yahoo-eng-team team mailing list archive

[Akihiro Motoki <1468366@xxxxxxxxxxxxxxxxxx>]

** Changed in: neutron
    Milestone: queens-1 => queens-3

** Changed in: neutron
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1468366

Title:
  [RFE] (Operator-only) Logging API for security group rules

Status in neutron:
  Fix Released

Bug description:
  Learning what happened on traffic flows is necessary for cloud
  administrator to tackle a problem related to network.

  Problem Description
  ===================
  - When *operator* (including cloud administrator and developer) has an issue related to network (e.g network security issue). Gathering all events related to security groups is necessary for troubleshooting process.

  - When tenant or operator deploys a security groups for number of VMs.
  They want to make sure security group rules work as expected and to
  assess what kinds of packets went through their security-groups or
  were dropped.

  Currently, we don't have a way to perform that. In other word, logging
  is a missing feature in security groups.

  Proposed Change
  ===============
  - To improve the situation, we'd like to propose a logging API [1]_ to collect all events related to security group rules when they occurred.

  - Only *operator* will be allowed to execute logging API.

  - Layout the logging API model can extend to other resource such as
  firewall.

  [1] https://review.openstack.org/#/c/203509/

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1468366/+subscriptions