neutron

FWaaS Logging

Registered by Yushiro FURUKAWA

Adding FWaaS logging that outputs log data into log file.

FWaaS doesn't log at all today, but it's necessary for both tenant-users and operators.

    1. Operators need logs for trouble shooting.
    2. Tenant-users need logs to make sure their Firewall rule works as expected,
       and to assess what kinds of packets went through their router or were dropped.

This Blueprint will provide iptables based implementation.

The logging feature is disabled by default, and it can be enabled by something like this (needs to be discussed)
        [CLI] neutron firewall-create --logging=True
        [API] POST v2.0/fw/firewalls (following parameters)
                          {"firewall":
                                  {
                                        "firewall_policy_id": "48013307-8db1-4fae-9a78-13bda6d221f5",
                                        "name": "firewall_with_logging",
                                        "logging": "True",
                                  }
                          }

Blueprint information

Status:
Complete
Approver:
Kyle Mestery
Priority:
Undefined
Drafter:
Yushiro FURUKAWA
Direction:
Needs approval
Assignee:
Yushiro FURUKAWA
Definition:
Obsolete
Series goal:
None
Implementation:
Unknown
Milestone target:
None
Completed by
Armando Migliaccio

Related branches

Sprints

Whiteboard

Nov-13-2015(armax): If someone is interested in pursuing it, this must be re-submitted according to guidelines defined in [1], especially in light of the fwaas v2 API proposal.

[1] http://docs.openstack.org/developer/neutron/policies/blueprints.html

-----------------

Gerrit topic: https://review.openstack.org/#q,topic:bp/fwaas-logging,n,z

Addressed by: https://review.openstack.org/132133
    Add spec for fwaas-logging

Addressed by: https://review.openstack.org/188340
    This is WIP for bp/fwaas-logging

(?)

Work Items

This blueprint contains Public information 
Everyone can see this information.