Feat: when having Custom logs, error occurs in the Log Groups and Logs module #156
Comments
|
This is intended functionality, as the CIS checks are focused on VCN Flow Logs and object storage logs. We will add this as a feature request. Thanks! |
Halimer
changed the title
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The code in the Log Groups and Logs module (__logging_read_log_groups_and_logs) checks and perfoms actions on the logs depending on the log.configuration.source.service. For some logs (in our case "CUSTOM" logs), there is no log.configuration.source.
The result is that an error is thrown and an error file is generated with the following content:
id,error,extract_date
ocid1.log.oc1.eu-amsterdam-1.,'NoneType' object has no attribute 'source',2025-01-06T09:18:36
The fix seems rather easy. Indent the block that starts here:
oci-cis-landingzone-quickstart/scripts/cis_reports.py
Line 3034 in 710f23b
and ends here:
oci-cis-landingzone-quickstart/scripts/cis_reports.py
Line 3056 in 710f23b
Because these if statements are only valid if there is a log.configuration.
The remainder of of the text is an enhancement request.
Based on the code, this module only checks for logs of certain OCI services:
Although CIS requirement is only for VCN flog logs (4.13) and Object storage write (4.17), it's nice to be able to report on other logging as well.
The logging that is currently implemented checks on the services mentioned above and they are reported in the "raw" data (to raw_data_log_groups_and_logs.csv), however this is not covering all services that produce logs.
Few services that might make sense include (but still not complete):
this is not the complete list of services that can generate logs, but at least these are used in our current implementation
It's rather easy to extend the current functionality using the following code:
Step 1:
Add the following lines to create empty lists the additional logs after this line:
oci-cis-landingzone-quickstart/scripts/cis_reports.py
Line 793 in 710f23b
self.__service_connector_logs = []
self.__web_application_accelerator_logs= []
self.__web_application_firewall_logs = []
self.__cloud_events_logs = []
self.__network_firewall_logs = []
self.__integration_logs = []
self.__file_storage_logs = []
self.__functions_logs = []
Step 2:
Add this code after line :
oci-cis-landingzone-quickstart/scripts/cis_reports.py
Line 3056 in 710f23b
elif log.configuration.source.service == 'och':
self.__service_connector_logs.append(log.configuration.source.resource)
elif log.configuration.source.service == 'waa':
self.__web_application_accelerator_logs.append(log.configuration.source.resource)
elif log.configuration.source.service == 'waf':
self.__web_application_firewall_logs.append(log.configuration.source.resource)
elif log.configuration.source.service == 'cloudevents':
self.__cloud_events_logs.append(log.configuration.source.resource)
elif log.configuration.source.service == 'ocinetworkfirewall':
self.__network_firewall_logs.append(log.configuration.source.resource)
elif log.configuration.source.service == 'integration':
self.__integration_logs.append(log.configuration.source.resource)
elif log.configuration.source.service == 'filestorage':
self.__file_storage_logs.append(log.configuration.source.resource)
elif log.configuration.source.service == 'functions':
self.__functions_logs.append(log.configuration.source.resource)
else:
debug(f"Service not yet covered: {log.configuration.source.service}")
The text was updated successfully, but these errors were encountered: