Skip to content
GitLab
Projects Groups Snippets
  • /
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
  • Sign in / Register
  • H Home
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
    • Locked Files
  • Issues 28
    • Issues 28
    • List
    • Boards
    • Service Desk
    • Milestones
    • Iterations
    • Requirements
  • Deployments
    • Deployments
    • Releases
  • Monitor
    • Monitor
    • Incidents
  • Analytics
    • Analytics
    • Value stream
    • Insights
    • Issue
    • Repository
  • Wiki
    • Wiki
  • Activity
  • Graph
  • Create a new issue
  • Commits
  • Issue Boards
Collapse sidebar
  • Open Subsurface Data Universe SoftwareOpen Subsurface Data Universe Software
  • Platform
  • Security and Compliance
  • Home
  • Issues
  • #5
Closed
Open
Issue created Apr 20, 2020 by Paco Hope (AWS)@pacohopeDeveloper

OSDU and platform logging requirements

All OSDU logs need to go to a specific, well-known location. That means:

Logs must exist

  • OSDU service logs (e.g., load service, search service, etc.)
  • application platform logs (e.g., kubernetes, tomcat, nginx, apache, whatever)
  • operating system level logs for VMs
  • cloud service provider logs

Logs must be protected

Logs go one of two ways:

  1. They leave OSDU and go to an operator-provided location. In that case, security and management of logs is the operator's responsibility.
  2. They remain in an OSDU-specific location (e.g., a log server, an S3 bucket, a cloud-native log aggregation service). In that case additional security requirements apply.
  • Logs must be encrypted at rest
  • Logs must be protected from unauthorised modification
  • Logs must be protected from unauthorised access
  • ConocoPhillips identified RBAC for log access

Log Locations

  • Chevron: Azure Log Analytics
  • Total: Azure Monitor
  • Petronas: LogRhythm
  • ConocoPhillips: Splunk
  • Equinor: Azure EventHub

Log Retention

  • BP highlighted data retention as a security concern. Logs are the one place where the platform itself produces data. Do we activate some automatic cloud-native log deletion?
  • Repsol Log integrity measures are mandatory as well as a retention period of 13 months of the logs.

Definition of Done

  1. Log formats need to be documented and defined for each service and component at each of these levels (OSDU, app, OS, cloud).
  2. Log locations are documented for each cloud provider choice.
  3. The operator can indicate their preference for logs to either remain in an OSDU-specific location or be exported to another system.
Edited May 11, 2020 by Paco Hope (AWS)
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information
Assignee
Assign to
Time tracking