Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

This is a working document.

The below matrix is a representation of the log management categories (lifecycle) in relation to the two categories of run-time logs (logs of ONAP events, logs of events from services orchestrated by ONAP).

Team Members

...

  • Review Requirements list Amy put together
  • Muddasar to provide links to NIST security logging standards: 

    https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-92.pdf

  • Fabian: Initial investigation of ONAP responding to security events.
  • Bob to provide Orchestration logging events
  • Log Template as suggested by Chakir on Tuesday call ( Apache 2 log template as an example.  Can we review work from Logging enhancement project?

...

MeetingWorking Items
9/17/2021

Comments form Toine and VJ:

  • Toine
    • Will this work for non-transactional based logs?
    • Should this current framework cover more?
    • An extra field to identify that this is a security log.  Perhaps constrain with an ENUM.
    • Commented that he believes the container ID information is important to capture.
  • VJ:
    • Since this scope is security he would like to see this as a generalized structure used across ONAP.  DCAE has 30 containers and would like format to be applicable to all logging.
  • Both agreed that this is an important topic that should be brought forward to PTL meeting.
9/24/2021
  • Discussion: Byung-Woo Jun Is possible to combine a POC and Best Practice for a single release.  If so, is this something that is possible for Toine's and VJ's projects?
  • Get on PTL meeting calendar to present security Logging Metadata


Security Log Structure

Date / TimeTimestamp

Log Type

Log Level

Transaction ID

Status Code

Severity

Container Data

Protocol

Service / Program Name

Log Message

Image Tag / Name

Image Digest

ID

Name

Principal ID

Role / Attribute ID

...


Docker PS
CONTAINER ID: 5c6768cf2c81 
IMAGE: onap/sdnc-image:latest 


Security Log Field Definitions

Type Synonyms:

REQUIRED: SHALL OR MUST
RECOMMENDED:  SHOULD
OPTIONAL: MAY

...