Redfish/REST Logging: Missing rest_api_logs support

ibm-openbmc / dev

Product Development Project Mgmt and Tracking

16 stars 2 forks source link

Redfish/REST Logging: Missing rest_api_logs support #1388

Closed rfrandse closed 1 year ago

rfrandse commented 5 years ago

This issue is to track getting Legacy function operational on FW1010 images Test team results indicated this function was not working.

joseph-reynolds commented 4 years ago

From a security and compliance perspective, an example requirement is: Audit logs are needed to support threat detection and investigation efforts going back 90 days. Examples of what needs to be logged: all admin activity, all authentication attempts (successful or not), rebooting (BMC or host),

For standards, see the OSPP section titled "Audit data generation", where OS==OpenBMC. It's pretty high level, so we'll have to work out what is security relevant.

mzipse commented 4 years ago

Per feedback from Santosh, Redfish API is defined for enabling or disabling the remote logging....using RSYSLOG to stream the info. Still need design discussion on whether to use RSYSLOG or Redfish method

rfrandse commented 1 year ago

tracking in jira