[Oracle Cloud] 監査ログに出力される情報

2020年7月26日 itedge Oracle Cloud 0

本記事の目的

監査ログ(Audit Log)に出力される情報について調べたメモ。

 

 

監査ログの内容

OCIの監査ログは、大きくEnvelopesとPayloads の二種類が記録される。

 

Evvelopes

Envelopesは全イベント共通でCloud Native Computing Foundation (CNCF)で定義されているフォーマットに準拠。

contentType、data、eventIDなど

 

Payloads

Payloadsはサービスやイベント毎に独自のフォーマットで記録される。

記録されるログはさらに複数のグループ(Data、Identity、Request、Response、State Change)に分けて記録される。

例えば、イベントの出力元はIdentifyに記録された情報から確認可能。

 

 

出力例

{
	"eventType": "com.oraclecloud.ComputeApi.GetInstance",
	"cloudEventsVersion": "0.1",
	"eventTypeVersion": "2.0",
	"source": "ComputeApi",
	"eventId": "",
	"eventTime": "2019-09-18T00:10:59.252Z",
	"contentType": "application/json",
	"data": {
		"eventGroupingId": null,
		"eventName": "GetInstance",
		"compartmentId": "ocid1.tenancy.oc1..",
		"compartmentName": "compartmentA",
		"resourceName": "my_instance",
		"resourceId": "ocid1.instance.oc1.phx.",
		"availabilityDomain": "",
		"freeformTags": null,
		"definedTags": null,
		"identity": {
			"principalName": "ExampleName",
			"principalId": "ocid1.user.oc1..",
			"authType": "natv",
			"callerName": null,
			"callerId": null,
			"tenantId": "ocid1.tenancy.oc1..",
			"ipAddress": "172.24.80.88",
			"credentials": null,
			"userAgent": "Jersey/2.23 (HttpUrlConnection 1.8.0_212)",
			"consoleSessionId": null
		},
		"request": {
			"id": "",
			"path": "/20160918/instances/ocid1.instance.oc1.phx.",
			"action": "GET",
			"parameters": {},
			"headers": {
				"opc-principal": [
					"{\"tenantId\":\"ocid1.tenancy.oc1..\",\"subjectId\":\"ocid1.user.oc1..\",\"claims\":[{\"key\":\"pstype\",\"value\":\"natv\",\"issuer\":\"authService.oracle.com\"},{\"key\":\"h_host\",\"value\":\"iaas.r2.oracleiaas.com\",\"issuer\":\"h\"},{\"key\":\"h_opc-request-id\",\"value\":\"\",\"issuer\":\"h\"},{\"key\":\"ptype\",\"value\":\"user\",\"issuer\":\"authService.oracle.com\"},{\"key\":\"h_date\",\"value\":\"Wed, 18 Sep 2019 00:10:58 UTC\",\"issuer\":\"h\"},{\"key\":\"h_accept\",\"value\":\"application/json\",\"issuer\":\"h\"},{\"key\":\"authorization\",\"value\":\"Signature headers=\\\"date (request-target) host accept opc-request-id\\\",keyId=\\\"ocid1.tenancy.oc1../ocid1.user.oc1../8c:b4:5f:18:e7:ec:db:08:b8:fa:d2:2a:7d:11:76:ac\\\",algorithm=\\\"rsa-pss-sha256\\\",signature=\\\"\\\",version=\\\"1\\\"\",\"issuer\":\"h\"},{\"key\":\"h_(request-target)\",\"value\":\"get /20160918/instances/ocid1.instance.oc1.phx.\",\"issuer\":\"h\"}]}"
				],
				"Accept": [
					"application/json"
				],
				"X-Oracle-Auth-Client-CN": [
					"splat-proxy-se-02302.node.ad2.r2"
				],
				"X-Forwarded-Host": [
					"compute-api.svc.ad1.r2"
				],
				"Connection": [
					"close"
				],
				"User-Agent": [
					"Jersey/2.23 (HttpUrlConnection 1.8.0_212)"
				],
				"X-Forwarded-For": [
					"172.24.80.88"
				],
				"X-Real-IP": [
					"172.24.80.88"
				],
				"oci-original-url": [
					"https://iaas.r2.oracleiaas.com/20160918/instances/ocid1.instance.oc1.phx."
				],
				"opc-request-id": [
					""
				],
				"Date": [
					"Wed, 18 Sep 2019 00:10:58 UTC"
				]
			}
		},
		"response": {
			"status": "200",
			"responseTime": "2019-09-18T00:10:59.278Z",
			"headers": {
				"ETag": [
					""
				],
				"Connection": [
					"close"
				],
				"Content-Length": [
					"1828"
				],
				"opc-request-id": [
					""
				],
				"Date": [
					"Wed, 18 Sep 2019 00:10:59 GMT"
				],
				"Content-Type": [
					"application/json"
				]
			},
			"payload": {
				"resourceName": "my_instance",
				"id": "ocid1.instance.oc1.phx."
			},
			"message": null
		},
		"stateChange": {
			"previous": null,
			"current": null
		},
		"additionalDetails": {
			"imageId": "ocid1.image.oc1.phx.",
			"shape": "VM.Standard1.1",
			"type": "CustomerVmi"
		}
	}
}

 

 

参考情報

Contents of an Audit Log Event

あなたにお奨めの関連記事はこちら↓

スポンサードリンク

Be the first to comment

Leave a Reply

Your email address will not be published.


*