[openstack-dev] [Neutron] Security Group logging
Veiga, Anthony
Anthony_Veiga at cable.comcast.com
Fri Apr 11 15:12:28 UTC 2014
>
>On Wed, 2014-04-09 at 00:02 +0100, Salvatore Orlando wrote:
>> Auditing has been discussed for the firewall extension.
>> However, it is reasonable to expect some form of auditing for security
>> group rules as well.
>>
>>
>> To the best of my knowledge there has never been an explicit decision
>> to not support logging.
>> However, my guess here is that we might be better off with an auditing
>> service plugin integrating with security group and firewall agents
>> rather than baking the logging feature in the security group
>> extension.
>> Please note that I'm just thinking aloud here.
>
>+1. A notification event should be sent across the typical notifier
>mechanisms when a security group rule is changed or applied.
Throwing my hat in the ring for this as well. Preferably the message
should include the UUID of the Group being changed, and also the UUID of
the Instance if it¹s being applied.
>
>Best,
>-jay
>
>
>
>_______________________________________________
>OpenStack-dev mailing list
>OpenStack-dev at lists.openstack.org
>http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
More information about the OpenStack-dev
mailing list