...
ID | Type | Field Name | Description | Reference |
---|---|---|---|---|
CON-LOG-REQ-7 | REQUIRED | Date and Time | The container and container application MUST log the field “date/time” in the security audit logs. The value should be represented in UTC and formatted per ISO 8601, such as “2015-06-03T13:21:58+00:00”. The time should be shown with the maximum resolution available to the logging component (e.g., milliseconds, microseconds) by including the appropriate number of decimal digits. For example, when millisecond precision is available, the date-time value would be presented as, as “2015-06-03T13:21:58.340+00:00”. | |
CON-LOG-REQ-8 | REQUIRED | Protocol | The container and container application MUST log the field “protocol” in the security audit logs. This refers to the communication mechanism for a request. The value of this field should be representative of the OSI application layer protocol. This is represented as a decimal formatted TCP/IP port number. | |
CON-LOG-REQ-9 | REQUIRED | Service / Program Name | The container and container application MUST log the field “service or program used for access” in the security audit logs. This intention is to capture the service name endpoint or an externally advertised API invoked, e.g., where are you connecting to. This is represented as a URI or URL. | (4) |
CON-LOG-REQ-10 | REQUIRED | Status Code | The container and container application MUST log a "status code" in the security audit logs. This field indicates the high level status for transactional or sub operational events. It must be one of the following values:
| (4) |
CON-LOG-REQ-11 | REQUIRED | Principal ID | The container and container application MUST log the field “Login ID” Principal identity of a requestor in the security audit logs. The container and container application MUST log the Principal identity of the entity accessing the service (e.g., Login ID, NPE This field should contain the identification name of the client application (user agent, client id, user, user id, login ID, non-person entity (NPE), Token, etc.) NOTE: This seems similar to PartnerName in the v1.3 spec This field should contain the name of the client application user agent or user invoking the of the entity accessing or invoking the service or API. This is often used for heuristic analysis to identify invocations between ONAP individual ONAP components. Its value has never been clearly stipulated, so a common problem has been a lack of consistency. There is no clear consensus, but:
Real-life examples include MSO, bpmnclient, BPELClient, (all of which are reported by SO), openECOMP (SDNC), vid (VID!) etc. (See the problem?) From (4): This field contains the name of the client or user invoking the API in the prior field, if known. The identification of the entity that made the request being served. For a serving API that is authenticating the request, this should be the authenticated username or equivalent (e.g. an attuid or a mechid)
REF: See PartnerName in v1.3 and (4). | |
CON-LOG-REQ-MP12 | REQUIRED | Group ID | The container and container application MUST log the Group ID of the Principal identity of the entity accessing the service Note: The group ID is in reference to a Role or Attribute as part of a RBAC or ABAC scheme. Should we call this something else? Potential confusion since Group ID is overloaded term. **This needs additional discussion | N/A |
CON-LOG-REQ-MP01 | Container ID | Container ID; unique for life time of the system, for the instance, once container is killed, this ID goes away | ||
CON-LOG-REQ-MP02 | Container Name | Container Name; unique name of the image ( webserver, FW, DCAE01) | ||
CON-LOG-REQ-MP03 | Contaimer Image Hash | Container Image Name (Hash); Image name and Hash ( container lifecycle events | ||
CON-LOG-REQ-MP04 | REQUIRED | Log Level | "The VNF SHOULD use an appropriately configured logging level that can be changed dynamically, so as to not cause performance degradation of the VNF due to excessive logging." Logging Level Follows Syslog levels numbered 0 - 7; (Emergency, Alert, Criticial, Error, Warning, Notification, Informational, Debugging) | (4) |
CON-LOG-REQ-MP11 | Image ID Image Hash | The container MUST log the image ID and layer hash | T1036, T1525 | |
CON-LOG-REQ-MP13 | REQUIRED | RequestID | The container and container application MUST log RequestID A requestID is a universally unique value that identifies a single transaction request within the ONAP | (4) |
Severity | Severity level? {Major, Minor, Critical} : For error reporting on internal processing Optional: 0, 1, 2, 3 see Nagios monitoring/alerting for specifics/details. | (4) |
...