Versions Compared

Old Version 102

changes.mady.by.user Robert Heinemann

Saved on

compared with

New Version 103

changes.mady.by.user Robert Heinemann

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

This is a working document.

The below matrix is a representation of the log management categories (lifecycle) in relation to the two categories of run-time logs (logs of ONAP events, logs of events from services orchestrated by ONAP).

Team Members

...

  • Review Requirements list Amy put together
  • Muddasar to provide links to NIST security logging standards: 

    https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-92.pdf

  • Fabian: Initial investigation of ONAP responding to security events.
  • Bob to provide Orchestration logging events
  • Log Template as suggested by Chakir on Tuesday call ( Apache 2 log template as an example.  Can we review work from Logging enhancement project?

...

Metadata for Security Events (Proposed)

Working Session Agenda

MeetingWorking Items
9/17/2021

Comments form Toine and VJ:

  • Toine
    • Will this work for non-transactional based logs?
    • Should this current framework cover more?
    • An extra field to identify that this is a security log.  Perhaps constrain with an ENUM.
  • VJ:
    • Since this scope is security he would like to see this as a generalized structure used across ONAP.  DCAE has 30 containers and would like format to be applicable to all logging.
  • Both agreed that this is an important topic that should be brought forward to PTL meeting.
9/24/2021
  • Discussion: Byung-Woo Jun Is possible to combine a POC and Best Practice for a single release.  If so, is this something that is possible for Toine's and VJ's projects?
  • Get on PTL meeting calendar to present security Logging Metadata


Security Log Structure

Date / Time

Log Level

Transaction ID

Status Code

Severity

Container Data

Protocol

Service / Program Name

Log Message

Image Tag / Name

Image Digest

ID

Name

Principal ID

Role / Attribute ID

NOTE:
Grey Box indicate that a (yet to be determined) container logger function / service will provide security log metadata. 
White Box indicate the developer of a container or container application will provide security log metadata/


Example:

From Fabian: 

2021-09-10T14:50:37.929Z|d855a2c6-c58f-4d8d-b199-3382d11504d2|http-nio-8083-exec-5|/manage/health|kube-probe/1.19|||DEBUG|500||Headers : X-Content-Type-Options:nos

...


Docker PS
CONTAINER ID: 5c6768cf2c81 
IMAGE: onap/sdnc-image:latest 


Security Log Field Definitions

Type Synonyms:

REQUIRED: SHALL OR MUST
RECOMMENDED:  SHOULD
OPTIONAL: MAY

...