XML

Word

Printable

Details

Type: Story
Resolution: Done
Priority: Major
Fix Version/s: Logging 5.2
Affects Version/s: None
Component/s: Log Collection
Labels:
- collab
- rn-done-resolved

Story Points:
3
Blocked:
False
Ready:
False
Epic Link:
Platform Audit Logs
Docs QE Status:
NEW
QE Status:
NEW
Release Note Text:

Hide
* With this update, you can collect OVN network policy audit logs for forwarding to a logging server. For more information, see xref:../logging/cluster-logging-external.html#cluster-logging-collecting-ovn-audit-logs_cluster-logging-external[Collecting OVN network policy audit logs]. (link:https://issues.redhat.com/browse/LOG-1526[~~LOG-1526~~])

Show
* With this update, you can collect OVN network policy audit logs for forwarding to a logging server. For more information, see xref:../logging/cluster-logging-external.html#cluster-logging-collecting-ovn-audit-logs_cluster-logging-external[Collecting OVN network policy audit logs]. (link: https://issues.redhat.com/browse/LOG-1526 [ LOG-1526 ])

Sprint:
Logging (Core) - Sprint 204

SFDC Cases Links:
SFDC Cases Counter:

Description

Story

As a cluster administrator,
I want to collect OVN audit logs

Acceptance Criteria

Logs from "/ovn/acl-audit-log.log" are forwarded through the "audit" pipeline
Log entries populate hostname with the node from which the log originated
Log entries populate timestamp
Functional test to verify collection
Document new collection source

Example log event received at output:

{
  "@timestamp" : "2021-07-06T08:26:58.687Z",
  "hostname":"ip.abc.iternal",
  "level":"info",
  "message" : "2021-07-06T08:26:58.687Z|00004|acl_log(ovn_pinctrl0)|INFO|name='verify-audit-logging_deny-all', verdict=drop, severity=alert: icmp,vlan_tci=0x0000,dl_src=0a:58:0a:81:02:12,dl_dst=0a:58:0a:81:02:14,nw_src=10.129.2.18,nw_dst=10.129.2.20,nw_tos=0,nw_ecn=0,nw_ttl=64,icmp_type=8,icmp_code=0"
}

Notes

Consider reviewing the remaining audit pipelines as we may want to apply the same AC to all audit logs

Sample Message:

 2021-07-06T08:26:58.687Z|00004|acl_log(ovn_pinctrl0)|INFO|name="verify-audit-logging_deny-all", verdict=drop, severity=alert: icmp,vlan_tci=0x0000,dl_src=0a:58:0a:81:02:12,dl_dst=0a:58:0a:81:02:14,nw_src=10.129.2.18,nw_dst=10.129.2.20,nw_tos=0,nw_ecn=0,nw_ttl=64,icmp_type=8,icmp_code=0

Attachments

Issue Links

is documented by

RHDEVDOCS-3162 Collect OVN Audit Logs

Closed

links to

openshift/cluster-logging-operator#1093: Adding changes to collect OVN audit logs LOG-1377 (WIP)

Activity

People

Assignee:: Ajay Gupta (Inactive)

Reporter:: Jeffrey Cantrill

QA Contact:: Ishwar Kanse

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 2021/07/01 12:40 PM

Updated:: 2022/03/16 3:24 PM

Resolved:: 2021/07/23 4:29 AM