My experience with Java is not enough (is it ever?) to get immediatelly full involved with CloudStack, but I'm studying......... (and struggling) the code to understand *where to put what*? I have experience with Django and Python. I would like to implement DMTF CADF Event model (just the required components at this point).
*Model Component* *CADF Definition* OBSERVER The RESOURCE that generates the CADF Event Record based on its observation (directly or indirectly) of the Actual Event. INITIATOR The RESOURCE that initiated, originated,or instigated the event's ACTION, according to the OBSERVER ACTION The operation or activity the INITIATOR has performed, attempted to perform or has pending against the event's TARGET, according to the OBSERVER TARGET The RESOURCEagainst which the ACTION of a CADF Event Recordwas performed, was attempted, or is pending, according to the OBSERVER. OUTCOME The result or status of the ACTIONagainst the TARGET, according to the OBSERVER. I am planning to do the following : 1. In the "Global Settings" section put an option "event.notification.format" with values "native" or "cadf" 2. In the event db table add a "payload" field or use the description field? 3. In the server project locate where event logging is actually taking place and intercept code (based on event.notification.format value) How exactly do I make changes to the database schema (add event.notification.format). I think that I should add it to a "engine/schema/src/main/resources/META-INF/db/schema-???-???.sql" file? PS. I understand that you people have a lot in mind, but if anyone has the time to write a few guidlines and comment on my thoughts I would be grateful. Wiki goes only half the way..... Thank you Dalezios Nikolaos Στις Τρί, 29 Ιαν 2019 στις 1:49 μ.μ., ο/η Rafael Weingärtner < rafaelweingart...@gmail.com> έγραψε: > Come on @Daan Hoogland <daan.hoogl...@gmail.com>, that PR has nothing to > do > with what he wants to do. If the matter was to simply acquire log entries, > he could hook a custom Log Appender in Log4J to process and store the log > entries in some way that is usable for him. From what I understood the > scope is bigger (specially when we consider the expression "real-time > monitoring"). > > I see a few challenges: > > - Extracting/consolidating log entries from System VMs(VRs, console > proxy, and storage system VM). > - Real time performance meeting (In some places, the method ACS uses > right now cannot be considered real time) > - Extend the event bus that we have to be CADF compliant (for all > resources managed by CloudStack) > > > On Tue, Jan 29, 2019 at 6:42 AM Daan Hoogland <daan.hoogl...@gmail.com> > wrote: > > > I forgot to mention the cloudstack event model. You'll have to look at > that > > as well > > > > On Tue, Jan 29, 2019 at 9:41 AM Daan Hoogland <daan.hoogl...@gmail.com> > > wrote: > > > > > H Nikolaos, > > > have a look at https://github.com/apache/cloudstack/pull/2992. it was > > > -1'd but i think it would fit your ideas. have a look see if you can > add > > > your thoughts to that and I'll be happy to look at PRs to the base > branch > > > of that one. > > > regards > > > > > > On Tue, Jan 29, 2019 at 8:41 AM Nikolaos Dalezios <dale...@gmail.com> > > > wrote: > > > > > >> Hello dev team, > > >> My name is Nikos Dalezios and I am currently working on my MSc thesis > > >> "Cloud log forensics - Log unification - the CADF case". I have just > > >> forked > > >> the code and I am studying at the moment various aspects of CloudStack > > and > > >> would like to implement CADF logging. > > >> > > >> Any suggestions or help is always acceptable. > > >> > > >> Thank you > > >> > > > > > > > > > -- > > > Daan > > > > > > > > > -- > > Daan > > > > > -- > Rafael Weingärtner >
