Uploaded image for project: 'OpenShift Logging'
  1. OpenShift Logging
  2. LOG-1377

Support collecting audit logs from additional, platform related locations

    XMLWordPrintable

Details

    • Platform Audit Logs
    • 3
    • False
    • False
    • NEW
    • Done
    • NEW
    • 100
    • 100% 100%
    • Undefined

    Description

      Goals

      Support collecting additional audit logs from other, platform related locations to enable security admins to fully audit the entire OpenShift Platform and its underlying infrastructure components.

      Non-Goals

      • General support for adjusting or adding more locations on-the-fly where we will collect audit logs from.

      Motivation

      Recently (OCP 4.8), the OVNKubernetes plugin introduced a new feature where audit logs can be collected which allows for gathering more information about network policies.

      As with any other audit log, this is considered sensitive information and often has to be handled in a different pipeline than other container logs.

      Alternatives

      Customers in regulated industries will have to come up with their own log forwarding solution just for this type of log. Otherwise, they might use a side-car container to output the logs, which would forward them to the regular bucket of logs. Which, if found by an auditor, is considered a finding that might affect their compliance targets.

      Acceptance Criteria

      • It is expected that if these OVN audit logs (which are persisted in the /ovn/acl-audit-log.log file) are found, they will be collected, and can be forwarded using the audit inputRef.

      Risk and Assumptions

      Documentation Considerations

      • Update the list of files we collect audit logs from.

      Open Questions

      Additional Notes

      Attachments

        Issue Links

          blocks

          Feature - Capability or a well-defined set of functionality that delivers business value. Features can include additions or changes to existing functionality. Features can easily span multiple teams, and potentially multiple releases. OBSDA-81 Collect & forward OVN audit logs

          • Normal - To be worked after urgent and high priorities are resolved. This term is chosen when the severity of an issue is relatively close to the level of effort to fix it. The existence of an easily implemented workaround can also lead to this priority level instead of a higher priority.
          • Closed
          is documented by

          Task - Represents a small unit of work that is not end-user facing. RHDEVDOCS-3162 Collect OVN Audit Logs

          • Critical - To be worked on immediately following BLOCKER issues.
          • Closed
          is related to

          Story - Created by Jira Software - do not edit or delete. Issue type for a user story. LOG-1592 Add sub-categories for log types

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed
          links to

          GitHub openshift/cluster-logging-operator#1093: Adding changes to collect OVN audit logs LOG-1377 (WIP)

          GitHub openshift/origin-aggregated-logging#2152: Adding new plugin for parsing ovn logs LOG-1377(WIP)

          Activity

            People

              aguptaredhat Ajay Gupta (Inactive)
              cvogel1 Christian Heidenreich (Inactive)
              Ishwar Kanse Ishwar Kanse
              Votes:
              0 Vote for this issue
              Watchers:
              8 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: