Re: [Openstack-operators] Audit Logging - Interested? What's missing?

2016-11-17 Thread George Mihaiescu 
Same need here, I want to know who changed a security group and what change was 
done. Just the logged POST on the API is not enough to properly audit the 
operation.

> On Nov 16, 2016, at 19:51, Kris G. Lindgren  wrote:
> 
> I need to do a deeper dive on audit logging. 
> 
> However, we have a requirement for when someone changes a security group that 
> we log what the previous security group was and what the new security group 
> is and who changed it.  I don’’t know if this is specific to our crazy 
> security people or if others security peoples want to have this.  I am sure I 
> can think of others.
> 
> 
> ___
> Kris Lindgren
> Senior Linux Systems Engineer
> GoDaddy
> 
> On 11/16/16, 3:29 PM, "Tom Fifield"  wrote:
> 
>Hi Ops,
> 
>Was chatting with Department of Defense in Australia the other day, and 
>one of their pain points is Audit Logging. Some bits of OpenStack just 
>don't leave enough information for proper audit. So, thought it might be 
>a good idea to gather people who are interested to brainstorm how to get 
>it to a good level for all :)
> 
>Does your cloud need good audit logging? What do you wish was there at 
>the moment, but isn't?
> 
> 
>Regards,
> 
> 
>Tom
> 
>___
>OpenStack-operators mailing list
>OpenStack-operators@lists.openstack.org
>http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
> 
> 
> ___
> OpenStack-operators mailing list
> OpenStack-operators@lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators

___
OpenStack-operators mailing list
OpenStack-operators@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators

Re: [Openstack-operators] Audit Logging - Interested? What's missing?

2016-11-16 Thread Sam Morrison 
Anybody using http://docs.openstack.org/developer/keystonemiddleware/audit.html 
 ??




> On 17 Nov. 2016, at 11:51 am, Kris G. Lindgren  wrote:
> 
> I need to do a deeper dive on audit logging. 
> 
> However, we have a requirement for when someone changes a security group that 
> we log what the previous security group was and what the new security group 
> is and who changed it.  I don’’t know if this is specific to our crazy 
> security people or if others security peoples want to have this.  I am sure I 
> can think of others.
> 
> 
> ___
> Kris Lindgren
> Senior Linux Systems Engineer
> GoDaddy
> 
> On 11/16/16, 3:29 PM, "Tom Fifield"  wrote:
> 
>Hi Ops,
> 
>Was chatting with Department of Defense in Australia the other day, and 
>one of their pain points is Audit Logging. Some bits of OpenStack just 
>don't leave enough information for proper audit. So, thought it might be 
>a good idea to gather people who are interested to brainstorm how to get 
>it to a good level for all :)
> 
>Does your cloud need good audit logging? What do you wish was there at 
>the moment, but isn't?
> 
> 
>Regards,
> 
> 
>Tom
> 
>___
>OpenStack-operators mailing list
>OpenStack-operators@lists.openstack.org
>http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
> 
> 
> ___
> OpenStack-operators mailing list
> OpenStack-operators@lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators

___
OpenStack-operators mailing list
OpenStack-operators@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators

Re: [Openstack-operators] Audit Logging - Interested? What's missing?

2016-11-16 Thread Kris G. Lindgren 
I need to do a deeper dive on audit logging. 

However, we have a requirement for when someone changes a security group that 
we log what the previous security group was and what the new security group is 
and who changed it.  I don’’t know if this is specific to our crazy security 
people or if others security peoples want to have this.  I am sure I can think 
of others.


___
Kris Lindgren
Senior Linux Systems Engineer
GoDaddy

On 11/16/16, 3:29 PM, "Tom Fifield"  wrote:

Hi Ops,

Was chatting with Department of Defense in Australia the other day, and 
one of their pain points is Audit Logging. Some bits of OpenStack just 
don't leave enough information for proper audit. So, thought it might be 
a good idea to gather people who are interested to brainstorm how to get 
it to a good level for all :)

Does your cloud need good audit logging? What do you wish was there at 
the moment, but isn't?


Regards,


Tom

___
OpenStack-operators mailing list
OpenStack-operators@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators


___
OpenStack-operators mailing list
OpenStack-operators@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators

Re: [Openstack-operators] Audit Logging - Interested? What's missing?

2016-11-16 Thread Nematollah Bidokhti 
Hi Tom,

It would be great if the logs were formatted as such that could convey the 
following:
- Fault classification/types
- Potential root Causes
- Latest state before failure/crash

The above can help with automation and self healing. This is part of our Fault 
Genes WG mission to get to consistent log structure for our fault management 
policies.

Thanks,
Nemat


-Original Message-
From: Tom Fifield [mailto:t...@openstack.org] 
Sent: Wednesday, November 16, 2016 2:29 PM
To: OpenStack Operators
Subject: [Openstack-operators] Audit Logging - Interested? What's missing?

Hi Ops,

Was chatting with Department of Defense in Australia the other day, and one of 
their pain points is Audit Logging. Some bits of OpenStack just don't leave 
enough information for proper audit. So, thought it might be a good idea to 
gather people who are interested to brainstorm how to get it to a good level 
for all :)

Does your cloud need good audit logging? What do you wish was there at the 
moment, but isn't?


Regards,


Tom

___
OpenStack-operators mailing list
OpenStack-operators@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators

___
OpenStack-operators mailing list
OpenStack-operators@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators

Re: [Openstack-operators] Audit Logging - Interested? What's missing?

2016-11-16 Thread David Medberry 
rather, here:
https://openstackmountainwest2016.sched.org/event/8AkE/osdef-devops-driven-approach-to-securing-a-cloud-infrastructure-using-bigdata?iframe=no==yes=no

On Wed, Nov 16, 2016 at 5:07 PM, David Medberry 
wrote:

> more info here:
> http://www.openstackdaysmw.com/schedule/
>
> On Wed, Nov 16, 2016 at 5:06 PM, David Medberry 
> wrote:
>
>> We've added ELK to our cloud (but of course it largely relies on the
>> existing logging.) There will be a talk about this next month at OpenStack
>> Days Mountain West in SLC. I can provide a link to the slides after that
>> occurs.
>>
>> Our use of ELK is around added security, so ties in nicely with this use
>> case.
>>
>> On Wed, Nov 16, 2016 at 3:29 PM, Tom Fifield  wrote:
>>
>>> Hi Ops,
>>>
>>> Was chatting with Department of Defense in Australia the other day, and
>>> one of their pain points is Audit Logging. Some bits of OpenStack just
>>> don't leave enough information for proper audit. So, thought it might be a
>>> good idea to gather people who are interested to brainstorm how to get it
>>> to a good level for all :)
>>>
>>> Does your cloud need good audit logging? What do you wish was there at
>>> the moment, but isn't?
>>>
>>>
>>> Regards,
>>>
>>>
>>> Tom
>>>
>>> ___
>>> OpenStack-operators mailing list
>>> OpenStack-operators@lists.openstack.org
>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
>>>
>>
>>
>
___
OpenStack-operators mailing list
OpenStack-operators@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators

Re: [Openstack-operators] Audit Logging - Interested? What's missing?

2016-11-16 Thread David Medberry 
more info here:
http://www.openstackdaysmw.com/schedule/

On Wed, Nov 16, 2016 at 5:06 PM, David Medberry 
wrote:

> We've added ELK to our cloud (but of course it largely relies on the
> existing logging.) There will be a talk about this next month at OpenStack
> Days Mountain West in SLC. I can provide a link to the slides after that
> occurs.
>
> Our use of ELK is around added security, so ties in nicely with this use
> case.
>
> On Wed, Nov 16, 2016 at 3:29 PM, Tom Fifield  wrote:
>
>> Hi Ops,
>>
>> Was chatting with Department of Defense in Australia the other day, and
>> one of their pain points is Audit Logging. Some bits of OpenStack just
>> don't leave enough information for proper audit. So, thought it might be a
>> good idea to gather people who are interested to brainstorm how to get it
>> to a good level for all :)
>>
>> Does your cloud need good audit logging? What do you wish was there at
>> the moment, but isn't?
>>
>>
>> Regards,
>>
>>
>> Tom
>>
>> ___
>> OpenStack-operators mailing list
>> OpenStack-operators@lists.openstack.org
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
>>
>
>
___
OpenStack-operators mailing list
OpenStack-operators@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators

[Openstack-operators] Audit Logging - Interested? What's missing?

2016-11-16 Thread Tom Fifield 

Hi Ops,

Was chatting with Department of Defense in Australia the other day, and 
one of their pain points is Audit Logging. Some bits of OpenStack just 
don't leave enough information for proper audit. So, thought it might be 
a good idea to gather people who are interested to brainstorm how to get 
it to a good level for all :)


Does your cloud need good audit logging? What do you wish was there at 
the moment, but isn't?



Regards,


Tom

___
OpenStack-operators mailing list
OpenStack-operators@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators