Xray's request log (in Xray 3.x: xray-request.log) can be used to audit changes made to policies and watches. Following are some examples of log entries that recorded these events in the Xray request log. Notice the request methods (PUT, POST, DELETE) associated with each request type:
-
Created a new policy, called testpolicy:
2020-06-04T00:57:25.310Z|63d1754e1d15d4b8|<ip>|admin|POST|/ui/policies|201|351|2875.023372
-
Modified the testpolicy to add a new rule:
2020-06-04T00:58:46.090Z|3e1fbde1c896d43c|<ip>|admin|PUT|/ui/policies/testpolicy?jfLoader=true|200|628|3850.759918
-
Deleted the testpolicy:
2020-06-04T01:00:31.283Z|37ccb47371af471e|<ip>|admin|DELETE|/ui/policies/testpolicy?jfLoader=true|200|0|2324.942044
-
Created a new watch, called watch1:
2020-06-04T00:51:27.502Z|7c0081ca38d7fc9c|<ip>|admin|POST|/ui/unified/watches|201|320|964.244899
-
Modified watch1:
2020-06-04T00:53:03.814Z|7d2b0c4a4865c6c6|<ip>|admin|PUT|/ui/unified/watches/watch1|409|420|6.996008
-
Deleted watch1:
2020-06-04T00:50:23.243Z|5184f5cfc2303de7|<ip>|admin|DELETE|/ui/unified/watches/watch1|200|0|1940.393212