Using the Auditing Service Policy

Learn how to create and configure an Auditing Service policy.

About Policies Managing Policies About Operational Policies

For information about using policies in the context of the developer portal, see Business Policies.

Table of Contents

  1. Introduction
  2. Creating an Auditing Service Policy
  3. Configuring an Auditing Service Policy
  4. Auditing Service Policy Options
  5. Auditing Service policy use cases


The Auditing Service policy allows you to specify conditions under which messages will be audited.

Note: Only attach one auditing policy to a service or API; for example, Basic Auditing policy or Detailed Auditing policy. Do not attach multiple auditing policies to a single API.

back to top

Creating an Auditing Service Policy

The first step in creating a policy is to define the basic policy information. Then, you can configure the policy details.

To add an operational policy
  1. Go to Workbench > Browse > Organization, and select Policies > Operational Policies. The Policies Summary is displayed.
  2. Click Add Policy.
  3. Choose the policy type and click Next.
  4. Specify a name (required) and description (optional) and click Finish. At the Completion Summary, Click Close. The Add Policy Wizard creates a draft policy instance that you can then configure on the Policy Details page.

For more information, see Add Policy.

At this point, you've created the policy, but it doesn't do anything. The next step is to configure the policy details. See Configuring an Auditing Service Policy below.

back to top

Configuring an Auditing Service Policy

Once you've created the policy, you can configure the policy details that determine how the policy works. Then you can activate the policy so that it can be used.

To configure an Auditing Service policy in Policy Manager
  1. In the Organization Tree, find the level where the policy was defined. Click to select.
  2. In the center pane, in the Auditing Service Policy section, click Modify. The Modify Auditing Service Policy overlay is displayed, as shown below.

    Modify Auditing Service Policy

  3. Specify values for the messages you want to apply the policy to, the audit identities, and the reporting options. For details on field values, see Auditing Service Policy Options below.
  4. Click Apply.

Now that the policy is defined, you can activate it and start using it. On the right, under Actions, choose Activate Policy.

Back to top

Auditing Service Policy Options

The Auditing Service policy includes the options listed below.

Audit Messages
There are two options: Audit All Messages or Filter Messages.
Filter Settings
If you choose to filter messages, choose from the following options:
  • Exchanges resulting in an error: Audits only messages with errors.
  • Percentage of exchanges: Audits a random sample of messages based on a specified percentage. If you choose this option, specify an integer percentage from 1 to 99.
  • Filter by message content: Allows you to filter the messages to be audited by providing one or more regular expressions, JSONPath expressions, or XPath expressions. An example is shown below.

    Auditing Service policy: Filter settings

    The XPath option includes a table where you can define Prefix and Namespace for each XPath expression. Click Add or Delete to modify the list. You can also sort the list by clicking the table header.

    For more information about using regular expressions, see Using Regular Expressions in Policies.

Audit Messages options
You can also tailor your message choices by using any combination of the following checkboxes:
  • Audit Input Message: Audits input message content.
  • Audit Output Message: Audits output message content.
  • Audit Fault Message: Audits fault message content.
  • Audit Contract: Audits the contract governing a message.
  • Audit Message Size: Audits the size of messages in the exchange.
  • Audit Binding: Audits binding information.
  • Audit Transport: Only available if Audit Binding is checked. Audits transport information.
Audit Identities
Enables the auditing of specified identities included in a request message. You can choose:
  • Consumer (the default): Audits the consumer identity sent with a request message.
  • End-User: Audits the end-user identity sent with a request message.
  • Additional Subject Categories: Audits the identity associated with one or more specified Subject Categories sent with a request message. If you choose this option, you can create one or more user-defined subject categories that you want to use. You can also add or delete from the table.
Reporting Options
Choose from the following reporting options:
  • Log: Indicates that audit information should be logged.
  • Alert: Indicates that audit information should be delivered in an alert event.

back to top

Auditing Service policy use cases

Use cases are available for the following policies, which are implementations of the Auditing Service policy:

back to top