Byung-Woo Jun | In ONAP, log generation and log collection/aggregation/storage/visualization should be separate ONAP applications should focus on log generation via STDOUT / STDERR, without concerning how the generated log data will be processed; refer to the ONAP Security & Logging Architecture, ONAP Next Generation Security & Logging Architecture#ONAPLogging Containers (xNF, Security Components) should follow the same architectural principal, saying they focus on the log generation, not consuming Infrastructure components (K8S, Docker) should generate their logs, without concerning how log data are consumed Row log data from Containers and Infrastructures do not need to return back to ONAP, only events that require subsequent actions (e.g., for close-loop) can be brought into ONAP thru VES Event / DCAE. Collation between application log data and containers/infrastructure data is out of scope for ONAP. Could we delegate the function to a SIEM? Currently, analytic log data handling is out of scope for ONAP. For its use cases, we need to discuss further
|