You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 3 Next »

A small working group meets every Friday from 10 - 11 Eastern Standard Time.  If you would like to Join please contact Amy Zwarico and she can add you to the meeting. 

DateNotes
24 SEP 2021

Robust discussion today.  Here are some notes.  If you have answers to questions below please add.

Three items came out from today’s working session.

To position the security logging requirements for success in attempt to gain broad PTL support we need to have a plan on general usability and an implementation plan.  Essentially, this means we need to tackle not just the fields for security logging but the more generalized case of consistent logging across ONAP.  There were 3 broad activities outlined

  1. We need to do a logging survey of ONAP Projects
    1. What fields are current projects logging?
    2. What logging libraries are they using?
    3. Other questions?
    4. How do we do survey’s?
  2. Definition of a logging side car
    1. Who defines this?
  3. Sidecar POC
    1. Who develops this?
    2. Who maintains it?
13 AUG 2021
  • Review Requirements list Amy put together
  • Muddasar to provide links to NIST security logging standards: 

    https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-92.pdf

  • Fabian: Initial investigation of ONAP responding to security events.
  • Bob to provide Orchestration logging events
  • Log Template as suggested by Chakar on Tuesday call ( Apache 2 log template as an example.  Can we review work from Logging enhancement project?

30 JUL 2021


  • Amy: List of proposed events that should be collected from ONAP and Metadata
  • Muddasar: Determine if there is a standard terminology regarding logging architecture terms.  Eg., Are the categories in the above table industry accepted?

    • **There probably a body of work we can reference that spells this out.  ACTION: Literature review for that:  No standard terms, but some popular standard formats like BSD, Syslog (IETF), Common Event Format (CEF),  by Arcsight.  OWASP, NIST and Major Cloud Vendors have guidance in user docs or SDK regarding logs and formats.  NIST SP 800-92 can be found here https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-92.pdf

      Application logs some time are split into Application Access and Application Operations.  Other major Category in older literature is focusing on Operating System, in Containerized deployments this can be Docker and host OS, Node logs.  We should consider listing in best practice some of these categories that do not fall within Application Container.  

      Do we need to specify format type?  WebAPIs, Datanbases and applications way have slightly different format requirements.

  • Fabian: Initial investigation of ONAP responding to security events.
  • No labels