Versions Compared

Old Version 1

changes.mady.by.user Robert Heinemann

Saved on

compared with

New Version Current

changes.mady.by.user Robert Heinemann

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

ONAP Security Logging
Goal: ONAP containers built from Java based docker images contain certain security related logging fields which are not present in non-Java (python) based images. Task is to Implement security logging fields into ONAP containers for the python based images to match the Java counterpart.
 
Steps Taken:

  1. First tried building and running one of the python based containers: onap_dcaegen2-collectors-snmptrap to see what the logs looked like
    1. Contained the following logs which had data:
      1. debug.log
      2. metrics.log
      3. error.log
      4. snmptrapd_arriving_traps.log
    2. Debug and error log contained following security log fields: timestamp, logLevel, message; were MISSING: logTypeName (optional), traceId, statusCode, principalID, serviceName
  2. Investigate how security logging is being implemented in the Java based docker images
    1. Seems like it may be using some logstash plugin (which is from the company elastic) - the encoder in one of the xml's for cps-service referenced this: '<encoder class="net.logstash.logback.encoder.LoggingEventCompositeJsonEncoder">' (https://gerrit.onap.org/r/c/cps/+/128801/13/cps-service/src/main/resources/logback-spring.xml)
  3. There is a python package called ecs-logging (https://www.elastic.co/guide/en/apm/agent/python/current/log-correlation.html#logging-integrations) which may be relevant
    1. ecs-logging-python supports automatically collecting ECS tracing fields from the Elastic APM Python agent in order to correlate logs to spans, transactions and traces in Elastic APM
    2. could return a trace id and transaction id (not fully certain which one might be mapped to the traceId specified in the wiki (https://wikilf-onap.onapatlassian.orgnet/wiki/display/DW/Jakarta+Best+Practice+Proposal+for+Standardized+Logging+Fields+-+v2)
    3. The Elastic APM agent has built in support for certain web frameworks (Flask being one of them)
  4. Looked for a python based ONAP container that was running Flask (pm subscription handler container)
    1. Since pmsh had some other ONAP dependencies, tried using the docker-compose.yml found here (https://github.com/onap/integration-csit/tree/master/plans/dcaegen2-services-pmsh/testsuite) but encountered many problems (see problem section below)
    2. PMSH code also had some reference to the fields we were interested in: ServiceName, RequestID (https://github.com/onap/dcaegen2-services/blob/master/components/pm-subscription-handler/pmsh_service/mod/__init__.py). Goal was to also see what data populated here, but the container never successfully built

...