yahoo-eng-team team mailing list archive

[Nguyen Phuong An <AnNP@xxxxxxxxxxxxxx>]

** Description changed:

- [Existing problem]
-     - Logging is currently a missing feature in security-groups, it is
-       necessary for operators (Cloud admins, developers etc) to
-       auditing easier.
-     - Tenant also needs to make sure their security-groups works as
-       expected, and to assess what kinds of events/packets went
-       through their security-groups or were dropped.
+ Learning what happened on traffic flows is necessary for cloud
+ administrator to tackle a problem related to network.
  
- [Main purpose of this feature]
-     * Enable to configure logs for security-group-rules.
+ Problem Description
+ ===================
+ - When *operator* (including cloud administrator and developer) has an issue related to network (e.g network security issue). Gathering all events related to security groups is necessary for troubleshooting process.
  
-     * In order to assess what kinds of events/packets went
-       through their security-groups or were dropped.
+ - When tenant or operator deploys a security groups for number of VMs.
+ They want to make sure security group rules work as expected and to
+ assess what kinds of packets went through their security-groups or were
+ dropped.
  
- [What is the enhancement?]
-     - Proposes to create new generic logging API for security-group-rules
-       in order to make the trouble shooting process easier for operators
-       (or Cloud admins, developers etc)..
-     - Introduce layout the logging api model for future API and model
-       extension for log driver types(rsyslog, ...).
+ Currently, we don't have a way to perform that. In other word, logging
+ is a missing feature in security groups.
  
- Specification: https://review.openstack.org/#/c/203509
+ Proposed Change
+ ===============
+ - To improve the situation, we'd like to propose a logging API [1]_ to collect all events related to security group rules when they occurred.
+ 
+ - Only *operator* will be allowed to execute logging API.
+ 
+ [1] https://review.openstack.org/#/c/203509/

** Tags removed: rfe-approved
** Tags added: rfe

** Changed in: neutron
       Status: Expired => New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1468366

Title:
  (Operator-only) Logging API for security group rules

Status in neutron:
  New

Bug description:
  Learning what happened on traffic flows is necessary for cloud
  administrator to tackle a problem related to network.

  Problem Description
  ===================
  - When *operator* (including cloud administrator and developer) has an issue related to network (e.g network security issue). Gathering all events related to security groups is necessary for troubleshooting process.

  - When tenant or operator deploys a security groups for number of VMs.
  They want to make sure security group rules work as expected and to
  assess what kinds of packets went through their security-groups or
  were dropped.

  Currently, we don't have a way to perform that. In other word, logging
  is a missing feature in security groups.

  Proposed Change
  ===============
  - To improve the situation, we'd like to propose a logging API [1]_ to collect all events related to security group rules when they occurred.

  - Only *operator* will be allowed to execute logging API.

  [1] https://review.openstack.org/#/c/203509/

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1468366/+subscriptions