[openstack-dev] [Neutron] Security Group logging

Jay Pipes jaypipes at gmail.com
Fri Apr 11 15:07:36 UTC 2014


On Wed, 2014-04-09 at 00:02 +0100, Salvatore Orlando wrote:
> Auditing has been discussed for the firewall extension.
> However, it is reasonable to expect some form of auditing for security
> group rules as well.
> 
> 
> To the best of my knowledge there has never been an explicit decision
> to not support logging.
> However, my guess here is that we might be better off with an auditing
> service plugin integrating with security group and firewall agents
> rather than baking the logging feature in the security group
> extension.
> Please note that I'm just thinking aloud here.

+1. A notification event should be sent across the typical notifier
mechanisms when a security group rule is changed or applied.

Best,
-jay





More information about the OpenStack-dev mailing list