diff --git a/pages/index.md b/pages/index.md index 1adb2a86218..05b1b409948 100644 --- a/pages/index.md +++ b/pages/index.md @@ -1976,6 +1976,11 @@ + [Pushing logs with a forwarder - Syslog-ng 3.8+ (Linux)](manage_and_operate/observability/logs_data_platform/ingestion_syslog_ng) + [Pushing logs with a forwarder - NXLog (Windows)](manage_and_operate/observability/logs_data_platform/ingestion_windows_nxlog) + [Pushing logs from software - Apache](manage_and_operate/observability/logs_data_platform/ingestion_apache) + + [Pushing logs from a Kubernetes cluster to Logs Data Platform using Fluent Bit](manage_and_operate/observability/logs_data_platform/ingestion_kubernetes_fluent_bit) + + [Pushing logs from OVHcloud account to Logs Data Platform](manage_and_operate/iam/iam-logs-forwarding) + + [Pushing logs from OVHcloud KMS to Logs Data Platform](manage_and_operate/kms/kms-troubleshooting) + + [Pushing logs from SAP to Logs Data Platform](hosted_private_cloud/sap_on_ovhcloud/cookbook_sap_logs_on_ovhcloud_logs_data_platform_solution_setup) + + [Logs Data Platform - Collect VMware on OVHcloud logs](/pages/hosted_private_cloud/hosted_private_cloud_powered_by_vmware/vmware_ldp) + [Visualizing, querying and exploiting your logs](observability-logs-data-platform-visualizing-querying-exploiting) + [Exposing your logs to third-party tools via the OpenSearch API](manage_and_operate/observability/logs_data_platform/integration_opensearch_api) + [Using OpenSearch Dashboards with Logs Data Platform](manage_and_operate/observability/logs_data_platform/visualization_opensearch_dashboards) @@ -2002,6 +2007,7 @@ + [OVHcloud KMS Architecture overview](manage_and_operate/kms/architecture-overview) + [OVHcloud KMS - Responsibility model](manage_and_operate/kms/responsibility-model-kms) + [How to connect a compatible product using KMIP protocol with OVHcloud KMS](manage_and_operate/kms/kms-kmip) + + [Pushing logs from OVHcloud KMS to Logs Data Platform](manage_and_operate/kms/kms-troubleshooting) + OVHcloud Labs + [Data Collector](products/ovhcloud-labs-data-collector) + [Getting started](ovhcloud-labs-data-collector-getting-started) diff --git a/pages/manage_and_operate/kms/kms-troubleshooting/guide.en-gb.md b/pages/manage_and_operate/kms/kms-troubleshooting/guide.en-gb.md new file mode 100644 index 00000000000..c4cc8757148 --- /dev/null +++ b/pages/manage_and_operate/kms/kms-troubleshooting/guide.en-gb.md @@ -0,0 +1,112 @@ +--- +title: "Pushing logs from OVHcloud KMS to Logs Data Platform" +excerpt: "Analyze KMS logs through LDP" +updated: 2025-06-17 +--- + +## Objective + +This guide aims to introduce logs generated by OVHcloud KMS and how they are managed from Logs Data Platform. + +## Requirements + +- An [OVHcloud customer account](/pages/account_and_service_management/account_information/ovhcloud-account-creation). +- An [OVHcloud KMS ordered and an access certificate created](/pages/manage_and_operate/kms/quick-start). + +## Instructions + +### Description + +OVHcloud KMS has a native integration with [Logs Data Platform](/links/manage-operate/ldp) for logs management. + +### Logs direct access + +KMS logs are available from each KMS `Logs`{.action} tab. + +![Logs tab](images/kms-logs-tab.png){.thumbnail} + +This tab displays all KMS logsin real time. +A selector allows to switch display between the two types of logs: + +- REST API audit logs. +- KMIP audit logs. + +### Logs access through LDP + +From the `Logs`{.action} tab, you can subscribe to an LDP data stream. +Once the subscription is enabled, all the logs will be pushed to [Logs Data Platform](/links/manage-operate/ldp) to archive generated logs and perform advanced searches, create alerts and visualisations. + +![LDP Subscription](images/kms-ldp-subscription.png){.thumbnail} + +For more information, please refer to our guide "[Quick start for Logs Data Platform](/pages/manage_and_operate/observability/logs_data_platform/getting_started_quick_start)". + +### Available logs details + +KMS logs contain the following information: + +- REST API + +Logs are displayed with this format: + +```bash +{{ http_method }} {{ http_path }} - {{ http_status }} - identity: {{ iam_identities }} - operation: {{ iam_operation }} on {{ res_urn }} - from {{ip}} with certificate {{cert_id}} - request id: {{ request_id }} +``` + +**Example:** + +```console +INFO | GET /v1/servicekey/77f0a3f6-c2ef-4e76-xxxx-xxxxxxxxxxxx - 200 - identity: urn:v1:eu:identity:group:xx1111-ovh/john.smith - operation: okms:apiovh:serviceKey/get on urn:v1:eu:resource:okms:8d1c84cc-1128-4629-xxxx-xxxxxxxxxx/serviceKey/77f0a3f6-c2ef-4e76-xxxx-xxxxxxxxxxxx - from Manager/APIv2 - request id: EU.manager-5.684c3abe.3880620.2080cff16eaa5539bf92cxxxxxxxx +``` + +Elements that can be pushed to Logs Data Platform: + +|**Field**|**Description**| +| :-: | :-: | +|domain_id|OKMS domain ID| +|request_id|request ID| +|type|| +|log_level|Log priority level| +|client_ip|IP of the client making the request| +|tls_cert_id|Authentication certificate ID used| +|res_urn|target resource URN| +|region|OKMS domain region| +|iam_operation|IAM action evalutated| +|iam_identities|IAM identity used for rights evaluation| +|http_path|Request path| +|http_status|HTTP answer status| +|http_method|Request method| +|err_category|Error category| + +- KMIP + +Logs are displayed with this format: + +```bash +{{ http_method }} {{ http_path }} - {{ http_status }} - identity: {{ iam_identities }} - operation: {{ iam_operation }} on {{ res_urn }} - from {{ip}} with certificate {{cert_id}} - request id: {{ request_id }} +``` + +**Example:** + +```console +INFO | GET on urn:v1:eu:resource:okms:8d1c84cc-1128-4629-xxxx-xxxxxxxxxxx/kmip/ff55638c-3e86-4cb3-xxxx-xxxxxxxx - identity: urn:v1:eu:identity:account:xx1111-ovh - operation: okms:kmip:get - from XXX.XXX.XXX.XXX with certificate e7850a19-a5de-4527-xxxx-xxxxxxxxx - request id: OKMS.db61c455-abfa-4a66-xxxx-xxxxxxxxxxx +``` + +Elements that can be pushed to Logs Data Platform: + +|**Field**|**Description**| +| :-: | :-: | +|domain_id|OKMS domain ID| +|request_id|Request ID| +|log_level|Log priority level| +|client_ip|IP of the client making the request| +|tls_cert_id|Authentication certificate ID used| +|res_urn|Target resource URN| +|region|OKMS domain region| +|iam_operation|IAM action evalutated| +|iam_identities|IAM identity used for rights evaluation| +|kmip_operation|KMIP operation used| +|kmip_reason|[Standard KMIP error code](https://docs.oasis-open.org/kmip/spec/v1.4/kmip-spec-v1.4.pdf#%5B%7B%22num%22%3A484%2C%22gen%22%3A0%7D%2C%7B%22name%22%3A%22XYZ%22%7D%2C69%2C720%2C0%5D){.external}| + +## Go further + +Join our [community of users](/links/community). \ No newline at end of file diff --git a/pages/manage_and_operate/kms/kms-troubleshooting/guide.fr-fr.md b/pages/manage_and_operate/kms/kms-troubleshooting/guide.fr-fr.md new file mode 100644 index 00000000000..a91f6e3b3ce --- /dev/null +++ b/pages/manage_and_operate/kms/kms-troubleshooting/guide.fr-fr.md @@ -0,0 +1,113 @@ +--- +title: "Transférer les logs du KMS OVHcloud à Logs Data Platform" +excerpt: "Analyser les logs KMS via LDP" +updated: 2025-06-17 +--- + +## Objectif + +L'objectif de ce guide est de présenter les logs générés par le KMS OVHcloud et la manière dont ils sont gérés depuis Logs Data Platform. + +## Prérequis + +- Disposer d'un [compte client OVHcloud](/pages/account_and_service_management/account_information/ovhcloud-account-creation). +- Avoir [commandé un KMS OVHcloud et créé un certificat d'accès](/pages/manage_and_operate/kms/quick-start). + +## En pratique + +### Description + +Le KMS OVHcloud dispose d'une intégration native avec [Logs Data Platform](/links/manage-operate/ldp) pour la gestion des logs. + +### Accès aux logs en direct + +Les logs du KMS sont accessibles depuis l'onglet `Logs`{.action} d'un KMS. + +![Logs tab](images/kms-logs-tab.png){.thumbnail} + +Cet onglet affiche en temps réel les logs du KMS. +Le sélecteur permet de choisir le type de logs affichés : + +- REST API audit logs. +- KMIP audit logs. + +### Accès aux logs via LDP + +Depuis l'onglet `Logs`{.action} il est possible de s'abonner à un flux LDP. +Une fois l'abonnement actif, l'ensemble des logs seront transmis à [Logs Data Platform](/links/manage-operate/ldp) pour retrouver l'historique des logs générés et la possiblité de faire des recherches plus avancées, créer des alertes et des visualisations. + +![LDP Subscription](images/kms-ldp-subscription.png){.thumbnail} + +Pour plus d'informations, veuillez consulter notre guide « [Quick start for Logs Data Platform](/pages/manage_and_operate/observability/logs_data_platform/getting_started_quick_start) ». + +### Liste des logs générés + +Les logs du KMS comportent les informations suivantes : + +- API REST + +Les logs sont sous le format suivant : + +```bash +{{ http_method }} {{ http_path }} - {{ http_status }} - identity: {{ iam_identities }} - operation: {{ iam_operation }} on {{ res_urn }} - from {{ip}} with certificate {{cert_id}} - request id: {{ request_id }} +``` + +**Exemple :** + +```console +INFO | GET /v1/servicekey/77f0a3f6-c2ef-4e76-xxxx-xxxxxxxxxxxx - 200 - identity: urn:v1:eu:identity:group:xx1111-ovh/john.smith - operation: okms:apiovh:serviceKey/get on urn:v1:eu:resource:okms:8d1c84cc-1128-4629-xxxx-xxxxxxxxxx/serviceKey/77f0a3f6-c2ef-4e76-xxxx-xxxxxxxxxxxx - from Manager/APIv2 - request id: EU.manager-5.684c3abe.3880620.2080cff16eaa5539bf92cxxxxxxxx +``` + +Les éléments pouvant être transmis à Logs Data Platform sont : + +|**Champ**|**Description**| +| :-: | :-: | +|domain_id|ID du domaine OKMS| +|request_id|ID de la requête| +|type|| +|log_level|Niveau de priorité du log| +|client_ip|IP du client réalisant la requête| +|tls_cert_id|ID du certificat utilisé pour l'authentification| +|res_urn|URN de la ressource ciblé| +|region|Région du domaine OKMS| +|iam_operation|Action IAM évaluée| +|iam_identities|Identitée IAM utilisé pour l'évaluation des droits| +|http_path|Chemin de la requête| +|http_status|Status de la réponse HTTP| +|http_method|Methode de la requête| +|err_category|Catégorie de l'erreur| + +- KMIP + +Les logs sont sous le format suivant : + +```bash +{{ http_method }} {{ http_path }} - {{ http_status }} - identity: {{ iam_identities }} - operation: {{ iam_operation }} on {{ res_urn }} - from {{ip}} with certificate {{cert_id}} - request id: {{ request_id }} +``` + +**Exemple :** + +```console +INFO | GET on urn:v1:eu:resource:okms:8d1c84cc-1128-4629-xxxx-xxxxxxxxxxx/kmip/ff55638c-3e86-4cb3-xxxx-xxxxxxxx - identity: urn:v1:eu:identity:account:xx1111-ovh - operation: okms:kmip:get - from XXX.XXX.XXX.XXX with certificate e7850a19-a5de-4527-xxxx-xxxxxxxxx - request id: OKMS.db61c455-abfa-4a66-xxxx-xxxxxxxxxxx" +``` + +Les éléments pouvant être transmis à Logs Data Platform étant : + +|**Champ**|**Description**| +| :-: | :-: | +|domain_id|ID du domaine OKMS| +|request_id|ID de la requête| +|type|| +|log_level|Niveau de priorité du log| +|client_ip|IP du client réalisant la requête| +|tls_cert_id|ID du certificat utilisé pour l'authentification| +|res_urn|URN de la ressource ciblée| +|region|Région du domaine OKMS| +|iam_operation|Action IAM évaluée| +|iam_identities|Identitée IAM utilisé pour l'évaluation des droits| +|kmip_operation|Opération KMIP utilisée| +|kmip_reason|[code d'erreur KMIP](https://docs.oasis-open.org/kmip/spec/v1.4/kmip-spec-v1.4.pdf#%5B%7B%22num%22%3A484%2C%22gen%22%3A0%7D%2C%7B%22name%22%3A%22XYZ%22%7D%2C69%2C720%2C0%5D){.external}| + +## Aller plus loin + +Échangez avec notre [communauté d'utilisateurs](/links/community). \ No newline at end of file diff --git a/pages/manage_and_operate/kms/kms-troubleshooting/images/kms-ldp-subscription.png b/pages/manage_and_operate/kms/kms-troubleshooting/images/kms-ldp-subscription.png new file mode 100644 index 00000000000..ca5a0faa053 Binary files /dev/null and b/pages/manage_and_operate/kms/kms-troubleshooting/images/kms-ldp-subscription.png differ diff --git a/pages/manage_and_operate/kms/kms-troubleshooting/images/kms-logs-tab.png b/pages/manage_and_operate/kms/kms-troubleshooting/images/kms-logs-tab.png new file mode 100644 index 00000000000..cf8caea27f1 Binary files /dev/null and b/pages/manage_and_operate/kms/kms-troubleshooting/images/kms-logs-tab.png differ diff --git a/pages/manage_and_operate/kms/kms-troubleshooting/meta.yaml b/pages/manage_and_operate/kms/kms-troubleshooting/meta.yaml new file mode 100644 index 00000000000..b5aab7d7f73 --- /dev/null +++ b/pages/manage_and_operate/kms/kms-troubleshooting/meta.yaml @@ -0,0 +1,3 @@ +id: 751e237a-47e4-4ac8-854d-189530462197 +full_slug: kms-logs +reference_category: manage-operate-kms \ No newline at end of file