...

The goal of this activity is to develop a set of security requirements, security best practices and define a realistic plan to bring a consistent logging across ONAP to support security analytics.

...

• Application: This refers to runtime containerized application
• Container: This refers to the container platform and orchestration software that ONAP interfaces with.  For example, docker and K8S.
• Infrastructure: This refers to any physical, virtualization, element managers, and/or operating system components.

Our immediate focus is on defining what logs should be generated and how they should be collected for ONAP Components only.  This is indicated as Phase 1 in the table below.

...

Phase 2 will focus on logs of events from services orchestrated by ONAP

Definitions:

Application: This refers to runtime containerized application
Container: This refers to the container platform and orchestration software that ONAP interfaces with.  For example, docker and K8S.

Infrastructure: This refers to any physical, virtualization, element managers, and/or operating system components.

From a 2017 AT&T Doc on ONAP Logging

"Application logging” refers to logs written by ONAP component “applications”.

"System/infrastructure logging” refers to the separate/related set of logs produced by software components not developed for ONAP (e.g. DBMS, application container, web servers, ‘middle boxes’, JVM, OS, hypervisor, etc.) that are used in the implementation of these components." (See reference #4).

Notes

At a high level there are 5 broad categories in regards to Security Event Management (Or is this a Security Event Lifecycle?)

...