Searching for results...

No results

Your search did not match anything from Mirantis documentation.
Check your spelling or try different keywords.

An error occurred

An error occurred while using the search.
Try your search again or contact us to let us know about it.

Newer documentation is now live.You are currently reading an older version.

Switch to latest✕

CADF audit notifications in OpenStack services

MOSK services can emit notifications in the Cloud Auditing Data Federation (CADF) format, which is a standardized format for event data. The information contained in such notifications describes every action users perform in the cloud and is commonly used by organizations to perform security audits and intrusion detection.

Currently, the following MOSK services support the emission of CADF notifications:

• Compute service (OpenStack Nova)

• Block Storage service (OpenStack Cinder)

• Images service (OpenStack Glance)

• Networking service (OpenStack Neutron)

• Orchestration service (OpenStack Heat)

• DNS service (OpenStack Designate)

• Bare Metal service (OpenStack Ironic)

• Load Balancing service (OpenStack Octavia)

CADF notifications are enabled in the features:logging:cadf section of the OpenStackDeployment custom resource. For example:

spec:
  features:
    logging:
      cadf:
        enabled: true

The way the notification messages get delivered to the consumers is controlled by the notification driver setting. The following options are supported:

• messagingv2 - Default

  Messages get posted to the notifications.info queue in the MOSK message bus, which is RabbitMQ

• log

  Messages get posted to a standard log output and then collected by Mirantis StackLight

Configuration example:

spec:
  features:
    logging:
      cadf:
        enabled: true
        driver: log