Audit events

Registered by xingzhou on 2013-05-09

In order to properly audit the access or management of data or workloads governed by a cloud platform, regardless of industry (e.g. Banking, Financial, Healthcare, etc.) or compliance regulations (e.g. Basil, SSAE16, HIPAA, ISO 27000, etc.), all low-level security decisions based upon security identities and policies (including access control groups management and administrator/privileged actions) need precise audit information to be recorded.

Ceilometer has recently added support for standardized auditing of external OpenStack APIs using the DMTF Cloud Audit Standard ( ). Here we leverage this work to add internal auditing of keystone authentication operations.

More information on Ceilometer's standards auditing support can be found at

More details from the icehouse design summit on this feature can be found at

Blueprint information

Dolph Mathews
Needs approval
Brad Topol
Series goal:
Accepted for icehouse
Milestone target:
milestone icon 2014.1
Started by
Dolph Mathews on 2014-01-25
Completed by
Dolph Mathews on 2014-02-18

Related branches



@Dolph, just noticed that the status of this blueprints has been updated, I've assigned myself as the this blueprint's assignee, I noticed that also in Ceilometer, there already a standard audit format blueprint which supports CADF format is under implementation(, and I think this blueprint can be co-work with this one

xingzhou, please work with Brad Topol, who helped get CADF support into ceilometer and has just started the effort to integrate CADF into keystone in the first patchset below. We're looking to land this in icehouse and only have until February 18th to do so, so your assistance is much appreciated! Thanks, -Dolph

relevant summit etherpad-

Gerrit topic:,topic:bp/audit-event-record,n,z

Addressed by:
    Adds Cloud Audit (DMTF CADF) Support for keystone authentication


Work Items

Dependency tree

* Blueprints in grey have been implemented.

This blueprint contains Public information 
Everyone can see this information.