GCP Apigee¶
About¶
Apigee is Google Cloud's native API management platform that can be used to build, manage, and secure APIs — for any use case, environment, or scale. Apigee offers high performance API proxies to create a consistent, reliable interface for backend services. The proxy layer gives granular control over security, rate limiting, quotas, analytics, and more.
Product Details¶
Vendor URL: GCP Apigee
Product Type: API Management
Product Tier: Tier II
Integration Method: Syslog
Integration URL: N/A
Log Guide: N/A
Log Format: JSON
Expected Normalization Rate: Near 100%
Data Label: GCP_APIGEE
UDM Fields (list of all UDM fields leveraged in the Parser):
| Log File Field | UDM Field |
|---|---|
| apigee.messageId | metadata.product_log_id |
| messageId | metadata.product_log_id |
| message | metadata.description |
| requests.requestVerb | network.http.method |
| requestVerb | network.http.method |
| statusCode | network.http.response_code |
| userAgent | network.http.user_agent |
| duration | network.session_duration.seconds |
| target_metadata.targetUrl | target.url |
| target_metadata.targetVerb | target.network.http.method |
| targetVerb | target.network.http.method |
| target_metadata.targetHost | target.host |
| targetName | target.resource.name |
| targetHost | target.hostname |
| targetUrl | target.url |
| requestHost | principal.hostname |
| requestIp | principal.ip |
| environment | principal.administrative_domain |
| environmentName | principal.administrative_domain |
| appName | principal.application |
| app | principal.application |
| developerApp | principal.application |
| organizationName | principal.network.organization_name |
| src_ip | principal.ip |
| user | principal.user.userid |
| region | principal.cloud.availability_zone |
| developerMail | principal.email |
| vhost | intermediary.hostname |
| xff | intermediary.ip |
| apiProxyName | observer.hostname |
| action | security_result.action |
| action | security_result.action_details |
| authStatus | additional.fields |
| applog | additional.fields |
| envStatus | additional.fields |
| failover-enabled | additional.fields |
| activity | additional.fields |
| parameters | additional.fields |
| traceId | additional.fields |
| apiTraceId | additional.fields |
| requestUri | additional.fields |
| requests.requestUri | additional.fields |
| latencyHeader | additional.fields |
| statusReason | additional.fields |
| flowName | additional.fields |
| reference_id | additional.fields |
| hmacApikey | additional.fields |
| apikey | additional.fields |
| signature | additional.fields |
| Auth | additional.fields |
| hmac.computed | additional.fields |
| request.header.Message-Signature | additional.fields |
| gatewayAuthId | additional.fields |
| gatewayAuthLevel | additional.fields |
| clientId | additional.fields |
Product Event Types¶
| Event | UDM Event Classification |
|---|---|
| all | GENERIC_EVENT |
Log Sample¶
{"region":"us-east-1","UAID":"uaid”,”applog":"true","src_ip”:”10.0.1.11”,”activity":"request","user”:”user_name”,”app”:"app_name",”action":"success","parameters":"parameter_value,”message":"prepaid-POST-200","messageId":"message_id_value”,”traceId”:”trace_id_value”,”organizationName":"org_name",”environmentName":"prod","developerApp”:”dev_app”,”requestVerb":"POST","requestScheme":"https","requestHost”:”10.0.1.11”,”requestIp”:”10.0.1.11”,”requestUri”:”uri_value”,”requestReceivedStartTimestamp":"1749488476027","requestReceivedEndTimestamp":"1749488476028","targetUri”:”uri_value","targetSentStartTimestamp":"1749488476038","targetSentEndTimestamp":"1749488476038","targetReceivedStartTimestamp":"1749488476110","targetReceivedEndTimestamp":"1749488476110","requestSentStartTimestamp":"1749488476111","requestSentEndTimestamp":"1749488476111","latencyTotal":"","latencyTarget":"","latencyProxy":"","latencyHeader":"72","statusCode":"200","statusReason":"OK","targetName”:”targetName_value”,”targetVerb":"POST","targetHost”:”target_host_value”,”targetUrl”:”target_url”,”authStatus":"true","envStatus":"true","failover-enabled":"false","active-active-enabled":"","platform":"","honeyPot":"","honeyPotMerchant":"","flowName":"ReadGiftBalance","failOverDeveloperApp":"","alertInstanceId":"","alertInstanceTime":"","xff”:”10.0.1.11”,”userAgent":"Apache-HttpClient/4.1.1 (Java/21.0.6)","signature": "authentication","reference_id": "d93e8bd379a54724819e4e78d4df9a5d","duration": "84","vhost": "api-xxxxxxx”,”validResponse":"","hmacRawdata":"","hmacComputed":"","hmacTimestamp":"1749488476004","hmacApikey”:”10.0.1.11”,”hmacValidation":"","hmacPayload":"","hmacError":"","hmacStacktrace":"","dbReplicationStatus":""}
Sample Parsing¶
additional.fields["activity"] = "request"
additional.fields["applog"] = "true"
additional.fields["authStatus"] = "true"
additional.fields["envStatus"] = "true"
additional.fields["failover-enabled"] = "true"
additional.fields["flowName"] = "VerifyAccount"
additional.fields["hmacApikey"] = "hmac_key_value"
additional.fields["latencyHeader"] = "1306"
additional.fields["parameters"] = "parameter_value”
additional.fields["requestUri"] = “req_uri”
additional.fields["signature"] = "authentication"
additional.fields["statusReason"] = "OK"
additional.fields["traceId"] = “trace_id_value”
intermediary.hostname = “hostname”
intermediary.ip = “10.0.1.11”
metadata.description = “desc-POST-200"
metadata.product_log_id = "log_id”
network.http.method = "POST"
network.http.response_code = 200
network.http.user_agent = "ReactorNetty/10.1”
network.session_duration = "1318s"
principal.administrative_domain = "prod"
principal.application = “app_name”
principal.asset.hostname = “10.0.1.11”
principal.asset.ip = "10.0.1.11"
principal.cloud.availability_zone = "us-1"
principal.hostname = "10.0.1.11"
principal.network.organization_name = “org_name”
principal.user.userid = “user_id”
security_result.action_details = "success"
security_result.action = "ALLOW"
target.asset.hostname = "domain.com”
target.hostname = “domain.com”
target.network.http.method = "POST"
target.resource.name = “resource_name"
target.url = "https://abc/domain.com”