← Back to team overview

openstack team mailing list archive

Re: secure logging in OpenStack

 

Paolo Smiraglia wrote:
> I wrote a library that implement some security features for logging. In
> a few words, the library generates a log files where all log entries are
> linked through an hash chain. In this way it's possible to verify the
> integrity of the log files. Now, I would to integrate functionalities
> provided by my library in the OpenStack logging system.
> 
> From a rapid view of python logging module, I saw that its possible to
> define custom logging handlers. My idea is to define a new handler as follow
> 
>    class SecureLogHandler(logging.Handler)
> 
> and to include it in the log module of OpenStack.
> 
> Is this a good approach?

Making it optional (keeping the ability to run the old one) could be a plus.

> There are some directives that I must follow (code styling, method
> definition, ...)?

Code style is defined in http://wiki.openstack.org/CodingStandards and
in the HACKING.rst file in project repositories.

Generally speaking, you should read
http://wiki.openstack.org/HowToContribute as a starting point, and get
familiar with our development cycle at
http://wiki.openstack.org/ReleaseCycle. You should probably create a
blueprint (see http://wiki.openstack.org/Blueprints) so that we can
properly track this feature.

Cheers!

-- 
Thierry Carrez (ttx)
Release Manager, OpenStack


Follow ups

References