Working Meetings

24 SEP 2021

TOPIC ITEMS

• Go over reorg of wiki

• Show comparative analysis of Security Logging requirements against existing logging requirements

• Discussion about approach and philosophy putting forward secure logging requirements

• Discussion: @Byung-Woo Jun Is possible to combine a POC and Best Practice for a single release.  If so, is this something that is possible for Toine's and VJ's projects?

• Get on PTL meeting calendar to present security Logging Metadata

NOTES

Robust discussion today.  Here are some notes.  If you have answers to questions below please add.

Three items came out from today’s working session.

To position the security logging requirements for success in attempt to gain broad PTL support we need to have a plan on general usability and an implementation plan.  Essentially, this means we need to tackle not just the fields for security logging but the more generalized case of consistent logging across ONAP.  There were 3 broad activities outlined

1. We need to do a logging survey of ONAP Projects

2.  

   1. What fields are current projects logging?

   2. What logging libraries are they using?

   3. Other questions?

   4. How do we do survey’s?

3. Definition of a logging side car

4.  

   1. Who defines this?

5. Sidecar POC

6.  

   1. Who develops this?

   2. Who maintains it?

17 SEP 2021

TOPIC ITEMS

• Presentation to 2 PTL's to gather security logging feedback and to consider participating in a POC in the Jakarta release  Focus is on logging metadata.

  • @Toine Siebelink  Toine Siebelink, Configuration Persistence Service Project

  • @Vijay Kumar Vijay Venkatesh Kumar, Data Collection Analytics and Events Project 

NOTES

Comments form Toine and VJ:

• Toine

  • Will this work for non-transactional based logs?

  • Should this current framework cover more?

  • An extra field to identify that this is a security log.  Perhaps constrain with an ENUM.

  • Commented that he believes the container ID information is important to capture.

• VJ:

  • Since this scope is security he would like to see this as a generalized structure used across ONAP.  DCAE has 30 containers and would like format to be applicable to all logging.

• Both agreed that this is an important topic that should be brought forward to PTL meeting.

13 AUG 2021

• Review Requirements list Amy put together

• Muddasar to provide links to NIST security logging standards: 

  https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-92.pdf

• Fabian: Initial investigation of ONAP responding to security events.

• Bob to provide Orchestration logging events

• Log Template as suggested by Chakar on Tuesday call ( Apache 2 log template as an example.  Can we review work from Logging enhancement project?

30 JUL 2021

• Amy: List of proposed events that should be collected from ONAP and Metadata

• Muddasar: Determine if there is a standard terminology regarding logging architecture terms.  Eg., Are the categories in the above table industry accepted?

  • **There probably a body of work we can reference that spells this out.  ACTION: Literature review for that:  No standard terms, but some popular standard formats like BSD, Syslog (IETF), Common Event Format (CEF),  by Arcsight.  OWASP, NIST and Major Cloud Vendors have guidance in user docs or SDK regarding logs and formats.  NIST SP 800-92 can be found here https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-92.pdf
    
    Application logs some time are split into Application Access and Application Operations.  Other major Category in older literature is focusing on Operating System, in Containerized deployments this can be Docker and host OS, Node logs.  We should consider listing in best practice some of these categories that do not fall within Application Container.  
    
    Do we need to specify format type?  WebAPIs, Datanbases and applications way have slightly different format requirements.

• Fabian: Initial investigation of ONAP responding to security events.