APIs to capture the source IP address and update flag in audit log
APIs to capture the source IP address and update flag in audit log
Learn about the APIs needed to capture the source IP address.
To access the Developer Console, follow these steps:
- Click theuser profile iconin the upper-right side of the Kyndryl Modern Operations Applications portal.
- SelectDeveloper Console.
To capture the source IP address for a request in audit logs, add the
audit_logs_user_ip
flag with true/false
. Use the following API call to add flag:Method: POST url: /core/configuration/v1/configvalues Body:{ "configurationkey": "audit_logs_user_ip", "configurationvalue": true/false }
If the flag is already present, use the following API call to update the flag:
Method: PUT url: /core/configuration/v1/configvalues Body:{ "configurationkey": "audit_logs_user_ip", "configurationvalue": true/false }
To determine the current value of the flag, use the following API call:
Method: GET url: /core/configuration/v1/configvalues/audit_logs_user_ip
Sample audit message
{ "_id" : ObjectId("5e589ef723b5fc826e27e2b6"), "logDate" : NumberLong(1582866166731), "messageContent" : { "messageType" : "HTTP_REQUEST_GET", "message" : "c04f9095-ef05-4e6e-a4f6-f3eb3354609a:e2V4dH06-Qf89Rl5E0GiGOWrydSTsItQibonk1qxWdCjExPks8HbmlLner0uH5ep9qElOdfrLS1fSVZLLS0xyKA4CccGpJwpIiwE4YrF", "initiatedUTCDate" : "2020-02-28T05:02:46Z", "resourceId" : "default", "resourceName" : "NA", "component" : "API Gateway", "outcome" : "UNKNOWN", "sourceIpAddress" : [ "172.17.0.1" ], "actorUid" : "System", "actorTeam" : [ "N/A" ], "actorOrg" : [ "org_all" ], "ownedByOrg" : [ "NA" ], "ownedByTeam" : [ "NA" ], "data" : "HTTP Verb:GET, API: /login", "initiatedDate" : NumberLong(1582866166000), "teamId" : [ "N/A" ], "userId" : "System", "teamList" : [ "N/A" ], "initiatedDateUTC" : ISODate("2020-02-28T05:02:46.000Z"), "org_message" : "Intercept response to check source IP address", "messageIsEncrypted" : true, "version" : "v3" } }
Do you have two minutes for a quick survey?
Take Survey
