Feature 10958 Audit Logs for OSM

9a882840 · elumalai · garciadeblas · b542bdf5 · 9a882840
Commit 9a882840 authored Jul 21, 2023 by elumalai Committed by garciadeblas Jul 21, 2023
Hide whitespace changes
Inline Side-by-side

Showing with 46 additions and 0 deletions

06-osm-platform-configuration.md 06-osm-platform-configuration.md +46 -0

No files found.
--- a/06-osm-platform-configuration.md
+++ b/06-osm-platform-configuration.md
@@ -921,3 +921,49 @@ To associate the K8s cluster with a Distributed VCA, follow these steps:
 3. Register your K8s cluster associating it to the VIM account added in step 2.  For more details, see [this](#management-of-k8s-clusters) section.

 Note: if you are not using an actual VIM, in the step 2, set the VIM account type to `dummy` with the following flag: `--account_type dummy`.
+
+## Reference - Audit Logs in OSM
+
+OSM logs audit events to record actions that answer the question of ***"Who did what, when, and where?"***. Audit logs would record the occurrence of an event, operation performed by the event, time at which the event occurred, and the user/project that performed the event in a system. It enhances security and correlation.
+
+OSM's audit logs follow Common Event Format (CEF). CEF is a standardized logging format to structure logs in a common format that could simplify logging and enable the integration of logs in to a single management system.
+
+### Audit Logs Available in OSM
+
+The following audit logs are available:
+
+- Incorrect login attempt- Records any user incorrect login attempts to OSM.
+- User Login and Logout- Records any user login and logout operations in OSM.
+- Resetting Passwords- Records instances of password changes of an user.
+- Administrator access- Records any access attempts to accounts that have system privileges.
+- Account administration/Services- Records all account activity like fetching, creating, updating, or deleting resources from OSM.
+
+All the logs recorded as part of audit would follow the below format:
+
+```text
+CEF:Version|Device Vendor|Device Product|Device Version|Name|Severity|Extension
+```
+
+A sample CEF log for User login would be as below:
+
+```text
+CEF:0|OSM|OSM|14.0.0|User Login|1|msg=User Logged In, Project\=admin Outcome\=Success suser=admin
+```
+
+### Audit Logs Prefixes
+
+Audit logs include the following event key names,
+
+- Version: Version of the CEF format
+- Device Vendor, Device Product, Device Version: Unique identification for the device that records the logs
+- Severity: Severity of the event
+- Name: Description of the event
+- Extension: A collection of key-value pairs that provides more information
+  - msg: Message that gives more details about the event
+  - suser (sourceUserName): Identifies the name of the user performing the event
+  - Project: The project that the suser belongs to
+  - Outcome: Result of the event
+
+### Additional Notes
+
+All the audit log events are captured as part of the NBI logs. For more information about how to check NBI logs, you can refer to [ANNEX 1: Troubleshooting](09-troubleshooting.md)