Key Points for Security Recommendations for Log Generation

• There are many different types of logging formats that have been proposed and informally adopted across ONAP
  • 2017 OpenECOMP Logging Specifications; ONAP Logging Specifications v1,1, v1,2 and v1.3. These are the ones that we know about.  There may be others.
  • Many different types of logging libraries EELF, PyLog, Log4J, logback, FLog, dropwizard-logging, log4js, logkit, clojure logging, jboss-logging, UnderscoreLog.  Probably others. (See Nexus Report Here).
• It is not the place of SECCOM to define a logging format for ONAP Projects to follow.
• We should stay focused on proposing Security focused logging requirements and recommend to TSC to adopt as a Best Practice and subsequently adopting as a Global Requirement.
• When proposing requirements we should not be dictating implementation details BUT we should be cognizant of existing implementations and how our proposed requirements will impact those existing implementations. 
• We should strive to reduce impact on existing implementations as much as possible
  • .
• 10 of 16 proposed security requirements for log fields exist with existing logging specifications.  This means that projects that are logging and following one of these then these requirements should not be a heavy lift.  So my recommendation is that we just define the the requirement and refer back to the existing specifications for field definitions.
• The remaining proposed security requirements mostly deal with container identification.  Project most likely are not logging this info.  These we need to specify a format and a field description as well as the requirement.  In addition, we may need to prototype something by adding something to an MDC that most loggers use. 

...

Docker PS
CONTAINER ID: 5c6768cf2c81 
IMAGE: onap/sdnc-image:latest 

Security Log Field Definitions

Type Synonyms:

REQUIRED: SHALL OR MUST
RECOMMENDED:  SHOULD
OPTIONAL: MAY

...