cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nikolaos Dalezios <dale...@gmail.com>
Subject Re: DMTF CADF event model implementation
Date Mon, 04 Feb 2019 12:13:35 GMT
My experience with Java is not enough (is it ever?) to get immediatelly
full involved with CloudStack, but I'm studying......... (and struggling)
the code to understand *where to put what*? I have experience with Django
and Python.
 I would like to implement DMTF CADF Event model (just the required
components at this point).

*Model Component*

*CADF Definition*

OBSERVER

The RESOURCE that generates the CADF Event Record based on its observation
(directly or indirectly) of the Actual Event.

INITIATOR

The RESOURCE that initiated, originated,or instigated the event's ACTION,
according to the OBSERVER

ACTION

The operation or activity the INITIATOR has performed, attempted to perform
or has pending against the event's TARGET, according to the OBSERVER

TARGET

The RESOURCEagainst which the ACTION of a CADF Event Recordwas performed,
was attempted, or is pending, according to the OBSERVER.

OUTCOME

The result or status of the ACTIONagainst the TARGET, according to the
OBSERVER.

I am planning to do the following :

   1. In the "Global Settings" section put an option
   "event.notification.format" with values "native" or "cadf"
   2. In the event db table add a "payload" field or use the description
   field?
   3. In the server project locate where event logging is actually taking
   place and intercept code (based on event.notification.format value)

How exactly do I make changes to the database schema (add
event.notification.format). I think that I should add it to a
"engine/schema/src/main/resources/META-INF/db/schema-???-???.sql" file?

PS.
I understand that you people have a lot in mind, but if anyone has the time
to write a few guidlines and comment on my thoughts I would be grateful.
Wiki goes only half the way.....

Thank you

Dalezios Nikolaos


Στις Τρί, 29 Ιαν 2019 στις 1:49 μ.μ., ο/η Rafael Weingärtner <
rafaelweingartner@gmail.com> έγραψε:

> Come on @Daan Hoogland <daan.hoogland@gmail.com>, that PR has nothing to
> do
> with what he wants to do. If the matter was to simply acquire log entries,
> he could hook a custom Log Appender in Log4J to process and store the log
> entries in some way that is usable for him. From what I understood the
> scope is bigger (specially when we consider the expression "real-time
> monitoring").
>
> I see a few challenges:
>
>    - Extracting/consolidating log entries from System VMs(VRs, console
>    proxy, and storage system VM).
>    - Real time performance meeting (In some places, the method ACS uses
>    right now cannot be considered real time)
>    - Extend the event bus that we have to be CADF compliant (for all
>    resources managed by CloudStack)
>
>
> On Tue, Jan 29, 2019 at 6:42 AM Daan Hoogland <daan.hoogland@gmail.com>
> wrote:
>
> > I forgot to mention the cloudstack event model. You'll have to look at
> that
> > as well
> >
> > On Tue, Jan 29, 2019 at 9:41 AM Daan Hoogland <daan.hoogland@gmail.com>
> > wrote:
> >
> > > H Nikolaos,
> > > have a look at https://github.com/apache/cloudstack/pull/2992. it was
> > > -1'd but i think it would fit your ideas. have a look see if you can
> add
> > > your thoughts to that and I'll be happy to look at PRs to the base
> branch
> > > of that one.
> > > regards
> > >
> > > On Tue, Jan 29, 2019 at 8:41 AM Nikolaos Dalezios <dalezni@gmail.com>
> > > wrote:
> > >
> > >> Hello dev team,
> > >> My name is Nikos Dalezios and I am currently working on my MSc thesis
> > >> "Cloud log forensics - Log unification - the CADF case". I have just
> > >> forked
> > >> the code and I am studying at the moment various aspects of CloudStack
> > and
> > >> would like to implement CADF logging.
> > >>
> > >> Any suggestions or help is always acceptable.
> > >>
> > >> Thank you
> > >>
> > >
> > >
> > > --
> > > Daan
> > >
> >
> >
> > --
> > Daan
> >
>
>
> --
> Rafael Weingärtner
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message