# Oracle OCI Infrastructure Audit/Logs

Oracle OCI infrastructure event logs can be captured and ingested into the Ascent platform.  Here are the steps outlined 

* Configure the capture logs by creating a log group and including the desired logs at OCI
* Create the OCI capture function using the example Python code and the OCI function interface.
* Create OCI connector service connecting the log group to function. 
* Activate the process by invoking the function.

## Creating the Log group and Configure Log inclusion

* In the OCI portal, go to ***Logging -> Log Groups***.
* Create a log group.   
* Configure the logs into the log group from Resources.
* Activate the logs by enabling the log with the enable-log button.

## Create OCI Function

* Create the custom OCI function starting from the OCI portal function UI.
* Follow the ***Getting Started*** menu on the right-hand side
  * Select Python and create OCI boilerplate code
  * Replace the files in the function directory with the files (func.py, func.yaml, requiements.txt) from the GitHub directory:  \
    <https://github.com/logiqai/Oracle-OCI-Infrastructure-Log-Capture/tree/main>
  * Update the fields inside the file func.yaml
    * End-point address with an example such as below,\
      &#x20;<https://loadtest.apica.io:443/v1/json_batch>
    * Ingestion token: \
      <https://docs.apica.io/integrations/overview/generating-a-secure-ingest-token#obtaining-an-ingest-token-using-ui>
    * ***Namespace*** and ***Appname*** are needed for labeling the logs.  This will be used for retrieving the log in the Ascent platform.

## Create OCI Connector Service

* Go to ***Logging -> Service Connector*** inside the OCI portal.
* Go to the Service Connector page, and configure the ***Compartment*** name, ***Log Group***, and ***Logs*** from previously created earlier.
* For sending Audit Logs, click ***+Another Log*** while using the same Compartment, and replace the Log Group with text ***\_Audit***.
* Select ***Compartment***, ***Function application***, and ***Function*** for the configure target.
* It is necessary to create the policy at the bottom of the Connector service page; everything can be set to default.
* At the end, create Create at the bottom of the page to finish creating the connector service.

## References

* OCI Infrastructure Service Connector Hub - <https://blogs.oracle.com/cloud-infrastructure/post/oracle-cloud-infrastructure-service-connector-hub-now-generally-available>
* Available OCI infrastructure logs - <https://docs.oracle.com/en-us/iaas/Content/Logging/Reference/service_log_reference.htm#service_log_reference>
* OCI logging in general - <https://docs.oracle.com/en-us/iaas/Content/Logging/home.htm>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.apica.io/integrations/list-of-integrations/oracle-oci-infrastructure-audit-logs.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.