Re: [Openstack-operators] Audit Logging - Interested? What's missing?

Hi, We had a similar security crazy thing too, and my colleague did a LT on this in Barcelona. https://youtu.be/dCKh7Gxj3wQ?t=3160 Shintaro On 2016/11/17 21:26, George Mihaiescu wrote: Same need here, I want to know who changed a security group and what change was done. Just the logged POS

Re: [Openstack-operators] Audit Logging - Interested? What's missing?

Same need here, I want to know who changed a security group and what change was done. Just the logged POST on the API is not enough to properly audit the operation. > On Nov 16, 2016, at 19:51, Kris G. Lindgren wrote: > > I need to do a deeper dive on audit logging. > > However, we have a re

Re: [Openstack-operators] Audit Logging - Interested? What's missing?

Anybody using http://docs.openstack.org/developer/keystonemiddleware/audit.html ?? > On 17 Nov. 2016, at 11:51 am, Kris G. Lindgren wrote: > > I need to do a deeper dive on audit logging. > > However, we have a requirement

Re: [Openstack-operators] Audit Logging - Interested? What's missing?

I need to do a deeper dive on audit logging. However, we have a requirement for when someone changes a security group that we log what the previous security group was and what the new security group is and who changed it. I don’’t know if this is specific to our crazy security people or if ot

Re: [Openstack-operators] Audit Logging - Interested? What's missing?

consistent log structure for our fault management policies. Thanks, Nemat -Original Message- From: Tom Fifield [mailto:t...@openstack.org] Sent: Wednesday, November 16, 2016 2:29 PM To: OpenStack Operators Subject: [Openstack-operators] Audit Logging - Interested? What's missing? H

Re: [Openstack-operators] Audit Logging - Interested? What's missing?

We've added ELK to our cloud (but of course it largely relies on the existing logging.) There will be a talk about this next month at OpenStack Days Mountain West in SLC. I can provide a link to the slides after that occurs. Our use of ELK is around added security, so ties in nicely with this use

Re: [Openstack-operators] Audit Logging - Interested? What's missing?

rather, here: https://openstackmountainwest2016.sched.org/event/8AkE/osdef-devops-driven-approach-to-securing-a-cloud-infrastructure-using-bigdata?iframe=no&w=&sidebar=yes&bg=no On Wed, Nov 16, 2016 at 5:07 PM, David Medberry wrote: > more info here: > http://www.openstackdaysmw.com/schedule/ >

Re: [Openstack-operators] Audit Logging - Interested? What's missing?

more info here: http://www.openstackdaysmw.com/schedule/ On Wed, Nov 16, 2016 at 5:06 PM, David Medberry wrote: > We've added ELK to our cloud (but of course it largely relies on the > existing logging.) There will be a talk about this next month at OpenStack > Days Mountain West in SLC. I can p

[Openstack-operators] Audit Logging - Interested? What's missing?

Hi Ops, Was chatting with Department of Defense in Australia the other day, and one of their pain points is Audit Logging. Some bits of OpenStack just don't leave enough information for proper audit. So, thought it might be a good idea to gather people who are interested to brainstorm how to g