Log Exposure
Log events will be published by cloud services upon activity.
Log Types
The following log types are forwarded:
SECURITY: authentication for both successful or failed logins, and authentication processesAUDIT: actions performed in the service (e.g. create VM, stop service, day-2 operations)SERVICE: events related to a specific service instance (e.g. firewall logs)
Event Schema
The log events forwarded to the topic follow a schema that is described below:
| Field | Type | Description |
|---|---|---|
| version | string | The version of the event schema. Fixed: 1.0 |
| timestamp | string | The UTC time of the event in ISO8601 format. Check the specific cloud service documentation about the precise semantics of this time. |
| id | string | The UUID of this event generated by the cloud service |
| tenant_name | string | The name of the tenant owning this event |
| cloud_service_name | string | The name of the cloud service that produced this event |
| log_type | string | One of: SECURITY, AUDIT, SERVICE |
| log_entry | string | The complete log entry |
Example:
{
"version": "1.0",
"timestamp": "2023-02-14T12:40:00.000Z",
"id": "958e11dd-a12s-425e-8738-7ba3a83958c6",
"tenant_name": "orion-123",
"cloud_service_name": "Managed OS RHEL",
"log_type": "SERVICE",
"log_entry": "a simple text log message"
}
Log Event Stream
┌──────────────┐ ┌────────────────┐
│ Service │ logs-orion-123 │ Customer │
│ ├──────► [ ---------------- ] ◄──────│ │
│ log events │ (Kafka topic) │ Kafka client │
└──────────────┘ └────────────────┘
Log events are exposed using the schema above and published to the tenant's Kafka topic. The topic name is the name of the tenant prefixed with logs-. Example: logs-orion-123.