[openstack-dev] [OSSG] hardening openstack
Matt Joyce
matt.joyce at cloudscaling.com
Fri Nov 2 06:55:10 UTC 2012
For the record, ceilometer provides a perfect mechanism for recording audit
logs of events.
On Thu, Nov 1, 2012 at 9:55 PM, Bryan D. Payne <bdpayne at acm.org> wrote:
> Some of the log handling may end up being deployment specific.
> Nevertheless, this is a very good idea.
>
> One thing that the OpenStack projects can do to help with logging
> would be to cleanup the log messages in all of the projects such that
> they provide useful information to someone that was aggregating all of
> the logs as you describe. Last time I checked, there was lots of work
> to be done there.
>
> -bryan
>
>
> On Thu, Nov 1, 2012 at 4:55 PM, Bhandaru, Malini K
> <malini.k.bhandaru at intel.com> wrote:
> > From out of
> http://www.nsa.gov/ia/_files/factsheets/rhel5-pamphlet-i731.pdf
> > Review system and application logs on a routine basis.
> > Dend logs to a dedicated log server. This prevents intruders from easily
> avoiding detection by modifying the local logs.
> >
> > Down the road this is something we should consider. Might not want to
> have to go over the network for every log item, but do so in some digest
> mode. Alternately, create a VM for logging on the host nodes, a
> nova-log-vm, a quantum-log-vm .. and log to that for the respective
> openstack service. Needs more thought.
> >
> > Regards
> > Malini
> >
> > _______________________________________________
> > OpenStack-dev mailing list
> > OpenStack-dev at lists.openstack.org
> > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20121101/4736337c/attachment.html>
More information about the OpenStack-dev
mailing list