hubertdcruze
commented
7 months ago Comments from TC meeting on Feb 8 List specific actions to log Actions: · Dean to provide list of admin actions for logging specific to SDN
Open hubertdcruze opened 7 months ago
hubertdcruze
commented
7 months ago Comments from TC meeting on Feb 8 List specific actions to log Actions: · Dean to provide list of admin actions for logging specific to SDN
arubadean
commented
7 months ago This probably isn't an exhaustive list, but should get us going:
CRUD updates on all the following:
also:
Then of course any relevant logging requirements from existing CC protection profiles and collaborative profiles. I'd expect that if we don't do SDN controller as its own PP that it'd be a module against NDcPP and/or Software App ("appliances" (including virutal) and applications being the ways an SDN controller would be deployed). So everything like adding/removing users, managing cryptographic keys, etc which have existing logging requirements need to come in.
I'd also like to see the mechanism of the action be logged, for instance if the controller supports an API, WebUI, and local CLI, then I think it's important to note whether an action such as adding a physical port to a logical group was done via API or a user-interactive administrative interface such as webui or cli.
The SDN Controller must have the ability to continuously monitor and log activities, as well as audit administrative actions. This includes tracking any changes made to the configuration and recording instances of the SDN Controller being rebooted.