A small working group meets every Friday from 10 - 11 Eastern Standard Time. If you would like to Join please contact Amy Zwarico and she can add you to the meeting.
Team Members
Date | Agenda / Notes |
---|
24 SEP 2021 | TOPIC ITEMS - Go over reorg of wiki
- Show comparative analysis of Security Logging requirements against existing logging requirements
- Discussion about approach and philosophy putting forward secure logging requirements
- Discussion: Byung-Woo Jun Is possible to combine a POC and Best Practice for a single release. If so, is this something that is possible for Toine's and VJ's projects?
- Get on PTL meeting calendar to present security Logging Metadata
NOTES Robust discussion today. Here are some notes. If you have answers to questions below please add. Three items came out from today’s working session. To position the security logging requirements for success in attempt to gain broad PTL support we need to have a plan on general usability and an implementation plan. Essentially, this means we need to tackle not just the fields for security logging but the more generalized case of consistent logging across ONAP. There were 3 broad activities outlined - We need to do a logging survey of ONAP Projects
- What fields are current projects logging?
- What logging libraries are they using?
- Other questions?
- How do we do survey’s?
- Definition of a logging side car
- Who defines this?
- Sidecar POC
- Who develops this?
- Who maintains it?
|
17 SEP 2021 | TOPIC ITEMS - Presentation to 2 PTL's to gather security logging feedback and to consider participating in a POC in the Jakarta release Focus is on logging metadata.
NOTES Comments form Toine and VJ: - Toine
- Will this work for non-transactional based logs?
- Should this current framework cover more?
- An extra field to identify that this is a security log. Perhaps constrain with an ENUM.
- Commented that he believes the container ID information is important to capture.
- VJ:
- Since this scope is security he would like to see this as a generalized structure used across ONAP. DCAE has 30 containers and would like format to be applicable to all logging.
- Both agreed that this is an important topic that should be brought forward to PTL meeting.
|
13 AUG 2021 | |
30 JUL 2021
| - Amy: List of proposed events that should be collected from ONAP and Metadata
- Muddasar: Determine if there is a standard terminology regarding logging architecture terms. Eg., Are the categories in the above table industry accepted?
**There probably a body of work we can reference that spells this out. ACTION: Literature review for that: No standard terms, but some popular standard formats like BSD, Syslog (IETF), Common Event Format (CEF), by Arcsight. OWASP, NIST and Major Cloud Vendors have guidance in user docs or SDK regarding logs and formats. NIST SP 800-92 can be found here https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-92.pdf
Application logs some time are split into Application Access and Application Operations. Other major Category in older literature is focusing on Operating System, in Containerized deployments this can be Docker and host OS, Node logs. We should consider listing in best practice some of these categories that do not fall within Application Container.
Do we need to specify format type? WebAPIs, Datanbases and applications way have slightly different format requirements.
- Fabian: Initial investigation of ONAP responding to security events.
|