See: ONAP Security Event Management
Notes from 16 July meeting
| Contributor | Notes |
|---|
| Bob | ONAP Security Event Management - DRAFT - Developer Wiki - Confluence |
| Byung-Woo Jun | - In ONAP, log generation and log collection/aggregation/storage/visualization should be separate
- ONAP applications should focus on log generation via STDOUT / STDERR, without concerning how the generated log data will be processed; refer to the ONAP Security & Logging Architecture, ONAP Next Generation Security & Logging Architecture#ONAPLogging
- Containers (xNF, Security Components) should follow the same architectural principal, saying they focus on the log generation, not consuming
- Infrastructure components (K8S, Docker) should generate their logs, without concerning how log data are consumed
- Row log data from Containers and Infrastructures do not need to return back to ONAP, only events that require subsequent actions (e.g., for close-loop) can be brought into ONAP thru VES Event / DCAE.
- Collation between application log data and containers/infrastructure data is out of scope for ONAP. Could we delegate the function to a SIEM?
- Currently, analytic log data handling is out of scope for ONAP. For its use cases, we need to discuss further
|
|
|