From de68c7cff297070a4b0e7665bdfd7f47f461c9e7 Mon Sep 17 00:00:00 2001 From: elumalai Date: Thu, 6 Jul 2023 23:21:12 +0530 Subject: [PATCH 1/2] Feature 10958 Audit Logs for OSM --- 05-osm-usage.md | 40 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 40 insertions(+) diff --git a/05-osm-usage.md b/05-osm-usage.md index a8905ae..ec1b835 100644 --- a/05-osm-usage.md +++ b/05-osm-usage.md @@ -2306,3 +2306,43 @@ vnfd: - Instantiate the NS (Network Service) within the OSM environment using the onboarded VNF package. - Confirm that the Service KPI metrics are flowing seamlessly from the VNF instances to OSM-Prometheus, whose graphical interface can be visited at the URL . + +## Audit Logs + +OSM logs audit events to record actions that answer the question of "Who did what, when, and where?". Audit logs would record the occurrence of an event, operation performed by the event, time at which the event occurred, and the user/project that performed the event in a system. It enhances security and correlation. + +OSM's audit logs follow Common Event Format (CEF). CEF is a standardized logging format to structure logs in a common format that could simplify logging and enable the integration of logs in to a single management system. + +### Audit Logs Available in OSM + +The following audit logs are available, +- Incorrect login attempt- Records any user incorrect login attempts to OSM. +- User Login and Logout- Records any user login and logout operations in OSM. +- Resetting Passwords- Records instances of password changes of an user. +- Administrator access- Records any access attempts to accounts that have system privileges. +- Account administration/Services- Records all account activity like fetching, creating, updating, or deleting resources from OSM. + +All the logs recorded as part of audit would follow the below format, + +CEF:Version|Device Vendor|Device Product|Device Version|Name|Severity|Extension + +A sample CEF log for User login would be as below, + +CEF:0|OSM|OSM|14.0.0|User Login|1|msg=User Logged In, Project\=admin Outcome\=Success suser=admin + +### Audit Logs Prefixes + +Audit logs include the following event key names, +- Version: Version of the CEF format +- Device Vendor, Device Product, Device Version: Unique identification for the device that records the logs +- Severity: Severity of the event +- Name: Description of the event +- Extension: A collection of key-value pairs that provides more information + - msg: Message that gives more details about the event + - suser (sourceUserName): Identifies the name of the user performing the event + - Project: The project that the suser belongs to + - Outcome: Result of the event + +### Additional Notes + +All the audit log events are captured as part of the NBI logs. -- GitLab From 11b98ac5128c719a64f60c902cebfd384317a219 Mon Sep 17 00:00:00 2001 From: garciadeblas Date: Fri, 21 Jul 2023 16:10:38 +0000 Subject: [PATCH 2/2] Update 05-osm-usage.md, 06-osm-platform-configuration.md files --- 05-osm-usage.md | 40 --------------------------- 06-osm-platform-configuration.md | 46 ++++++++++++++++++++++++++++++++ 2 files changed, 46 insertions(+), 40 deletions(-) diff --git a/05-osm-usage.md b/05-osm-usage.md index ec1b835..a8905ae 100644 --- a/05-osm-usage.md +++ b/05-osm-usage.md @@ -2306,43 +2306,3 @@ vnfd: - Instantiate the NS (Network Service) within the OSM environment using the onboarded VNF package. - Confirm that the Service KPI metrics are flowing seamlessly from the VNF instances to OSM-Prometheus, whose graphical interface can be visited at the URL . - -## Audit Logs - -OSM logs audit events to record actions that answer the question of "Who did what, when, and where?". Audit logs would record the occurrence of an event, operation performed by the event, time at which the event occurred, and the user/project that performed the event in a system. It enhances security and correlation. - -OSM's audit logs follow Common Event Format (CEF). CEF is a standardized logging format to structure logs in a common format that could simplify logging and enable the integration of logs in to a single management system. - -### Audit Logs Available in OSM - -The following audit logs are available, -- Incorrect login attempt- Records any user incorrect login attempts to OSM. -- User Login and Logout- Records any user login and logout operations in OSM. -- Resetting Passwords- Records instances of password changes of an user. -- Administrator access- Records any access attempts to accounts that have system privileges. -- Account administration/Services- Records all account activity like fetching, creating, updating, or deleting resources from OSM. - -All the logs recorded as part of audit would follow the below format, - -CEF:Version|Device Vendor|Device Product|Device Version|Name|Severity|Extension - -A sample CEF log for User login would be as below, - -CEF:0|OSM|OSM|14.0.0|User Login|1|msg=User Logged In, Project\=admin Outcome\=Success suser=admin - -### Audit Logs Prefixes - -Audit logs include the following event key names, -- Version: Version of the CEF format -- Device Vendor, Device Product, Device Version: Unique identification for the device that records the logs -- Severity: Severity of the event -- Name: Description of the event -- Extension: A collection of key-value pairs that provides more information - - msg: Message that gives more details about the event - - suser (sourceUserName): Identifies the name of the user performing the event - - Project: The project that the suser belongs to - - Outcome: Result of the event - -### Additional Notes - -All the audit log events are captured as part of the NBI logs. diff --git a/06-osm-platform-configuration.md b/06-osm-platform-configuration.md index 601ad51..ab1d223 100644 --- a/06-osm-platform-configuration.md +++ b/06-osm-platform-configuration.md @@ -921,3 +921,49 @@ To associate the K8s cluster with a Distributed VCA, follow these steps: 3. Register your K8s cluster associating it to the VIM account added in step 2. For more details, see [this](#management-of-k8s-clusters) section. Note: if you are not using an actual VIM, in the step 2, set the VIM account type to `dummy` with the following flag: `--account_type dummy`. + +## Reference - Audit Logs in OSM + +OSM logs audit events to record actions that answer the question of ***"Who did what, when, and where?"***. Audit logs would record the occurrence of an event, operation performed by the event, time at which the event occurred, and the user/project that performed the event in a system. It enhances security and correlation. + +OSM's audit logs follow Common Event Format (CEF). CEF is a standardized logging format to structure logs in a common format that could simplify logging and enable the integration of logs in to a single management system. + +### Audit Logs Available in OSM + +The following audit logs are available: + +- Incorrect login attempt- Records any user incorrect login attempts to OSM. +- User Login and Logout- Records any user login and logout operations in OSM. +- Resetting Passwords- Records instances of password changes of an user. +- Administrator access- Records any access attempts to accounts that have system privileges. +- Account administration/Services- Records all account activity like fetching, creating, updating, or deleting resources from OSM. + +All the logs recorded as part of audit would follow the below format: + +```text +CEF:Version|Device Vendor|Device Product|Device Version|Name|Severity|Extension +``` + +A sample CEF log for User login would be as below: + +```text +CEF:0|OSM|OSM|14.0.0|User Login|1|msg=User Logged In, Project\=admin Outcome\=Success suser=admin +``` + +### Audit Logs Prefixes + +Audit logs include the following event key names, + +- Version: Version of the CEF format +- Device Vendor, Device Product, Device Version: Unique identification for the device that records the logs +- Severity: Severity of the event +- Name: Description of the event +- Extension: A collection of key-value pairs that provides more information + - msg: Message that gives more details about the event + - suser (sourceUserName): Identifies the name of the user performing the event + - Project: The project that the suser belongs to + - Outcome: Result of the event + +### Additional Notes + +All the audit log events are captured as part of the NBI logs. For more information about how to check NBI logs, you can refer to [ANNEX 1: Troubleshooting](09-troubleshooting.md) -- GitLab