
本記事の目的
監査ログ(Audit Log)に出力される情報について調べたメモ。
監査ログの内容
OCIの監査ログは、大きくEnvelopesとPayloads の二種類が記録される。
Evvelopes
Envelopesは全イベント共通でCloud Native Computing Foundation (CNCF)で定義されているフォーマットに準拠。
contentType、data、eventIDなど
Payloads
Payloadsはサービスやイベント毎に独自のフォーマットで記録される。
記録されるログはさらに複数のグループ(Data、Identity、Request、Response、State Change)に分けて記録される。
例えば、イベントの出力元はIdentifyに記録された情報から確認可能。
出力例
{ "eventType": "com.oraclecloud.ComputeApi.GetInstance", "cloudEventsVersion": "0.1", "eventTypeVersion": "2.0", "source": "ComputeApi", "eventId": "", "eventTime": "2019-09-18T00:10:59.252Z", "contentType": "application/json", "data": { "eventGroupingId": null, "eventName": "GetInstance", "compartmentId": "ocid1.tenancy.oc1..", "compartmentName": "compartmentA", "resourceName": "my_instance", "resourceId": "ocid1.instance.oc1.phx.", "availabilityDomain": "", "freeformTags": null, "definedTags": null, "identity": { "principalName": "ExampleName", "principalId": "ocid1.user.oc1..", "authType": "natv", "callerName": null, "callerId": null, "tenantId": "ocid1.tenancy.oc1..", "ipAddress": "172.24.80.88", "credentials": null, "userAgent": "Jersey/2.23 (HttpUrlConnection 1.8.0_212)", "consoleSessionId": null }, "request": { "id": "", "path": "/20160918/instances/ocid1.instance.oc1.phx.", "action": "GET", "parameters": {}, "headers": { "opc-principal": [ "{\"tenantId\":\"ocid1.tenancy.oc1..\",\"subjectId\":\"ocid1.user.oc1..\",\"claims\":[{\"key\":\"pstype\",\"value\":\"natv\",\"issuer\":\"authService.oracle.com\"},{\"key\":\"h_host\",\"value\":\"iaas.r2.oracleiaas.com\",\"issuer\":\"h\"},{\"key\":\"h_opc-request-id\",\"value\":\"\",\"issuer\":\"h\"},{\"key\":\"ptype\",\"value\":\"user\",\"issuer\":\"authService.oracle.com\"},{\"key\":\"h_date\",\"value\":\"Wed, 18 Sep 2019 00:10:58 UTC\",\"issuer\":\"h\"},{\"key\":\"h_accept\",\"value\":\"application/json\",\"issuer\":\"h\"},{\"key\":\"authorization\",\"value\":\"Signature headers=\\\"date (request-target) host accept opc-request-id\\\",keyId=\\\"ocid1.tenancy.oc1../ocid1.user.oc1../8c:b4:5f:18:e7:ec:db:08:b8:fa:d2:2a:7d:11:76:ac\\\",algorithm=\\\"rsa-pss-sha256\\\",signature=\\\"\\\",version=\\\"1\\\"\",\"issuer\":\"h\"},{\"key\":\"h_(request-target)\",\"value\":\"get /20160918/instances/ocid1.instance.oc1.phx.\",\"issuer\":\"h\"}]}" ], "Accept": [ "application/json" ], "X-Oracle-Auth-Client-CN": [ "splat-proxy-se-02302.node.ad2.r2" ], "X-Forwarded-Host": [ "compute-api.svc.ad1.r2" ], "Connection": [ "close" ], "User-Agent": [ "Jersey/2.23 (HttpUrlConnection 1.8.0_212)" ], "X-Forwarded-For": [ "172.24.80.88" ], "X-Real-IP": [ "172.24.80.88" ], "oci-original-url": [ "https://iaas.r2.oracleiaas.com/20160918/instances/ocid1.instance.oc1.phx." ], "opc-request-id": [ "" ], "Date": [ "Wed, 18 Sep 2019 00:10:58 UTC" ] } }, "response": { "status": "200", "responseTime": "2019-09-18T00:10:59.278Z", "headers": { "ETag": [ "" ], "Connection": [ "close" ], "Content-Length": [ "1828" ], "opc-request-id": [ "" ], "Date": [ "Wed, 18 Sep 2019 00:10:59 GMT" ], "Content-Type": [ "application/json" ] }, "payload": { "resourceName": "my_instance", "id": "ocid1.instance.oc1.phx." }, "message": null }, "stateChange": { "previous": null, "current": null }, "additionalDetails": { "imageId": "ocid1.image.oc1.phx.", "shape": "VM.Standard1.1", "type": "CustomerVmi" } } }
参考情報
・Contents of an Audit Log Event
Leave a Reply