OCI -Logging Step by Step Doc

 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

eghtxeght_okta


https://swigmaster.github.io/index.html?lab=setup#STEP2:CreateandConfigureanIAMDynamicGroup

 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

STEP 1: Create an IAM Compartment -- We already have a compartment (sysops) we will be using that for 

project

STEP 2: Create and Configure an IAM Dynamic Group

STEP 3: Create a Virtual Cloud Network  -- I believe we will be using an exsisting VCN 

STEP 4: Launch Virtual Machine  -- Instead we will be adding the VMS/ On-Premises server to the Dynamic Group we created.

STEP 5 : Create Custom Application Logs 

Logging Home : https://docs.oracle.com/en-us/iaas/Content/Logging/home.htm

>>> Create Custom Log :       

https://docs.oracle.com/en-us/iaas/Content/Logging/Concepts/custom_logs.htm#custom_logs

 Create a Custom Log Agent Config  

https://swigmaster.github.io/index.html?lab=applog#STEP2:ReviewLogDatafromVirtualMachine

STEP 6 : Configure the script on the system from which we will gather logs from

STEP 7 : figure out a way to ingest the logs into the OCI logging .

Custom logs can be ingested in the following ways:

Figure out the possibility of using OCI Output plugin : https://github.com/oracle/fluent-plugin-oci-logging

Explore the second option : By configuring the Unified Monitoring Agent. See Installing the Agent for instructions.

> Configuring Unified Monitoring Agent - https://docs.oracle.com/en-us/iaas/Content/Logging/Concepts/agent_management.htm#installing_the_agent


The following are the supported operating systems for agent configurations:

Oracle Linux 7, Oracle Linux 8

CentOS 7, CentOS 8

Windows Server 2012 R2, Windows Server 2016, Windows Server 2019

Ubuntu 16.04, Ubuntu 18.04, Ubuntu 20.04

Note

For Linux, only register Linux-specific input types, such as "Log Path", for a dynamic group that includes only a Linux instance. For Windows, only register Windows-specific input types, such as "Windows event log", for a dynamic group that includes only a Windows instance. Otherwise, the Unified Monitoring Agent malfunctions if you register a Windows input type for a Linux instance, and vice versa.


 The step we may have to do 

  • Create and Configure an IAM Dynamic Group -- Add the servers (Windows Group / Linux Groups / HIPAA PII group )
  • Create Custom Log :  https://docs.oracle.com/en-us/iaas/Content/Logging/Concepts/custom_logs.htm#custom_logs
  • figure out a way to ingest the logs into the OCI logging .
  • Notifcation :
  •  https://docs.oracle.com/en-us/iaas/Content/Notification/home.htm
  • Create a function when you publish a message to a parent topic  or a Email Protocol


Logging : Home

https://docs.oracle.com/en-us/iaas/Content/Logging/home.htm

Use Logging to enable, manage, and search logs. The three kinds of logs are the following:


  • Audit logs: Logs related to events emitted by the Oracle Cloud Infrastructure Audit service. These logs are available from the Logging Audit page, or are searchable on the Search page alongside the rest of your logs.
  • Service logs: Emitted by OCI native services, such as API Gateway, Events, Functions, Load Balancing, Object Storage, and VCN Flow Logs. Each of these supported services has pre-defined logging categories that you can enable or disable on your respective resources.
  • Custom logs: Logs that contain diagnostic information from custom applications, other cloud providers, or an on-premises environment. Custom logs can be ingested through the API, or by configuring the Unified Monitoring Agent. You can configure an OCI compute instance/resource to directly upload Custom Logs through the Unified Monitoring Agent. Custom logs are supported in both a virtual machine and bare metal scenario.


You can configure an OCI compute instance/resource to directly upload Custom Logs through the Unified Monitoring Agent. Custom logs are supported in both a virtual machine and bare metal scenario.

log is a first-class Oracle Cloud Infrastructure resource that stores and captures log events collected in a given context. For example, if you enable Flow Logs on a subnet, it has its own dedicated log. Each log has an OCID and is stored in a log group. log group is a collection of logs stored in a compartment. Logs and log groups are searchable, actionable, and transportable.

When you enable a log, you must add it to a log group that you create. Log groups are logical containers for logs. Use log groups to organize and streamline management of logs by applying IAM policy or grouping logs for analysis. For more information, see Managing Logs and Log Groups.

Service Connector Hub Integration

Oracle Cloud Infrastructure Logging integrates with Service Connector Hub. If you need more archiving support, you can use Service Connector Hub for archiving to object storage, writing to stream, and so on. For more information, see Scenario: Archive Logs to Object Storage.

Home Page


Logging Workshop

See the OCI Logging Workshop for step-by-step, lab-based instructions on setting up your environment, enabling service logs, creating custom application logs, searching logs, and exporting log content to Object Storage.



=====STEP -BY -STEP


STEP 1. Create Log-Group - Log Group 
  • HIPAA-Log-Group
  • Linux Syslogs Log-Group 
  • Windows Syslog-group 

To create a log group
  1. Open the navigation menu and click Observability & Management. Under Logging, click Log Groups.
  2. Choose a compartment you have permission to work in and click Create Log Group. The Create Log Group panel is displayed.
  3. Enter the following:
    • Compartment: The compartment in which you want to create the log group. This field is pre-filled based on your compartment choice.

    • Name: A name for this log group. The first character of a log group name must be a letter. For more, see Log and Log Group NamesAvoid entering confidential information.

    • Description: A friendly description.
    • Optionally, enter tagging information.
  4. Click Create. The log group detail page is then displayed. From this page you can:
    • Edit the group
    • Move resources
    • Add tags
    • Delete the log group
    • View log group information and tags
    • View log group resources (explore the log group, view the logs included in the log group, create custom or service logs, and view metrics)

      The Metrics resource in a log group detail page functions the same as in a log detail page. See To view the contents of logs for more information.



STEP 2. Create Log-Group - Log Group 


To create a dynamic group
  1. Open the navigation menu and click Identity & Security. Under Identity, click Dynamic Groups.
  2. Click Create Dynamic Group.
  3. Enter the following:
    • Name: A unique name for the group. The name must be unique across all groups in your tenancy (dynamic groups and user groups). You can't change this later. Avoid entering confidential information.
    • Description: A friendly description.
  4. Enter the Matching Rules. Resources that meet the rule criteria are members of the group.
    • Rule 1: Enter a rule following the guidelines in Writing Matching Rules to Define Dynamic Groups. You can manually enter the rule in the text box or launch the rule builder.

    • Enter additional rules as needed. To add a rule, click +Additional Rule.

  5. If you have permissions to create a resource, then you also have permissions to apply free-form tags to that resource. To apply a defined tag, you must have permissions to use the tag namespace. For more information about tagging, see Resource Tags. If you are not sure whether to apply tags, skip this option (you can apply tags later) or ask your administrator.

  6. Click Create Dynamic Group.

    The matching rule syntax is verified, but the OCIDs are not. Be sure that the OCIDs you enter are correct.



STEP 3. Create Custom Group 


Creating Custom Logs

To create custom logs:

  1. Open the navigation menu and click Observability & Management. Under Logging, click Logs.
  2. Under List ScopeCompartment, choose a compartment you have permission to work in.
  3. Click Create custom log. The Create custom log panel is displayed.
  4. In Custom log name, enter a name for the custom log. Avoid entering confidential information.
  5. From Compartment, choose a compartment you have permission to work in.
  6. From Log group, select a log group to place the custom log into.
  7. Optionally, select a log retention value from Log Retention, and add any applicable tags in Add Tags.
  8. Click Create custom log. The Create agent configuration panel is displayed. You can next create a new configuration, to define the parameters for the associated log data (the default), or add it later.
  9. Enter a Configuration name in the corresponding field, and select a Compartment you have permissions to work in.
  10. In Host Groups, which allows you to define which VMs apply to this configuration, select a Group type from the list, whether Dynamic group or User group.

    For the Dynamic group case, Dynamic Group refers to a group of instances, which you can create in the IAM feature of the Console. See About Dynamic Groups for more information. These Dynamic Groups can be selected from the Group field when setting up Dynamic Group settings.

    For the User group case, select the group from the Group field. User Groups also refer to the IAM Groups feature of the Console. See Managing Groups for more information.

    Click + Another host group to add more groups. You can add a combination of Group Types for the agent configuration, that is, both Dynamic groups and User groups can be set up in the configuration.

     Note

    A maximum of five groups per configuration are allowed, and a host can be in a maximum of five different groups.
  11. Next, in the configuration, you need to define the format of the logs (that is, what logs do you want to watch for) in Configure log inputs. Select an Input type form the list, whether Windows event log or Log path.
    • For Windows event log, enter an Input name and select an Event channels option from the list.
    • For Log path, enter an Input name and File paths in the corresponding fields. For example, /<log_path>/<log_name>. Multiple paths can be entered.
     Note

    Multiple log file paths can be specified, separated by a comma (,). See https://docs.fluentd.org/input/tail#path for more information. In the configuration, you can define multiple log files separated by a comma as below:
    <source>
@type tail
tag 757261.oc_oslogs_linux
path /var/log/.log,/var/log/.out,/var/log/dmesg,var/log/grubby,/var/log/messages*,var/log/secure,/var/log/auth,/var/log/acpid,/root/.bash_history
pos_file /etc/unifiedmonitoringagent/pos/757261-oc_oslogs_linux.pos
path_key tailed_path
</source>
    Example configuration:
    {{path C:\Program Files (x86)\<application>\<directory>*, C:\Program Files (x86)\<application>\<application_logs_directory>\<directory>* }}
    Click Advanced parser options, which opens the Advanced parser options panel. This allows you to specify how to parse the log, according to the following parsers. Some of the parsers require further input and have more options, depending on the type chosen.
    • AUDITD
    • JSON
    • TSV
    • CSV
    • NONE
       Important

      The NONE parser type is required, even if you do not want to specify a particular parser type.
    • SYSLOG
    • APACHE2
    • APACHE_ERROR
    • MSGPACK
    • REGEXP
    • MULTILINE
    For example for JSON, you must select a Time type value from the list, while optionally, you can specify event time and null field settings. Meanwhile for REGEXP, you specify the regular expression for matching logs, along with the time format. See Log Inputs and Parsers for more information.
  12. After configuring the log inputs and the parser, you can optionally specify any tag settings. Click Create custom log to save your changes, and create the custom log and its associated agent configuration.

Ingesting Logs into OCI 

Fluentd - Logging Analytics using fluentd - blog

We have documentation for fluentd for Logging Analytics but not for OCI logging. So here we may have to go with Oracle Unified Agent I guess.


---Bogdan-----------------------------------------------------------------------------------------------
we use td-agent version 4 from https://packages.treasuredata.com/ and some OCI plugins to send data to OCI




---Bogdan


Notification using function / E-Mail




Comments

Post a Comment

Popular posts from this blog

Create OCI Infrastructure : Using Ansible

 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++  Credits to creator of this blog Link below https://www.martinberger.com/2019/03/how-to-build-oci-infrastructure-environments-with-ansible/ ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Create a User and SSH Keys # groupadd oci # useradd oci -g oci # passwd oci Add this line in /etc/sudoers. oci ALL=(ALL) ALL   Install the Oracle Cloud Infrastructure Python SDK $ sudo yum-config-manager --enable ol7_developer ol7_developer_epel $ sudo yum -y install python-oci-sdk python-oci-cli   -- did this Install the Ansible OCI Modules in one of two ways: https://docs.ansible.com/ansible/latest/scenario_guides/guide_oracle.html $ git clone https://github.com/oracle/oci-ansible-modules.git /etc/ansible/modules/oci-ansible-modules
Read more

Oracle -OCI : Foundations

Image
 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ OCI  https://education.oracle.com/oracle-cloud-infrastructure-2021-architect-associate/pexam_1Z0-1072-21 https://mylearn.oracle.com/course/oracle-cloud-infrastructure-foundations/35644/96915 https://mylearn.oracle.com/story/35644/ Oracle MyLearn +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ OCI Introduction : To make things simple lets break it down into 7 different categories . We have building blocks on top of this global footprint. The 7 categories that we mentioned . At the very bottom we have the core primitives . Compute -- Storage and Networking Compute service cover Bare Metal Servers , Containers , Managed Kubernetes Service and a Managed VMWare service.  These services are primarily for Performing Calculations , Executing Logic  and running applications  Cloud Storage includes disks attached to Virtual Machines. File Storage , Network Storage...
Read more

OCI -- Compute Instance Creation : VCN :Subnet

 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++  Creating a Compute Instance over an existing VCN and Subnet Created a VCN and Subnet over OCI and wrote terraform code to launch the compute instance over the same VCN and subnet +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++   ComputeInstance.tf   # resource "oci_core_vcn" "test_vcn" { #     #Required #     compartment_id = var.compartment_id # #    #Optional # #    byoipv6cidr_details { # #        #Required # #        byoipv6range_id = oci_core_byoipv6range.test_byoipv6range.id # #        ipv6cidr_block = var.vcn_byoipv6cidr_details_ipv6cidr_block # #    }     # cidr_block = var.vcn_cidr_block     #cidr_blocks = var.vcn_cidr_blocks     #defined_tags = {"Operations.CostCenter"= "Testing"}     #display_name = var.v...
Read more