Overview
Event Exposure makes it possible to stream logs, as well as health and lifecycle updates from instances of ESC Cloud Services and the Cloud Management Platform. The service is built on Apache Kafka, and is reachable from within ESC.
Logs can make audit processes and security scanning easier, health and lifecycle events can enable different kinds of automations.
Contributing Services
Cloud Services
Below is the list of cloud services currently exposing their events:
| Cloud Service Name | Health | Lifecycle | Logs |
|---|---|---|---|
File Service Premium | - | - | Logs for provision, deprovision and update events on all deployments (Catalog requests & day-2 operations). |
Managed Kubernetes | YES | - | Management (cluster virtual machines and PKS) and authentication logs. For PKS, logs from the virtual machines are from /var/vcap/sys/logs. |
Managed MS SQL DBMS | - | - | Audit logs coming from MSSQL server for actions and login to the SQL. Logs covered are: AUDIT_CHANGE_GROUP, BROKER_LOGIN_GROUP, DATABASE_LOGOUT_GROUP, DATABASE_OWNERSHIP_CHANGE_GROUP, DATABASE_PERMISSION_CHANGE_GROUP, DATABASE_PRINCIPAL_CHANGE_GROUP, DATABASE_PRINCIPAL_IMPERSONATION_GROUP, DATABASE_ROLE_MEMBER_CHANGE_GROUP, FAILED_DATABASE_AUTHENTICATION_GROUP, FAILED_LOGIN_GROUP, LOGOUT_GROUP, SERVER_PERMISSION_CHANGE_GROUP, SERVER_PRINCIPAL_CHANGE_GROUP, SERVER_PRINCIPAL_IMPERSONATION_GROUP, SERVER_ROLE_MEMBER_CHANGE_GROUP, SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP, SUCCESSFUL_LOGIN_GROUP, USER_DEFINED_AUDIT_GROUP. |
Managed Oracle DB Service Highend | - | - | Audit logs from Oracle DB. |
Managed Oracle DB Service Regular | - | - | Audit logs from Oracle DB. |
Managed Oracle DB Service on ExaCC | - | - | - |
Managed OS RHEL | - | - | Audit logs coming from operating system for action executed at operating system level. Security logs coming from operating system for any attempt to login to the system. For example, virtual machines would publish the logs from /var/log/{secure,audit}. |
Managed OS Windows | - | - | Audit logs coming from operating system for action executed at operating system level. Security logs coming from operating system for any attempt to login to the system. For example, virtual machines would publish logs from nc_winlogbeat::event_logs. |
Network F5 | - | - | Audit logs coming from operating system for action executed at operating system level. Security logs coming from operating system for any attempt to login to the system. Logs come from files /var/log/ltm and /var/log/secure in the F5 virtual machines implementing the service. |
Network Services | YES | - | Instance proxy log messages which contain raw syslog message strings including request/response header data such as HTTP host, agent, method, path, status code and size information. |
Network Uplink | YES | - | - |
Object Storage S3 | - | - | Logs for provision, deprovision and update events on S3 Instances and S3 Users. |
Virtual Machine | YES | YES | - |
Swiss AI Platform | YES | - | Audit logs for provision, deprovision and update events. |
Event Exposure | YES | - | Audit logs for credential management actions. |
Kubernetes Service | YES | - | - |
Cloud Management
Some Cloud Management Platform components expose their events too:
| Cloud Management Service Name | Health | Lifecycle | Logs |
|---|---|---|---|
Firewall | - | - | Firewall logs that have matching firewall rules. For instance, firewall logs from matching provider/global default rules are not sent to customers. |
Infrastructure as a Service | - | - | Audit logs for infrastructure changes |
Swisscom Cloud Orchestrator | - | - | Audit logs for space-related operations. |
Service Instance Classes
Some services may be built up with multiple types of resources, which are organized into separate instance classes. This detail is available from event schema 1.1.
| Cloud Service Name | Instance Class Names |
|---|---|
File Service Premium | File System Service, Container, Share, Initiator, Initiator Group, File System Service for Kubernetes, Storage Virtual Machine for Kubernetes |
Managed Kubernetes | Kubernetes Cluster, Kubernetes Environment |
Managed Oracle DB Service Highend | MODS Highend CDB, MODS Highend PDB |
Managed Oracle DB Service Regular | MODS Regular CDB, MODS Regular PDB |
Managed Oracle DB Service on ExaCC | MODS ExaCC CDB, MODS ExaCC VM |
Managed OS RHEL | Managed RHEL |
Managed OS Windows | Managed Windows |
Network F5 | F5 Load Balancer |
Network Services | Managed Forward Proxy, Managed Reverse Proxy |
Network Uplink | Uplink Topology |
Object Storage S3 | Object Storage S3, NAT Network |
Virtual Machine | Virtual Machine, Snapshot, Network, Uplink Topology |
Swiss AI Platform | SAIP Instance, SAIP GPU Container |
Event Exposure | Log Exposure Endpoint, Health Exposure Endpoint, Lifecycle Exposure Endpoint |
Infrastructure as a Service | Cloud Management Platform |
Swisscom Cloud Orchestrator | Cloud Management Platform, Space |
Kubernetes Service | Kubernetes Environment, Kubernetes Project, Kubernetes Datacenter, Kubernetes Cluster, Kubernetes Worker Node, Kubernetes Volume, Kubernetes Volume Snapshot, Kubernetes Load Balancer |
Monitoring
The service produces health events with a frequency of 1 hour.