Versions Compared

Old Version 111

changes.mady.by.user Robert Heinemann

Saved on

compared with

New Version 112

changes.mady.by.user Robert Heinemann

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

This is a working document.

The below matrix is a representation of the log management categories (lifecycle) in relation to the two categories of run-time logs (logs of ONAP events, logs of events from services orchestrated by ONAP).

Team Members

...

  • Review Requirements list Amy put together
  • Muddasar to provide links to NIST security logging standards: 

    https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-92.pdf

  • Fabian: Initial investigation of ONAP responding to security events.
  • Bob to provide Orchestration logging events
  • Log Template as suggested by Chakir on Tuesday call ( Apache 2 log template as an example.  Can we review work from Logging enhancement project?

...

Security Logging Best Practice

...

CON-LOG-REQ-19

...

The container MUST be capable of automatically synchronizing the system clock daily with the Operator’s trusted time source, to assure accurate time reporting in log files. It is recommended that Coordinated Universal Time (UTC) be used where possible to eliminate ambiguity owing to daylight savings time.

Sync time source The container MUST be capable of automatically synchronizing the system clock daily with the Operator’s trusted time source, to assure accurate time reporting in log files. It is recommended that Coordinated Universal Time (UTC) be used where possible to eliminate ambiguity owing to daylight savings time. 

...

CON-LOG-REQ-F4

CON-LOG-REQ-F10

...

 The container SHOULD provide the capability of maintaining the integrity of its static files using a cryptographic method. 

(Fabian) Propose to remove because this is a hardening requirement, not a logging requirement

(Bob) Instead of removing this is now in the Best Practices category and we can make it a recommendation.

...

CON-LOG-REQ-12

CON-LOG-REQ-XX

...

The container and container application MUST NOT include an authentication credential, e.g., password, in the security audit logs, even if encrypted. 

The container and container application MUST NOT include a sensitive information in the log

...

Security Event Generation Requirements (Proposed)

...


Docker PS
CONTAINER ID: 5c6768cf2c81 
IMAGE: onap/sdnc-image:latest 


Security Log Field Definitions

Type Synonyms:

REQUIRED: SHALL OR MUST
RECOMMENDED:  SHOULD
OPTIONAL: MAY

...