Oracle OCI Infrastructure Audit/Logs

Oracle OCI infrastructure event logs can be captured and ingested into the Ascent platform. Here are the steps outlined

• Configure the capture logs by creating a log group and including the desired logs at OCI

• Create the OCI capture function using the example Python code and the OCI function interface.

• Create OCI connector service connecting the log group to function.

• Activate the process by invoking the function.

Creating the Log group and Configure Log inclusion

• In the OCI portal, go to Logging -> Log Groups.

• Create a log group.

• Configure the logs into the log group from Resources.

• Activate the logs by enabling the log with the enable-log button.

Create OCI Function

• Create the custom OCI function starting from the OCI portal function UI.

• Follow the Getting Started menu on the right-hand side

  • Select Python and create OCI boilerplate code

  • Replace the files in the function directory with the files (func.py, func.yaml, requiements.txt) from the GitHub directory:

  • Update the fields inside the file func.yaml

    • End-point address with an example such as below,

    • Ingestion token:

    • Namespace and Appname are needed for labeling the logs. This will be used for retrieving the log in the Ascent platform.

Create OCI Connector Service

• Go to Logging -> Service Connector inside the OCI portal.

• Go to the Service Connector page, and configure the Compartment name, Log Group, and Logs from previously created earlier.

• For sending Audit Logs, click +Another Log while using the same Compartment, and replace the Log Group with text _Audit.

• Select Compartment, Function application, and Function for the configure target.

• It is necessary to create the policy at the bottom of the Connector service page; everything can be set to default.

• At the end, create Create at the bottom of the page to finish creating the connector service.

References