** Description changed:
- [Existing problem]
- - Logging is currently a missing feature in security-groups, it is
- necessary for operators (Cloud admins, developers etc) to
- auditing easier.
- - Tenant also needs to make sure their security-groups works as
- expected, and to assess what kinds of events/packets went
- through their security-groups or were dropped.
+ Learning what happened on traffic flows is necessary for cloud
+ administrator to tackle a problem related to network.
- [Main purpose of this feature]
- * Enable to configure logs for security-group-rules.
+ Problem Description
+ ===
+ - When *operator* (including cloud administrator and developer) has an issue
related to network (e.g network security issue). Gathering all events related
to security groups is necessary for troubleshooting process.
- * In order to assess what kinds of events/packets went
- through their security-groups or were dropped.
+ - When tenant or operator deploys a security groups for number of VMs.
+ They want to make sure security group rules work as expected and to
+ assess what kinds of packets went through their security-groups or were
+ dropped.
- [What is the enhancement?]
- - Proposes to create new generic logging API for security-group-rules
- in order to make the trouble shooting process easier for operators
- (or Cloud admins, developers etc)..
- - Introduce layout the logging api model for future API and model
- extension for log driver types(rsyslog, ...).
+ Currently, we don't have a way to perform that. In other word, logging
+ is a missing feature in security groups.
- Specification: https://review.openstack.org/#/c/203509
+ Proposed Change
+ ===
+ - To improve the situation, we'd like to propose a logging API [1]_ to
collect all events related to security group rules when they occurred.
+
+ - Only *operator* will be allowed to execute logging API.
+
+ [1] https://review.openstack.org/#/c/203509/
** Tags removed: rfe-approved
** Tags added: rfe
** Changed in: neutron
Status: Expired => New
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1468366
Title:
(Operator-only) Logging API for security group rules
Status in neutron:
New
Bug description:
Learning what happened on traffic flows is necessary for cloud
administrator to tackle a problem related to network.
Problem Description
===
- When *operator* (including cloud administrator and developer) has an issue
related to network (e.g network security issue). Gathering all events related
to security groups is necessary for troubleshooting process.
- When tenant or operator deploys a security groups for number of VMs.
They want to make sure security group rules work as expected and to
assess what kinds of packets went through their security-groups or
were dropped.
Currently, we don't have a way to perform that. In other word, logging
is a missing feature in security groups.
Proposed Change
===
- To improve the situation, we'd like to propose a logging API [1]_ to
collect all events related to security group rules when they occurred.
- Only *operator* will be allowed to execute logging API.
[1] https://review.openstack.org/#/c/203509/
To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1468366/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
