product like QRadar?

In JSON format logs, the relevant parameters need to be parsed by writing a parser and stored in this way. Therefore, it is necessary to work together with people who manage/use the Apinizer product or are familiar with web services to determine the important fields for the organization together. In some uses, the length of the log record that can be received at once can also be a problem. In such cases, when opening syslog integration, it can also be set to send only a certain number of characters of the body field.

Question 4: Do System Audit logs coming via Syslog meet User Audit logs? What differences are there between them?

No, System Audit logs that can be sent via Syslog and the mentioned User Audit logs have different content:
  • System Audit Logs: “Who did what on which page” that is, general logs related to changes made on the system.
  • User Audit Logs: There is no separate “user audit” log in this definition externally. Generally, user-focused audits are handled under special category logs such as Login Audit and Test Console Usage Audits, and these are not currently sent to an external application.

Transfer of API Traffic and System Logs to Syslog and Log Templates

First, Syslog connection settings must be made, you can check the Syslog Connection Management page for these connection settings. You can visit the Transfer Traffic Logs to Syslog page for Apinizer traffic log transfer to syslog settings. You can visit the Transfer System Logs to Syslog page for Apinizer system log transfer to syslog settings.