Use Log Exposure
Log Event Types
Three types of logs are currently forwarded to the customer log stream (topic):
SECURITY: authentication for both successful or failed logins, and authentication processes.AUDIT: actions performed in the service (e.g. create VM, stop service, day-2 operations).SERVICE: events related to a specific service. For instance, firewall logs.
Event Schema
The log events forwarded to the topic follow a schema that is described below:
| Field | Type | Description |
|---|---|---|
| version | string | The version of the event schema. Fixed: 1.0 |
| timestamp | string | The UTC time of the event in ISO8601 format. Check the specific cloud service documentation about the precise semantics of this time. |
| id | string | The UUID of this event generated by the cloud service |
| tenant_name | string | The name of the tenant owning this event |
| cloud_service_name | string | The name of the cloud service that produced this event (more details here) |
| log_type | string | One of: SECURITY, AUDIT, SERVICE |
| log_entry | string or object | The complete log entry |
Example:
{
"version": "1.0",
"timestamp": "2023-02-14T12:40:00.000Z",
"id": "958e11dd-a12s-425e-8738-7ba3a83958c6",
"tenant_name": "orion-123",
"cloud_service_name": "Managed OS RHEL",
"log_type": "SERVICE",
"log_entry": "a simple text log message"
}
Log Stream
┌──────────────┐ ┌────────────────┐
│ Service │ logs-orion-123 │ Customer │
│ ├──────► [ ---------------- ] ◄──────│ │
│ log events │ (Kafka topic) │ Kafka client │
└──────────────┘ └────────────────┘
Service logs are exposed using the schema above and published to the tenant's Kafka topic. The topic name is the name of your tenant prefixed with logs-.
The customer needs to consume the log events, by configuring a Kafka consumer client configuring a Kafka consumer client on an ESC VM. A list of Kafka clients is provided in below.
Service Monitoring
The service produces health events as specified by the Health Exposure Service with a frequency of 1 hour.
Retention
The Kafka topic will retain events for at least 24 hours.