IBM Verify

IBM Verify

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only

Automating Log management in IBM Security Access Manager (ISAM)

By Virag Patel posted Fri October 25, 2019 01:01 PM

  

By Virag Patel and Sreeram Vasudevan.

One of the common panic attacks that an ISAM administrator in an enterprise goes through is running out of the diskspace. Sigh! 

This is a common-to-see scenario, often encountered in the Customer premises. It is due to dearth of proper log management, in order to hold enough disk space for the appliance. 

A recommended approach in the customer premises is to use remote syslog server to avoid running out of the diskspace. Opposed to this, the customers continue to use the local diskspace on the appliance for log management. If local disk of the appliance is used for disk management, it is vital to automate it, to export the existent logs periodically and purge them when done. 

 

Take it easy, ISAM offers “REST” APIs 

 

Three sets of REST APIs are provided by ISAM to facilitate log management. It is a part of three step process: 

  • Retrieving the existing list of log files 
  • Export the log files 
  • Clear the exported log files 

The illustration below is of reverse proxy instance test to manage log files, since most of the diskspace is consumed by request.log file, webseal message log file as each appliance hosts multiple reverse proxy instances in a single appliance. 

 

  1. Retrieving the List of Log Files 

 

A GET Request on  

https://{appliance_hostname}/wga/reverseproxy_logging/instance/{instance_id}  

retrieves all the instance_specific log files and file sizes. 

cURL 

 

curl -k -s -u admin:p@ssw0rd  

-X GET https://isam_appliance/wga/reverseproxy_logging/instance/test     

-H 'Accept: application/json'  

-H 'Content-Type: application/json' 

 

 

 

This produces a JSON output as shown with all the log file details 

 

 

 

[{ 

"id": "config_data__test-webseald-isam1.log", 

"version": 1568277937, 

"file_size": 600670 

}, { 

"id": "autocfg__authsvc.log", 

"version": 1567577203, 

"file_size": 15443 

}, { 

"id": "request.log", 

"version": 1568280080, 

"file_size": 53623 

}, { 

"id": "msg__webseald-test.log", 

"version": 1568279319, 

"file_size": 167435 

      }] 

 

  1. Exporting the instance specific log files 

 

A GET Request on  

https://{appliance_hostname}/wga/reverseproxy_logging/instance/{instance_id}/{file_id}?export  

exports the specified log file. 

cURL 

curl -k -s -u admin:p@ssw0rd  
-X GET https://isam_appliance/wga/reverseproxy_logging/instance/test/msg_webseald-test.log?export     
-H 'Accept: application/json'  
-H 'Content-Type: application/json' > msg_webseald-test.log 

 

 

Exports the webseal log to msg_webseald-test.log file 

 

Similarly,  

 

 

cURL 

curl -k -s -u admin:p@ssw0rd 
-X GET https://isam_appliance/wga/reverseproxy_logging/instance/test/request.log?export   
-H 'Accept: application/json'  
-H 'Content-Type: application/json' > request.log 

 

 

Exports the webseal log to request.log file 

 

  1. Clearing instance specific log files 

 

A DELETE Request on  

https://{appliance_hostname}/wga/reverseproxy_logging/instance/{instance_id}/{file_id} 

deletes the specified log file. 

cURL 

curl -k -s -u admin:p@ssw0rd  
-X DELETE https://isam_appliance/wga/reverseproxy_logging/instance/test/msg_webseald-test.log   
-H 'Accept: application/json'  
-H 'Content-Type: application/json'  

 

 

clears the webseal log. 

Alternatively, all the files for deletion could be deleted via a PUT REST API on the URL 

https://{appliance_hostname}/wga/reverseproxy_logging/?action=clear  

 

 

References 

[1] IBM Knowledge Centre ISAM v9.0.7  

0 comments
32 views

Permalink

https://community.ibm.com/community/user/blogs/viragkumar-shanabhai-motibhai-patel1/2019/10/25/automating-log-management-in-ibm-security-access-m