)]}'
{"/COMMIT_MSG":[{"author":{"_account_id":6524,"name":"Henry Gessau","email":"HenryG@gessau.net","username":"gessau"},"change_message_id":"3de56abd92ab0e4c208419749ab62a136e42ca1f","unresolved":false,"context_lines":[{"line_number":4,"context_line":"Commit:     Cao Xuan Hoang \u003choangcx@vn.fujitsu.com\u003e"},{"line_number":5,"context_line":"CommitDate: 2015-08-03 15:11:27 +0700"},{"line_number":6,"context_line":""},{"line_number":7,"context_line":"Packet logging API for Neutron"},{"line_number":8,"context_line":""},{"line_number":9,"context_line":"This spec proposes a new API for packet logging configuration"},{"line_number":10,"context_line":"to following neutron resources:"}],"source_content_type":"text/x-gerrit-commit-message","patch_set":10,"id":"1a4dcd0f_c00be928","line":7,"updated":"2015-08-06 13:50:50.000000000","message":"Please do not use the term \"packet logging\". I suggest the title \"Logging API for security group and firewall rules\". (You don\u0027t need to mention Neutron in the title, this is the neutron-specs repo.)","commit_id":"1f21efa73a66c75d10e238433ca4ebd13272bbf2"},{"author":{"_account_id":13702,"name":"yushiro","username":"yushiro","inactive":true},"change_message_id":"70b90b31378c8132277742869359cf04eb3a7ef7","unresolved":false,"context_lines":[{"line_number":4,"context_line":"Commit:     Cao Xuan Hoang \u003choangcx@vn.fujitsu.com\u003e"},{"line_number":5,"context_line":"CommitDate: 2015-08-03 15:11:27 +0700"},{"line_number":6,"context_line":""},{"line_number":7,"context_line":"Packet logging API for Neutron"},{"line_number":8,"context_line":""},{"line_number":9,"context_line":"This spec proposes a new API for packet logging configuration"},{"line_number":10,"context_line":"to following neutron resources:"}],"source_content_type":"text/x-gerrit-commit-message","patch_set":10,"id":"1a4dcd0f_4f084bda","line":7,"in_reply_to":"1a4dcd0f_c00be928","updated":"2015-08-07 03:22:36.000000000","message":"Yes. I\u0027ll follow your suggestion :)","commit_id":"1f21efa73a66c75d10e238433ca4ebd13272bbf2"},{"author":{"_account_id":6524,"name":"Henry Gessau","email":"HenryG@gessau.net","username":"gessau"},"change_message_id":"3de56abd92ab0e4c208419749ab62a136e42ca1f","unresolved":false,"context_lines":[{"line_number":10,"context_line":"to following neutron resources:"},{"line_number":11,"context_line":""},{"line_number":12,"context_line":"  * Security-group-rule"},{"line_number":13,"context_line":"  * Firewall-rule"},{"line_number":14,"context_line":""},{"line_number":15,"context_line":"[WIP]"},{"line_number":16,"context_line":"  - https://review.openstack.org/#/c/204481/"}],"source_content_type":"text/x-gerrit-commit-message","patch_set":10,"id":"1a4dcd0f_631bff73","line":13,"updated":"2015-08-06 13:50:50.000000000","message":"Will fwaas be able to use and implement this API?","commit_id":"1f21efa73a66c75d10e238433ca4ebd13272bbf2"},{"author":{"_account_id":13702,"name":"yushiro","username":"yushiro","inactive":true},"change_message_id":"70b90b31378c8132277742869359cf04eb3a7ef7","unresolved":false,"context_lines":[{"line_number":10,"context_line":"to following neutron resources:"},{"line_number":11,"context_line":""},{"line_number":12,"context_line":"  * Security-group-rule"},{"line_number":13,"context_line":"  * Firewall-rule"},{"line_number":14,"context_line":""},{"line_number":15,"context_line":"[WIP]"},{"line_number":16,"context_line":"  - https://review.openstack.org/#/c/204481/"}],"source_content_type":"text/x-gerrit-commit-message","patch_set":10,"id":"1a4dcd0f_77ecf929","line":13,"in_reply_to":"1a4dcd0f_631bff73","updated":"2015-08-07 03:22:36.000000000","message":"Yes. FWaaS will be able to use and implement this API. Please refer draft implementation in L.17","commit_id":"1f21efa73a66c75d10e238433ca4ebd13272bbf2"},{"author":{"_account_id":6524,"name":"Henry Gessau","email":"HenryG@gessau.net","username":"gessau"},"change_message_id":"f0f9a763c32b8c79a4ad4f8769a2a3a1ab47580e","unresolved":false,"context_lines":[{"line_number":15,"context_line":"[WIP]"},{"line_number":16,"context_line":"  - https://review.openstack.org/#/c/204481/"},{"line_number":17,"context_line":"  - https://review.openstack.org/#/c/204484/"},{"line_number":18,"context_line":""},{"line_number":19,"context_line":"Change-Id: I512944e50d4f0f06ff220dac35e8a1d2a5bafb50"},{"line_number":20,"context_line":"Related-Bug: 1468366"}],"source_content_type":"text/x-gerrit-commit-message","patch_set":13,"id":"1a4dcd0f_d72f883c","line":18,"updated":"2015-08-11 03:01:20.000000000","message":"Please add the APIImpact tag here.","commit_id":"c6f1ba00b2880af4c1a2251e2ddff468523c3dcf"},{"author":{"_account_id":13702,"name":"yushiro","username":"yushiro","inactive":true},"change_message_id":"f7258945f349071922675a57ab4c599eeceeae61","unresolved":false,"context_lines":[{"line_number":15,"context_line":"[WIP]"},{"line_number":16,"context_line":"  - https://review.openstack.org/#/c/204481/"},{"line_number":17,"context_line":"  - https://review.openstack.org/#/c/204484/"},{"line_number":18,"context_line":""},{"line_number":19,"context_line":"Change-Id: I512944e50d4f0f06ff220dac35e8a1d2a5bafb50"},{"line_number":20,"context_line":"Related-Bug: 1468366"}],"source_content_type":"text/x-gerrit-commit-message","patch_set":13,"id":"1a4dcd0f_9d9cbf5e","line":18,"in_reply_to":"1a4dcd0f_d72f883c","updated":"2015-08-11 07:51:05.000000000","message":"Done","commit_id":"c6f1ba00b2880af4c1a2251e2ddff468523c3dcf"},{"author":{"_account_id":6524,"name":"Henry Gessau","email":"HenryG@gessau.net","username":"gessau"},"change_message_id":"ccccc0c57f7a88594e41cd7212c53f8143dfa828","unresolved":false,"context_lines":[{"line_number":4,"context_line":"Commit:     Yushiro FURUKAWA \u003cy.furukawa_2@jp.fujitsu.com\u003e"},{"line_number":5,"context_line":"CommitDate: 2015-11-13 22:39:32 +0900"},{"line_number":6,"context_line":""},{"line_number":7,"context_line":"Logging API for security groups"},{"line_number":8,"context_line":""},{"line_number":9,"context_line":"This spec proposes a new API for logging configuration"},{"line_number":10,"context_line":"to security-group-rules."}],"source_content_type":"text/x-gerrit-commit-message","patch_set":28,"id":"ba8a016a_17a501b4","line":7,"updated":"2015-11-17 17:24:05.000000000","message":"Consider pre-pending \"Admin-only \" to this title. Probably in the RFE bug title too.","commit_id":"4cd75dcbef4bb0e3bc39e8adcc2ea3839ada5945"},{"author":{"_account_id":13702,"name":"yushiro","username":"yushiro","inactive":true},"change_message_id":"a853eed065ceec59536bfbe21ca52a59c15cf517","unresolved":false,"context_lines":[{"line_number":4,"context_line":"Commit:     Yushiro FURUKAWA \u003cy.furukawa_2@jp.fujitsu.com\u003e"},{"line_number":5,"context_line":"CommitDate: 2015-11-13 22:39:32 +0900"},{"line_number":6,"context_line":""},{"line_number":7,"context_line":"Logging API for security groups"},{"line_number":8,"context_line":""},{"line_number":9,"context_line":"This spec proposes a new API for logging configuration"},{"line_number":10,"context_line":"to security-group-rules."}],"source_content_type":"text/x-gerrit-commit-message","patch_set":28,"id":"ba8a016a_b8b12849","line":7,"in_reply_to":"ba8a016a_17a501b4","updated":"2015-11-19 11:34:57.000000000","message":"Sure.  I\u0027ll update it.","commit_id":"4cd75dcbef4bb0e3bc39e8adcc2ea3839ada5945"},{"author":{"_account_id":4656,"name":"Sean M. Collins","email":"sean@coreitpro.com","username":"scollins"},"change_message_id":"01c2082f20803d0064753ca1b03d67e103c6ebd1","unresolved":false,"context_lines":[{"line_number":4,"context_line":"Commit:     Yushiro FURUKAWA \u003cy.furukawa_2@jp.fujitsu.com\u003e"},{"line_number":5,"context_line":"CommitDate: 2015-11-19 19:45:25 +0900"},{"line_number":6,"context_line":""},{"line_number":7,"context_line":"(Admin-only) Logging API for security groups"},{"line_number":8,"context_line":""},{"line_number":9,"context_line":"This spec proposes a new API for logging configuration"},{"line_number":10,"context_line":"to security-group-rules."}],"source_content_type":"text/x-gerrit-commit-message","patch_set":29,"id":"ba8a016a_2cc2a5e9","line":7,"updated":"2015-11-20 02:58:37.000000000","message":"Putting this in the commit message, that it is admin only is not sufficient. Especially since you have in the first paragraph that \"this feature is necessary for **Operators** (including cloud admin, developer)","commit_id":"ea1c4822428e01d116a13ced95478ccc9f10da84"},{"author":{"_account_id":13702,"name":"yushiro","username":"yushiro","inactive":true},"change_message_id":"c262ea5f7ff5dfc40a71a5fd64d8755c8c1c1521","unresolved":false,"context_lines":[{"line_number":4,"context_line":"Commit:     Yushiro FURUKAWA \u003cy.furukawa_2@jp.fujitsu.com\u003e"},{"line_number":5,"context_line":"CommitDate: 2015-11-19 19:45:25 +0900"},{"line_number":6,"context_line":""},{"line_number":7,"context_line":"(Admin-only) Logging API for security groups"},{"line_number":8,"context_line":""},{"line_number":9,"context_line":"This spec proposes a new API for logging configuration"},{"line_number":10,"context_line":"to security-group-rules."}],"source_content_type":"text/x-gerrit-commit-message","patch_set":29,"id":"ba8a016a_fa652b1d","line":7,"in_reply_to":"ba8a016a_2cc2a5e9","updated":"2015-11-20 04:11:12.000000000","message":"I\u0027m Sorry. You\u0027re correct.  I\u0027ll change \"Operator\".","commit_id":"ea1c4822428e01d116a13ced95478ccc9f10da84"},{"author":{"_account_id":6788,"name":"Rossella Sblendido","email":"rsblendido@suse.com","username":"rossella-o"},"change_message_id":"00e724e1ba487f31216718cc59f12108a13151c2","unresolved":false,"context_lines":[{"line_number":9,"context_line":"This spec proposes a new API for logging configuration"},{"line_number":10,"context_line":"to security groups"},{"line_number":11,"context_line":""},{"line_number":12,"context_line":"[POC]: https://review.openstack.org/#/c/353440/"},{"line_number":13,"context_line":""},{"line_number":14,"context_line":"APIImpact"},{"line_number":15,"context_line":"DocImpact"}],"source_content_type":"text/x-gerrit-commit-message","patch_set":53,"id":"1a6eadb0_15c0ecdf","line":12,"updated":"2016-12-13 19:40:01.000000000","message":"you should update this link :)","commit_id":"a9507d3708b67075a4aadf2864a09e7ad3bbda7f"},{"author":{"_account_id":6854,"name":"YAMAMOTO Takashi","email":"yamamoto@midokura.com","username":"yamamoto"},"change_message_id":"0271878534e575035ed7183513edf3df16ce9586","unresolved":false,"context_lines":[{"line_number":4,"context_line":"Commit:     Nguyen Phuong An \u003cAnNP@vn.fujitsu.com\u003e"},{"line_number":5,"context_line":"CommitDate: 2017-01-17 17:00:02 +0700"},{"line_number":6,"context_line":""},{"line_number":7,"context_line":"(Operator-only) Logging API for security groups"},{"line_number":8,"context_line":""},{"line_number":9,"context_line":"This spec proposes a new API for logging configuration"},{"line_number":10,"context_line":"to security groups. The implementation can be referred"}],"source_content_type":"text/x-gerrit-commit-message","patch_set":58,"id":"7a3c09a3_13016b38","line":7,"range":{"start_line":7,"start_character":0,"end_line":7,"end_character":15},"updated":"2017-01-18 00:18:57.000000000","message":"i wonder why you emphasis it this strong.","commit_id":"05538ad6424a6ce6b801320d8c18bdf73df84733"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"b64e8ae51b696b3e2d22302bfb5aa0f587f59ee1","unresolved":false,"context_lines":[{"line_number":4,"context_line":"Commit:     Nguyen Phuong An \u003cAnNP@vn.fujitsu.com\u003e"},{"line_number":5,"context_line":"CommitDate: 2017-01-17 17:00:02 +0700"},{"line_number":6,"context_line":""},{"line_number":7,"context_line":"(Operator-only) Logging API for security groups"},{"line_number":8,"context_line":""},{"line_number":9,"context_line":"This spec proposes a new API for logging configuration"},{"line_number":10,"context_line":"to security groups. The implementation can be referred"}],"source_content_type":"text/x-gerrit-commit-message","patch_set":58,"id":"7a3c09a3_84ea6c72","line":7,"range":{"start_line":7,"start_character":0,"end_line":7,"end_character":15},"in_reply_to":"7a3c09a3_13016b38","updated":"2017-01-18 08:38:38.000000000","message":"Currently, This api is only available for operators(including admin and developers). Exposing this api for *tenant* needs more discussion on other specs. How do you think?","commit_id":"05538ad6424a6ce6b801320d8c18bdf73df84733"}],"specs/liberty/logging-API-for-sg-and-fw-rules.rst":[{"author":{"_account_id":6524,"name":"Henry Gessau","email":"HenryG@gessau.net","username":"gessau"},"change_message_id":"f0f9a763c32b8c79a4ad4f8769a2a3a1ab47580e","unresolved":false,"context_lines":[{"line_number":39,"context_line":""},{"line_number":40,"context_line":"Proposed Change"},{"line_number":41,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":42,"context_line":"* We proposes to create new logging API for security-group and firewall rules."},{"line_number":43,"context_line":"  We will define a new resource named \"packet_logger\" (on the \"packet-logger\" table below)."},{"line_number":44,"context_line":""},{"line_number":45,"context_line":"* Adding logging API that outputs log data into logfile other than syslog"}],"source_content_type":"text/x-rst","patch_set":13,"id":"1a4dcd0f_f35df9ec","line":42,"updated":"2015-08-11 03:01:20.000000000","message":"I suggest a small tweak: \"We propose to create a new logging API for Neutron, and to support logging for security-group and firewall rules as a first implementation of the logging API.\"","commit_id":"c6f1ba00b2880af4c1a2251e2ddff468523c3dcf"},{"author":{"_account_id":13702,"name":"yushiro","username":"yushiro","inactive":true},"change_message_id":"f7258945f349071922675a57ab4c599eeceeae61","unresolved":false,"context_lines":[{"line_number":39,"context_line":""},{"line_number":40,"context_line":"Proposed Change"},{"line_number":41,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":42,"context_line":"* We proposes to create new logging API for security-group and firewall rules."},{"line_number":43,"context_line":"  We will define a new resource named \"packet_logger\" (on the \"packet-logger\" table below)."},{"line_number":44,"context_line":""},{"line_number":45,"context_line":"* Adding logging API that outputs log data into logfile other than syslog"}],"source_content_type":"text/x-rst","patch_set":13,"id":"1a4dcd0f_5d9f1750","line":42,"in_reply_to":"1a4dcd0f_f35df9ec","updated":"2015-08-11 07:51:05.000000000","message":"Done","commit_id":"c6f1ba00b2880af4c1a2251e2ddff468523c3dcf"},{"author":{"_account_id":6524,"name":"Henry Gessau","email":"HenryG@gessau.net","username":"gessau"},"change_message_id":"f0f9a763c32b8c79a4ad4f8769a2a3a1ab47580e","unresolved":false,"context_lines":[{"line_number":40,"context_line":"Proposed Change"},{"line_number":41,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":42,"context_line":"* We proposes to create new logging API for security-group and firewall rules."},{"line_number":43,"context_line":"  We will define a new resource named \"packet_logger\" (on the \"packet-logger\" table below)."},{"line_number":44,"context_line":""},{"line_number":45,"context_line":"* Adding logging API that outputs log data into logfile other than syslog"},{"line_number":46,"context_line":"  and then transfer it to destination/remote nodes which support rsyslog server."}],"source_content_type":"text/x-rst","patch_set":13,"id":"1a4dcd0f_939ef552","line":43,"updated":"2015-08-11 03:01:20.000000000","message":"Remove this line since we are describing the generic logging API first.","commit_id":"c6f1ba00b2880af4c1a2251e2ddff468523c3dcf"},{"author":{"_account_id":13702,"name":"yushiro","username":"yushiro","inactive":true},"change_message_id":"f7258945f349071922675a57ab4c599eeceeae61","unresolved":false,"context_lines":[{"line_number":40,"context_line":"Proposed Change"},{"line_number":41,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":42,"context_line":"* We proposes to create new logging API for security-group and firewall rules."},{"line_number":43,"context_line":"  We will define a new resource named \"packet_logger\" (on the \"packet-logger\" table below)."},{"line_number":44,"context_line":""},{"line_number":45,"context_line":"* Adding logging API that outputs log data into logfile other than syslog"},{"line_number":46,"context_line":"  and then transfer it to destination/remote nodes which support rsyslog server."}],"source_content_type":"text/x-rst","patch_set":13,"id":"1a4dcd0f_ddb9e7cc","line":43,"in_reply_to":"1a4dcd0f_939ef552","updated":"2015-08-11 07:51:05.000000000","message":"Done","commit_id":"c6f1ba00b2880af4c1a2251e2ddff468523c3dcf"},{"author":{"_account_id":6524,"name":"Henry Gessau","email":"HenryG@gessau.net","username":"gessau"},"change_message_id":"f0f9a763c32b8c79a4ad4f8769a2a3a1ab47580e","unresolved":false,"context_lines":[{"line_number":42,"context_line":"* We proposes to create new logging API for security-group and firewall rules."},{"line_number":43,"context_line":"  We will define a new resource named \"packet_logger\" (on the \"packet-logger\" table below)."},{"line_number":44,"context_line":""},{"line_number":45,"context_line":"* Adding logging API that outputs log data into logfile other than syslog"},{"line_number":46,"context_line":"  and then transfer it to destination/remote nodes which support rsyslog server."},{"line_number":47,"context_line":""},{"line_number":48,"context_line":"  * We will also support logrotate feature in case of storing the logs"}],"source_content_type":"text/x-rst","patch_set":13,"id":"1a4dcd0f_d3b23de5","line":45,"updated":"2015-08-11 03:01:20.000000000","message":"\"The logging API will output log data ...\"","commit_id":"c6f1ba00b2880af4c1a2251e2ddff468523c3dcf"},{"author":{"_account_id":13702,"name":"yushiro","username":"yushiro","inactive":true},"change_message_id":"f7258945f349071922675a57ab4c599eeceeae61","unresolved":false,"context_lines":[{"line_number":42,"context_line":"* We proposes to create new logging API for security-group and firewall rules."},{"line_number":43,"context_line":"  We will define a new resource named \"packet_logger\" (on the \"packet-logger\" table below)."},{"line_number":44,"context_line":""},{"line_number":45,"context_line":"* Adding logging API that outputs log data into logfile other than syslog"},{"line_number":46,"context_line":"  and then transfer it to destination/remote nodes which support rsyslog server."},{"line_number":47,"context_line":""},{"line_number":48,"context_line":"  * We will also support logrotate feature in case of storing the logs"}],"source_content_type":"text/x-rst","patch_set":13,"id":"1a4dcd0f_7db0d3dd","line":45,"in_reply_to":"1a4dcd0f_d3b23de5","updated":"2015-08-11 07:51:05.000000000","message":"Done","commit_id":"c6f1ba00b2880af4c1a2251e2ddff468523c3dcf"},{"author":{"_account_id":6524,"name":"Henry Gessau","email":"HenryG@gessau.net","username":"gessau"},"change_message_id":"f0f9a763c32b8c79a4ad4f8769a2a3a1ab47580e","unresolved":false,"context_lines":[{"line_number":45,"context_line":"* Adding logging API that outputs log data into logfile other than syslog"},{"line_number":46,"context_line":"  and then transfer it to destination/remote nodes which support rsyslog server."},{"line_number":47,"context_line":""},{"line_number":48,"context_line":"  * We will also support logrotate feature in case of storing the logs"},{"line_number":49,"context_line":"    at own host. We will use Log rotate in Linux feature."},{"line_number":50,"context_line":"  * Operators can setup log rotate configuration when installing neutron environment."},{"line_number":51,"context_line":""}],"source_content_type":"text/x-rst","patch_set":13,"id":"1a4dcd0f_b3e691e6","line":48,"updated":"2015-08-11 03:01:20.000000000","message":"\"The logging API will ...\"","commit_id":"c6f1ba00b2880af4c1a2251e2ddff468523c3dcf"},{"author":{"_account_id":13702,"name":"yushiro","username":"yushiro","inactive":true},"change_message_id":"f7258945f349071922675a57ab4c599eeceeae61","unresolved":false,"context_lines":[{"line_number":45,"context_line":"* Adding logging API that outputs log data into logfile other than syslog"},{"line_number":46,"context_line":"  and then transfer it to destination/remote nodes which support rsyslog server."},{"line_number":47,"context_line":""},{"line_number":48,"context_line":"  * We will also support logrotate feature in case of storing the logs"},{"line_number":49,"context_line":"    at own host. We will use Log rotate in Linux feature."},{"line_number":50,"context_line":"  * Operators can setup log rotate configuration when installing neutron environment."},{"line_number":51,"context_line":""}],"source_content_type":"text/x-rst","patch_set":13,"id":"1a4dcd0f_9db35fe9","line":48,"in_reply_to":"1a4dcd0f_b3e691e6","updated":"2015-08-11 07:51:05.000000000","message":"Done","commit_id":"c6f1ba00b2880af4c1a2251e2ddff468523c3dcf"},{"author":{"_account_id":6524,"name":"Henry Gessau","email":"HenryG@gessau.net","username":"gessau"},"change_message_id":"f0f9a763c32b8c79a4ad4f8769a2a3a1ab47580e","unresolved":false,"context_lines":[{"line_number":54,"context_line":"  * We will support for tenant user use cases in the near future."},{"line_number":55,"context_line":""},{"line_number":56,"context_line":"* The logging feature is disabled by default, and it can be enabled by"},{"line_number":57,"context_line":"  something like this."},{"line_number":58,"context_line":""},{"line_number":59,"context_line":"  * [CLI] See Data Model Impact section."},{"line_number":60,"context_line":"  * [API] See REST API Impact section."}],"source_content_type":"text/x-rst","patch_set":13,"id":"1a4dcd0f_9359155e","line":57,"updated":"2015-08-11 03:01:20.000000000","message":"I looked and I don\u0027t see how to enable/disable logging. Do you intend to have it done by a config variable? I think there might be value in being able to enable/disable logging via an API request.","commit_id":"c6f1ba00b2880af4c1a2251e2ddff468523c3dcf"},{"author":{"_account_id":13702,"name":"yushiro","username":"yushiro","inactive":true},"change_message_id":"f7258945f349071922675a57ab4c599eeceeae61","unresolved":false,"context_lines":[{"line_number":54,"context_line":"  * We will support for tenant user use cases in the near future."},{"line_number":55,"context_line":""},{"line_number":56,"context_line":"* The logging feature is disabled by default, and it can be enabled by"},{"line_number":57,"context_line":"  something like this."},{"line_number":58,"context_line":""},{"line_number":59,"context_line":"  * [CLI] See Data Model Impact section."},{"line_number":60,"context_line":"  * [API] See REST API Impact section."}],"source_content_type":"text/x-rst","patch_set":13,"id":"1a4dcd0f_c01260b4","line":57,"in_reply_to":"1a4dcd0f_9359155e","updated":"2015-08-11 07:51:05.000000000","message":"I\u0027ll change the following description:\n\nFor current proposal, logging feature is not configured by default when SG/FW rules events happen. \nIt can be configured by something like this:","commit_id":"c6f1ba00b2880af4c1a2251e2ddff468523c3dcf"},{"author":{"_account_id":6524,"name":"Henry Gessau","email":"HenryG@gessau.net","username":"gessau"},"change_message_id":"f0f9a763c32b8c79a4ad4f8769a2a3a1ab47580e","unresolved":false,"context_lines":[{"line_number":57,"context_line":"  something like this."},{"line_number":58,"context_line":""},{"line_number":59,"context_line":"  * [CLI] See Data Model Impact section."},{"line_number":60,"context_line":"  * [API] See REST API Impact section."},{"line_number":61,"context_line":""},{"line_number":62,"context_line":"* The following data are candidates to be logged."},{"line_number":63,"context_line":"  (those data after \u0027IN\u0027 can be obtained from iptables [3])"}],"source_content_type":"text/x-rst","patch_set":13,"id":"1a4dcd0f_137c25ea","line":60,"updated":"2015-08-11 03:01:20.000000000","message":"Nit: use RST markup to create links to the sections","commit_id":"c6f1ba00b2880af4c1a2251e2ddff468523c3dcf"},{"author":{"_account_id":13702,"name":"yushiro","username":"yushiro","inactive":true},"change_message_id":"f7258945f349071922675a57ab4c599eeceeae61","unresolved":false,"context_lines":[{"line_number":57,"context_line":"  something like this."},{"line_number":58,"context_line":""},{"line_number":59,"context_line":"  * [CLI] See Data Model Impact section."},{"line_number":60,"context_line":"  * [API] See REST API Impact section."},{"line_number":61,"context_line":""},{"line_number":62,"context_line":"* The following data are candidates to be logged."},{"line_number":63,"context_line":"  (those data after \u0027IN\u0027 can be obtained from iptables [3])"}],"source_content_type":"text/x-rst","patch_set":13,"id":"1a4dcd0f_00a0489e","line":60,"in_reply_to":"1a4dcd0f_137c25ea","updated":"2015-08-11 07:51:05.000000000","message":"Done","commit_id":"c6f1ba00b2880af4c1a2251e2ddff468523c3dcf"},{"author":{"_account_id":6524,"name":"Henry Gessau","email":"HenryG@gessau.net","username":"gessau"},"change_message_id":"f0f9a763c32b8c79a4ad4f8769a2a3a1ab47580e","unresolved":false,"context_lines":[{"line_number":59,"context_line":"  * [CLI] See Data Model Impact section."},{"line_number":60,"context_line":"  * [API] See REST API Impact section."},{"line_number":61,"context_line":""},{"line_number":62,"context_line":"* The following data are candidates to be logged."},{"line_number":63,"context_line":"  (those data after \u0027IN\u0027 can be obtained from iptables [3])"},{"line_number":64,"context_line":""},{"line_number":65,"context_line":":dir:"}],"source_content_type":"text/x-rst","patch_set":13,"id":"1a4dcd0f_97126008","line":62,"updated":"2015-08-11 03:01:20.000000000","message":"Here we are transitioning from the generic logging API to the SG and FW implementation. I suggest you start this bullet with: \"As a first implementation of the logging API we support logging of packets events for security-group and firewall rules.\"","commit_id":"c6f1ba00b2880af4c1a2251e2ddff468523c3dcf"},{"author":{"_account_id":13702,"name":"yushiro","username":"yushiro","inactive":true},"change_message_id":"f7258945f349071922675a57ab4c599eeceeae61","unresolved":false,"context_lines":[{"line_number":59,"context_line":"  * [CLI] See Data Model Impact section."},{"line_number":60,"context_line":"  * [API] See REST API Impact section."},{"line_number":61,"context_line":""},{"line_number":62,"context_line":"* The following data are candidates to be logged."},{"line_number":63,"context_line":"  (those data after \u0027IN\u0027 can be obtained from iptables [3])"},{"line_number":64,"context_line":""},{"line_number":65,"context_line":":dir:"}],"source_content_type":"text/x-rst","patch_set":13,"id":"1a4dcd0f_1d2bcf95","line":62,"in_reply_to":"1a4dcd0f_97126008","updated":"2015-08-11 07:51:05.000000000","message":"Done","commit_id":"c6f1ba00b2880af4c1a2251e2ddff468523c3dcf"},{"author":{"_account_id":6524,"name":"Henry Gessau","email":"HenryG@gessau.net","username":"gessau"},"change_message_id":"f0f9a763c32b8c79a4ad4f8769a2a3a1ab47580e","unresolved":false,"context_lines":[{"line_number":253,"context_line":"Security Impact"},{"line_number":254,"context_line":"---------------"},{"line_number":255,"context_line":""},{"line_number":256,"context_line":"None"},{"line_number":257,"context_line":""},{"line_number":258,"context_line":"Notifications Impact"},{"line_number":259,"context_line":"--------------------"}],"source_content_type":"text/x-rst","patch_set":13,"id":"1a4dcd0f_d707887f","line":256,"updated":"2015-08-11 03:01:20.000000000","message":"I am not sure about this. Maybe for now since the operator/admin can look at anything anyway. But great care must be taken when allowing tenant users to log stuff from a shared system resource.","commit_id":"c6f1ba00b2880af4c1a2251e2ddff468523c3dcf"},{"author":{"_account_id":13702,"name":"yushiro","username":"yushiro","inactive":true},"change_message_id":"f7258945f349071922675a57ab4c599eeceeae61","unresolved":false,"context_lines":[{"line_number":253,"context_line":"Security Impact"},{"line_number":254,"context_line":"---------------"},{"line_number":255,"context_line":""},{"line_number":256,"context_line":"None"},{"line_number":257,"context_line":""},{"line_number":258,"context_line":"Notifications Impact"},{"line_number":259,"context_line":"--------------------"}],"source_content_type":"text/x-rst","patch_set":13,"id":"1a4dcd0f_e0851c59","line":256,"in_reply_to":"1a4dcd0f_d707887f","updated":"2015-08-11 07:51:05.000000000","message":"Yes. You\u0027re right. We will consider about this issue in next Cycle when this API supports for tenant users use cases.\nCurrently, this API is only for operator use cases.","commit_id":"c6f1ba00b2880af4c1a2251e2ddff468523c3dcf"},{"author":{"_account_id":7805,"name":"Li Ma","email":"skywalker.nick@gmail.com","username":"Nick"},"change_message_id":"88dd345bb20bd7ba960406c3f8f7dc0a93887794","unresolved":false,"context_lines":[{"line_number":302,"context_line":"------------"},{"line_number":303,"context_line":""},{"line_number":304,"context_line":"Changing the security-group API/DB column by adding a logging function"},{"line_number":305,"context_line":"would break the compatibility with the AWS Security-group [1]. For the same reason,"},{"line_number":306,"context_line":"we should avoid changing the API/DB column in FWaaS [2]."},{"line_number":307,"context_line":""},{"line_number":308,"context_line":"Hence, the common API that set logging configuration is necessary."}],"source_content_type":"text/x-rst","patch_set":13,"id":"1a4dcd0f_e0d67c26","line":305,"updated":"2015-08-11 04:45:57.000000000","message":"I don\u0027t think the current implementation of security-group can be totally compatible with AWS. We borrowed the concept from AWS but have different implementations.\n\nI think, --logging {kw-lists} is suitable for this situation. Not necessary to add a set of new APIs.","commit_id":"c6f1ba00b2880af4c1a2251e2ddff468523c3dcf"},{"author":{"_account_id":13702,"name":"yushiro","username":"yushiro","inactive":true},"change_message_id":"f7258945f349071922675a57ab4c599eeceeae61","unresolved":false,"context_lines":[{"line_number":302,"context_line":"------------"},{"line_number":303,"context_line":""},{"line_number":304,"context_line":"Changing the security-group API/DB column by adding a logging function"},{"line_number":305,"context_line":"would break the compatibility with the AWS Security-group [1]. For the same reason,"},{"line_number":306,"context_line":"we should avoid changing the API/DB column in FWaaS [2]."},{"line_number":307,"context_line":""},{"line_number":308,"context_line":"Hence, the common API that set logging configuration is necessary."}],"source_content_type":"text/x-rst","patch_set":13,"id":"1a4dcd0f_e098bc1d","line":305,"in_reply_to":"1a4dcd0f_e0d67c26","updated":"2015-08-11 07:51:05.000000000","message":"We discussed to mestery about logging API as follows:\n\n* http://eavesdrop.openstack.org/meetings/networking/2015/networking.2015-07-06-21.00.log.html \n\n21:23:48 \u003choangcx\u003e So I would like to continue discuss and get decision about which approach [support NEW packet logging API or extend current SG API] should be ok for approval?\n\n21:24:27 \u003cmestery\u003e If we\u0027re leaning towards not deviating from AWS, then it seems like the natural way forward is a new API\n\nThat\u0027s why we decided to implement the new logging API.\n\nHere is the our previous specs/implementation:\n\n* https://review.openstack.org/#/c/132134/ \n* https://review.openstack.org/#/c/187143/","commit_id":"c6f1ba00b2880af4c1a2251e2ddff468523c3dcf"},{"author":{"_account_id":6524,"name":"Henry Gessau","email":"HenryG@gessau.net","username":"gessau"},"change_message_id":"f0f9a763c32b8c79a4ad4f8769a2a3a1ab47580e","unresolved":false,"context_lines":[{"line_number":362,"context_line":"Documentation Impact"},{"line_number":363,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":364,"context_line":""},{"line_number":365,"context_line":"None"},{"line_number":366,"context_line":""},{"line_number":367,"context_line":"User Documentation"},{"line_number":368,"context_line":"------------------"}],"source_content_type":"text/x-rst","patch_set":13,"id":"1a4dcd0f_f7f164ce","line":365,"updated":"2015-08-11 03:01:20.000000000","message":"Wrong!","commit_id":"c6f1ba00b2880af4c1a2251e2ddff468523c3dcf"},{"author":{"_account_id":13702,"name":"yushiro","username":"yushiro","inactive":true},"change_message_id":"f7258945f349071922675a57ab4c599eeceeae61","unresolved":false,"context_lines":[{"line_number":362,"context_line":"Documentation Impact"},{"line_number":363,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":364,"context_line":""},{"line_number":365,"context_line":"None"},{"line_number":366,"context_line":""},{"line_number":367,"context_line":"User Documentation"},{"line_number":368,"context_line":"------------------"}],"source_content_type":"text/x-rst","patch_set":13,"id":"1a4dcd0f_807c5873","line":365,"in_reply_to":"1a4dcd0f_f7f164ce","updated":"2015-08-11 07:51:05.000000000","message":"Done !!!","commit_id":"c6f1ba00b2880af4c1a2251e2ddff468523c3dcf"},{"author":{"_account_id":6524,"name":"Henry Gessau","email":"HenryG@gessau.net","username":"gessau"},"change_message_id":"f0f9a763c32b8c79a4ad4f8769a2a3a1ab47580e","unresolved":false,"context_lines":[{"line_number":367,"context_line":"User Documentation"},{"line_number":368,"context_line":"------------------"},{"line_number":369,"context_line":""},{"line_number":370,"context_line":"None"},{"line_number":371,"context_line":""},{"line_number":372,"context_line":"Developer Documentation"},{"line_number":373,"context_line":"-----------------------"}],"source_content_type":"text/x-rst","patch_set":13,"id":"1a4dcd0f_77823402","line":370,"updated":"2015-08-11 03:01:20.000000000","message":"Since the (admin) operator can use this API, consider adding some usage info in the networking guide.","commit_id":"c6f1ba00b2880af4c1a2251e2ddff468523c3dcf"},{"author":{"_account_id":13702,"name":"yushiro","username":"yushiro","inactive":true},"change_message_id":"f7258945f349071922675a57ab4c599eeceeae61","unresolved":false,"context_lines":[{"line_number":367,"context_line":"User Documentation"},{"line_number":368,"context_line":"------------------"},{"line_number":369,"context_line":""},{"line_number":370,"context_line":"None"},{"line_number":371,"context_line":""},{"line_number":372,"context_line":"Developer Documentation"},{"line_number":373,"context_line":"-----------------------"}],"source_content_type":"text/x-rst","patch_set":13,"id":"1a4dcd0f_80f3f809","line":370,"in_reply_to":"1a4dcd0f_77823402","updated":"2015-08-11 07:51:05.000000000","message":"Done","commit_id":"c6f1ba00b2880af4c1a2251e2ddff468523c3dcf"},{"author":{"_account_id":6524,"name":"Henry Gessau","email":"HenryG@gessau.net","username":"gessau"},"change_message_id":"f0f9a763c32b8c79a4ad4f8769a2a3a1ab47580e","unresolved":false,"context_lines":[{"line_number":373,"context_line":"-----------------------"},{"line_number":374,"context_line":""},{"line_number":375,"context_line":"* Write how to enable the logging"},{"line_number":376,"context_line":"* Write description of each field of log data"},{"line_number":377,"context_line":""},{"line_number":378,"context_line":"References"},{"line_number":379,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"}],"source_content_type":"text/x-rst","patch_set":13,"id":"1a4dcd0f_9738203f","line":376,"updated":"2015-08-11 03:01:20.000000000","message":"Why document this for developers only?","commit_id":"c6f1ba00b2880af4c1a2251e2ddff468523c3dcf"},{"author":{"_account_id":13702,"name":"yushiro","username":"yushiro","inactive":true},"change_message_id":"f7258945f349071922675a57ab4c599eeceeae61","unresolved":false,"context_lines":[{"line_number":373,"context_line":"-----------------------"},{"line_number":374,"context_line":""},{"line_number":375,"context_line":"* Write how to enable the logging"},{"line_number":376,"context_line":"* Write description of each field of log data"},{"line_number":377,"context_line":""},{"line_number":378,"context_line":"References"},{"line_number":379,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"}],"source_content_type":"text/x-rst","patch_set":13,"id":"1a4dcd0f_20e30435","line":376,"in_reply_to":"1a4dcd0f_9738203f","updated":"2015-08-11 07:51:05.000000000","message":"You\u0027re right. I will update this section as above answer.","commit_id":"c6f1ba00b2880af4c1a2251e2ddff468523c3dcf"},{"author":{"_account_id":10850,"name":"German Eichberger","email":"german.eichberger@gmail.com","username":"german"},"change_message_id":"c9251cc1759213e7ce1ef56db39d5f230cba3368","unresolved":false,"context_lines":[{"line_number":43,"context_line":"  for security-group and firewall rules as a first implementation of the logging API."},{"line_number":44,"context_line":""},{"line_number":45,"context_line":"* The logging API will output log data into logfile other than syslog"},{"line_number":46,"context_line":"  and then transfer it to destination/remote nodes which support rsyslog server."},{"line_number":47,"context_line":""},{"line_number":48,"context_line":"  * The logging API will support logrotate feature in case of storing the logs"},{"line_number":49,"context_line":"    at own host. We will use Log rotate in Linux feature."}],"source_content_type":"text/x-rst","patch_set":14,"id":"1a4dcd0f_5b07b1c9","line":46,"updated":"2015-08-12 21:13:27.000000000","message":"several centralized logging systems have their own transport mechanism -- so I would leave it to the specific operator on how he wants to transport logs of the machine","commit_id":"63d22c8b54e70cd136e3030048ab7670b8ec4023"},{"author":{"_account_id":13702,"name":"yushiro","username":"yushiro","inactive":true},"change_message_id":"1d08fb2229505c342be30cb9bf23e70a980c878b","unresolved":false,"context_lines":[{"line_number":43,"context_line":"  for security-group and firewall rules as a first implementation of the logging API."},{"line_number":44,"context_line":""},{"line_number":45,"context_line":"* The logging API will output log data into logfile other than syslog"},{"line_number":46,"context_line":"  and then transfer it to destination/remote nodes which support rsyslog server."},{"line_number":47,"context_line":""},{"line_number":48,"context_line":"  * The logging API will support logrotate feature in case of storing the logs"},{"line_number":49,"context_line":"    at own host. We will use Log rotate in Linux feature."}],"source_content_type":"text/x-rst","patch_set":14,"id":"1a4dcd0f_e54b5785","line":46,"in_reply_to":"1a4dcd0f_5b07b1c9","updated":"2015-08-13 14:23:30.000000000","message":"Yes. This spec supports for both cases you mentioned.\n\n1st case: This is for common usecase that using rsyslog feature. Please refer http://docs.openstack.org/openstack-ops/content/logging_monitoring.html\nFor this case: operator use --destination attribute to specify a destination.\n\n2nd case: With several centralized logging have their own transport mechanism.\nIn this case, operator does not need to specify --destination attribute and log data will be stored at it own host (L209 and L227).\nThen they can do further tasks with their transport mechanism.","commit_id":"63d22c8b54e70cd136e3030048ab7670b8ec4023"},{"author":{"_account_id":10850,"name":"German Eichberger","email":"german.eichberger@gmail.com","username":"german"},"change_message_id":"c9251cc1759213e7ce1ef56db39d5f230cba3368","unresolved":false,"context_lines":[{"line_number":49,"context_line":"    at own host. We will use Log rotate in Linux feature."},{"line_number":50,"context_line":"  * Operators can setup log rotate configuration when installing neutron environment."},{"line_number":51,"context_line":""},{"line_number":52,"context_line":"* Only operators (or Cloud admins, developers etc) with \"admin\" role can enable/disable logging."},{"line_number":53,"context_line":""},{"line_number":54,"context_line":"  * We will support for tenant user use cases in the near future."},{"line_number":55,"context_line":""}],"source_content_type":"text/x-rst","patch_set":14,"id":"1a4dcd0f_5bbc91db","line":52,"updated":"2015-08-12 21:13:27.000000000","message":"\u003crant\u003eOne beef I have with OpenStack is the lack of  a better security/role model.  I would assume we might want to add a role \"Logadmin\" or similar to allow some delegation\u003c/rant\u003e","commit_id":"63d22c8b54e70cd136e3030048ab7670b8ec4023"},{"author":{"_account_id":13702,"name":"yushiro","username":"yushiro","inactive":true},"change_message_id":"1d08fb2229505c342be30cb9bf23e70a980c878b","unresolved":false,"context_lines":[{"line_number":49,"context_line":"    at own host. We will use Log rotate in Linux feature."},{"line_number":50,"context_line":"  * Operators can setup log rotate configuration when installing neutron environment."},{"line_number":51,"context_line":""},{"line_number":52,"context_line":"* Only operators (or Cloud admins, developers etc) with \"admin\" role can enable/disable logging."},{"line_number":53,"context_line":""},{"line_number":54,"context_line":"  * We will support for tenant user use cases in the near future."},{"line_number":55,"context_line":""}],"source_content_type":"text/x-rst","patch_set":14,"id":"1a4dcd0f_6560a701","line":52,"in_reply_to":"1a4dcd0f_5bbc91db","updated":"2015-08-13 14:23:30.000000000","message":"I see. As you know that we do not have \"Logadmin\" or similar role with OpenStack for now.\nSo we may still keep \"admin\" role for currently. Is that OK?","commit_id":"63d22c8b54e70cd136e3030048ab7670b8ec4023"},{"author":{"_account_id":10850,"name":"German Eichberger","email":"german.eichberger@gmail.com","username":"german"},"change_message_id":"c9251cc1759213e7ce1ef56db39d5f230cba3368","unresolved":false,"context_lines":[{"line_number":61,"context_line":""},{"line_number":62,"context_line":"* The following data are candidates to be logged."},{"line_number":63,"context_line":"  (those data after \u0027IN\u0027 can be obtained from iptables [3])"},{"line_number":64,"context_line":"* As a first implementation of the logging API we support logging of packets"},{"line_number":65,"context_line":"  events for security-group and firewall rules."},{"line_number":66,"context_line":""},{"line_number":67,"context_line":":dir:"}],"source_content_type":"text/x-rst","patch_set":14,"id":"1a4dcd0f_fb923d56","line":64,"updated":"2015-08-12 21:13:27.000000000","message":"Logging of packets has some security impact so this needs to be assessed","commit_id":"63d22c8b54e70cd136e3030048ab7670b8ec4023"},{"author":{"_account_id":13702,"name":"yushiro","username":"yushiro","inactive":true},"change_message_id":"1d08fb2229505c342be30cb9bf23e70a980c878b","unresolved":false,"context_lines":[{"line_number":61,"context_line":""},{"line_number":62,"context_line":"* The following data are candidates to be logged."},{"line_number":63,"context_line":"  (those data after \u0027IN\u0027 can be obtained from iptables [3])"},{"line_number":64,"context_line":"* As a first implementation of the logging API we support logging of packets"},{"line_number":65,"context_line":"  events for security-group and firewall rules."},{"line_number":66,"context_line":""},{"line_number":67,"context_line":":dir:"}],"source_content_type":"text/x-rst","patch_set":14,"id":"1a4dcd0f_e532770f","line":64,"in_reply_to":"1a4dcd0f_fb923d56","updated":"2015-08-13 14:23:30.000000000","message":"Yes. Thank you for your comment. I will follow.","commit_id":"63d22c8b54e70cd136e3030048ab7670b8ec4023"},{"author":{"_account_id":10850,"name":"German Eichberger","email":"german.eichberger@gmail.com","username":"german"},"change_message_id":"c9251cc1759213e7ce1ef56db39d5f230cba3368","unresolved":false,"context_lines":[{"line_number":251,"context_line":"Security Impact"},{"line_number":252,"context_line":"---------------"},{"line_number":253,"context_line":""},{"line_number":254,"context_line":"None"},{"line_number":255,"context_line":""},{"line_number":256,"context_line":"Notifications Impact"},{"line_number":257,"context_line":"--------------------"}],"source_content_type":"text/x-rst","patch_set":14,"id":"1a4dcd0f_5bdfb10c","line":254,"updated":"2015-08-12 21:13:27.000000000","message":"I disagree -- allowing for packet logs and or traffic logs exposes additional threats (e.g. eavesdropping)","commit_id":"63d22c8b54e70cd136e3030048ab7670b8ec4023"},{"author":{"_account_id":13702,"name":"yushiro","username":"yushiro","inactive":true},"change_message_id":"1d08fb2229505c342be30cb9bf23e70a980c878b","unresolved":false,"context_lines":[{"line_number":251,"context_line":"Security Impact"},{"line_number":252,"context_line":"---------------"},{"line_number":253,"context_line":""},{"line_number":254,"context_line":"None"},{"line_number":255,"context_line":""},{"line_number":256,"context_line":"Notifications Impact"},{"line_number":257,"context_line":"--------------------"}],"source_content_type":"text/x-rst","patch_set":14,"id":"1a4dcd0f_650e673c","line":254,"in_reply_to":"1a4dcd0f_5bdfb10c","updated":"2015-08-13 14:23:30.000000000","message":"I think it will impact when this API supports for tenant users usecases. Currently, this spec is limitted for operator with \"admin\" role only.\nAnyway, I will update this section as your suggestion:","commit_id":"63d22c8b54e70cd136e3030048ab7670b8ec4023"},{"author":{"_account_id":10850,"name":"German Eichberger","email":"german.eichberger@gmail.com","username":"german"},"change_message_id":"c9251cc1759213e7ce1ef56db39d5f230cba3368","unresolved":false,"context_lines":[{"line_number":351,"context_line":"Functional Tests"},{"line_number":352,"context_line":"----------------"},{"line_number":353,"context_line":""},{"line_number":354,"context_line":"Regression test with the logging feature enabled"},{"line_number":355,"context_line":""},{"line_number":356,"context_line":"API Tests"},{"line_number":357,"context_line":"---------"}],"source_content_type":"text/x-rst","patch_set":14,"id":"1a4dcd0f_1b336963","line":354,"updated":"2015-08-12 21:13:27.000000000","message":"I think you need also to test if the logging feature actually works -- not only if it breaks something","commit_id":"63d22c8b54e70cd136e3030048ab7670b8ec4023"},{"author":{"_account_id":13702,"name":"yushiro","username":"yushiro","inactive":true},"change_message_id":"1d08fb2229505c342be30cb9bf23e70a980c878b","unresolved":false,"context_lines":[{"line_number":351,"context_line":"Functional Tests"},{"line_number":352,"context_line":"----------------"},{"line_number":353,"context_line":""},{"line_number":354,"context_line":"Regression test with the logging feature enabled"},{"line_number":355,"context_line":""},{"line_number":356,"context_line":"API Tests"},{"line_number":357,"context_line":"---------"}],"source_content_type":"text/x-rst","patch_set":14,"id":"1a4dcd0f_f803fa0a","line":354,"in_reply_to":"1a4dcd0f_1b336963","updated":"2015-08-13 14:23:30.000000000","message":"Yes. I will append \"Test if the logging feature actually works\" to this section in next revision.","commit_id":"63d22c8b54e70cd136e3030048ab7670b8ec4023"},{"author":{"_account_id":13109,"name":"Germy Lure","email":"germylure@gmail.com"},"change_message_id":"d41a2043f0729edf44922acfdc40221b3a28509f","unresolved":false,"context_lines":[{"line_number":10,"context_line":""},{"line_number":11,"context_line":"https://bugs.launchpad.net/neutron/+bug/1468366"},{"line_number":12,"context_line":""},{"line_number":13,"context_line":"Logging is currently a missing feature in security-group \u0026 firewall."},{"line_number":14,"context_line":"It is critical for troubleshooting."},{"line_number":15,"context_line":"Changing the security-group API/DB column by adding a logging function would break"},{"line_number":16,"context_line":"the compatibility with the AWS security-group."}],"source_content_type":"text/x-rst","patch_set":16,"id":"da20952f_6056b6cf","line":13,"updated":"2015-08-29 02:35:49.000000000","message":"counter is also a missing one. Would pls consider it together?","commit_id":"dbea13fe379f4a4b1701417262922f79dd67d74a"},{"author":{"_account_id":4656,"name":"Sean M. Collins","email":"sean@coreitpro.com","username":"scollins"},"change_message_id":"4475e32a893ec012e45e2158890a655d0f26bf4c","unresolved":false,"context_lines":[{"line_number":161,"context_line":"* --log_level can be \u0027info\u0027, \u0027warn\u0027, \u0027error\u0027, \u0027debug\u0027 or \u0027notice\u0027 for security group rules resource."},{"line_number":162,"context_line":"    And only support default \u0027info\u0027 log level for firewall rules resource."},{"line_number":163,"context_line":""},{"line_number":164,"context_line":"* --destination can be any node where support rsyslog server. And in the server side,"},{"line_number":165,"context_line":"    the log file will be named as follows and placed into folder that named by source ip."},{"line_number":166,"context_line":""},{"line_number":167,"context_line":"  * fw_rules : \u0027fw_rules\u0027 + \u003ctenant_id\u003e"}],"source_content_type":"text/x-rst","patch_set":16,"id":"fa1b9901_2423fe59","line":164,"updated":"2015-08-25 15:18:06.000000000","message":"Is this the only supported logging driver now? Syslog? We\u0027re going to bake that right into the API, that we must use syslog?","commit_id":"dbea13fe379f4a4b1701417262922f79dd67d74a"},{"author":{"_account_id":13109,"name":"Germy Lure","email":"germylure@gmail.com"},"change_message_id":"a495871971fcbeaa1ebc55dcc5f723062af2c828","unresolved":false,"context_lines":[{"line_number":10,"context_line":""},{"line_number":11,"context_line":"https://bugs.launchpad.net/neutron/+bug/1468366"},{"line_number":12,"context_line":""},{"line_number":13,"context_line":"Logging is currently a missing feature in security-group \u0026 firewall."},{"line_number":14,"context_line":"It is critical for troubleshooting."},{"line_number":15,"context_line":"Changing the security-group API/DB column by adding a logging function would break"},{"line_number":16,"context_line":"the compatibility with the AWS security-group."}],"source_content_type":"text/x-rst","patch_set":17,"id":"da20952f_40205248","line":13,"updated":"2015-08-29 03:32:16.000000000","message":"Counter is also a missing one. Would you pls consider it together?","commit_id":"57d7051d62c09be7d2e32ea99db7ca3069779878"},{"author":{"_account_id":15905,"name":"Cao Xuan Hoang","email":"xuanhoangqb@gmail.com","username":"hoangcx"},"change_message_id":"34f0a6c51ec33620fae477a0a6b32f1771fea7c1","unresolved":false,"context_lines":[{"line_number":10,"context_line":""},{"line_number":11,"context_line":"https://bugs.launchpad.net/neutron/+bug/1468366"},{"line_number":12,"context_line":""},{"line_number":13,"context_line":"Logging is currently a missing feature in security-group \u0026 firewall."},{"line_number":14,"context_line":"It is critical for troubleshooting."},{"line_number":15,"context_line":"Changing the security-group API/DB column by adding a logging function would break"},{"line_number":16,"context_line":"the compatibility with the AWS security-group."}],"source_content_type":"text/x-rst","patch_set":17,"id":"ba15a1d1_dd0fb42c","line":13,"in_reply_to":"ba15a1d1_9a8f05cc","updated":"2015-09-15 09:48:59.000000000","message":"@Germy: Those features aren\u0027t so urgent. But it\u0027s still in road map to put it in.\n\nRefer: http://eavesdrop.openstack.org/meetings/networking_fwaas/2015/networking_fwaas.2015-06-17-18.32.log.html\n\n18:57:07 \u003choangcx\u003e About Hitcount function: Now we are under consideration. \n\n18:57:55 \u003cSridarK\u003e hoangcx: no worries - the hit count is something that yushiro and i also discussed at the summit and there was an earlier proposal to integrate with ceilometer. \n\n18:58:26 \u003cSridarK\u003e we can also get that moving with Pradeep Kilambi who was looking at ceilometer","commit_id":"57d7051d62c09be7d2e32ea99db7ca3069779878"},{"author":{"_account_id":11682,"name":"Ryan Moats","email":"rmoats@us.ibm.com","username":"regXboi"},"change_message_id":"b9dec33d147f3fe553ef102af4471769af26d1f2","unresolved":false,"context_lines":[{"line_number":10,"context_line":""},{"line_number":11,"context_line":"https://bugs.launchpad.net/neutron/+bug/1468366"},{"line_number":12,"context_line":""},{"line_number":13,"context_line":"Logging is currently a missing feature in security-group \u0026 firewall."},{"line_number":14,"context_line":"It is critical for troubleshooting."},{"line_number":15,"context_line":"Changing the security-group API/DB column by adding a logging function would break"},{"line_number":16,"context_line":"the compatibility with the AWS security-group."}],"source_content_type":"text/x-rst","patch_set":17,"id":"da20952f_f3f31971","line":13,"in_reply_to":"da20952f_40205248","updated":"2015-09-01 13:12:18.000000000","message":"@Germy: what are you looking for above and beyond what is in the metering extension?","commit_id":"57d7051d62c09be7d2e32ea99db7ca3069779878"},{"author":{"_account_id":13109,"name":"Germy Lure","email":"germylure@gmail.com"},"change_message_id":"cf41776891917c1e8f16207185b3bf1ffc4e9959","unresolved":false,"context_lines":[{"line_number":10,"context_line":""},{"line_number":11,"context_line":"https://bugs.launchpad.net/neutron/+bug/1468366"},{"line_number":12,"context_line":""},{"line_number":13,"context_line":"Logging is currently a missing feature in security-group \u0026 firewall."},{"line_number":14,"context_line":"It is critical for troubleshooting."},{"line_number":15,"context_line":"Changing the security-group API/DB column by adding a logging function would break"},{"line_number":16,"context_line":"the compatibility with the AWS security-group."}],"source_content_type":"text/x-rst","patch_set":17,"id":"ba15a1d1_9a8f05cc","line":13,"in_reply_to":"da20952f_9c9c2910","updated":"2015-09-15 08:38:49.000000000","message":"@Ryan,@Yushiro Yes, I meant \"hit count\". \n\nAnd \"redirect\" also is another important feature(only for FWaaS?).\nIs it possible that we can think of them together? And use the same framework to implement them.","commit_id":"57d7051d62c09be7d2e32ea99db7ca3069779878"},{"author":{"_account_id":13702,"name":"yushiro","username":"yushiro","inactive":true},"change_message_id":"f59858593589bb56e077293bf442ef6f44fdb3b0","unresolved":false,"context_lines":[{"line_number":10,"context_line":""},{"line_number":11,"context_line":"https://bugs.launchpad.net/neutron/+bug/1468366"},{"line_number":12,"context_line":""},{"line_number":13,"context_line":"Logging is currently a missing feature in security-group \u0026 firewall."},{"line_number":14,"context_line":"It is critical for troubleshooting."},{"line_number":15,"context_line":"Changing the security-group API/DB column by adding a logging function would break"},{"line_number":16,"context_line":"the compatibility with the AWS security-group."}],"source_content_type":"text/x-rst","patch_set":17,"id":"da20952f_9c9c2910","line":13,"in_reply_to":"da20952f_f3f31971","updated":"2015-09-08 11:26:55.000000000","message":"@Germy,\nWould you please give me more detail information about \"Counter\"?\nYou mean is it \"hit count\" feature to archive log?  or is it metering extension feature as Ryan\u0027s comment?","commit_id":"57d7051d62c09be7d2e32ea99db7ca3069779878"},{"author":{"_account_id":13109,"name":"Germy Lure","email":"germylure@gmail.com"},"change_message_id":"a495871971fcbeaa1ebc55dcc5f723062af2c828","unresolved":false,"context_lines":[{"line_number":79,"context_line":":PHYSOUT:"},{"line_number":80,"context_line":"    Physical output device [Only for security-group resource]"},{"line_number":81,"context_line":":MAC:"},{"line_number":82,"context_line":"    MAC address(destination MAC:source MAC)"},{"line_number":83,"context_line":":SRC:"},{"line_number":84,"context_line":"    Source IP address"},{"line_number":85,"context_line":":DST:"}],"source_content_type":"text/x-rst","patch_set":17,"id":"da20952f_60b47681","line":82,"updated":"2015-08-29 03:32:16.000000000","message":"Can we change it to \"dmac-smac\" or something else but \":\"?","commit_id":"57d7051d62c09be7d2e32ea99db7ca3069779878"},{"author":{"_account_id":15905,"name":"Cao Xuan Hoang","email":"xuanhoangqb@gmail.com","username":"hoangcx"},"change_message_id":"34f0a6c51ec33620fae477a0a6b32f1771fea7c1","unresolved":false,"context_lines":[{"line_number":79,"context_line":":PHYSOUT:"},{"line_number":80,"context_line":"    Physical output device [Only for security-group resource]"},{"line_number":81,"context_line":":MAC:"},{"line_number":82,"context_line":"    MAC address(destination MAC:source MAC)"},{"line_number":83,"context_line":":SRC:"},{"line_number":84,"context_line":"    Source IP address"},{"line_number":85,"context_line":":DST:"}],"source_content_type":"text/x-rst","patch_set":17,"id":"ba15a1d1_671cd977","line":82,"in_reply_to":"ba15a1d1_5abe4dd5","updated":"2015-09-15 09:48:59.000000000","message":"I think you are confusing something about this.\nThose log data can only be read by operators. (See L52-L54)\n\nFor tenant user: Those data needs to be further processing before showed to them. I mean logging direction feature (ex: by using Monasca or some others), it will be proposed to combine with this in near further.","commit_id":"57d7051d62c09be7d2e32ea99db7ca3069779878"},{"author":{"_account_id":13109,"name":"Germy Lure","email":"germylure@gmail.com"},"change_message_id":"cf41776891917c1e8f16207185b3bf1ffc4e9959","unresolved":false,"context_lines":[{"line_number":79,"context_line":":PHYSOUT:"},{"line_number":80,"context_line":"    Physical output device [Only for security-group resource]"},{"line_number":81,"context_line":":MAC:"},{"line_number":82,"context_line":"    MAC address(destination MAC:source MAC)"},{"line_number":83,"context_line":":SRC:"},{"line_number":84,"context_line":"    Source IP address"},{"line_number":85,"context_line":":DST:"}],"source_content_type":"text/x-rst","patch_set":17,"id":"ba15a1d1_5abe4dd5","line":82,"in_reply_to":"da20952f_5c7531ca","updated":"2015-09-15 08:38:49.000000000","message":"Is it difficult to do that? \":\" is hard to read for any user.","commit_id":"57d7051d62c09be7d2e32ea99db7ca3069779878"},{"author":{"_account_id":13702,"name":"yushiro","username":"yushiro","inactive":true},"change_message_id":"f59858593589bb56e077293bf442ef6f44fdb3b0","unresolved":false,"context_lines":[{"line_number":79,"context_line":":PHYSOUT:"},{"line_number":80,"context_line":"    Physical output device [Only for security-group resource]"},{"line_number":81,"context_line":":MAC:"},{"line_number":82,"context_line":"    MAC address(destination MAC:source MAC)"},{"line_number":83,"context_line":":SRC:"},{"line_number":84,"context_line":"    Source IP address"},{"line_number":85,"context_line":":DST:"}],"source_content_type":"text/x-rst","patch_set":17,"id":"da20952f_5c7531ca","line":82,"in_reply_to":"da20952f_60b47681","updated":"2015-09-08 11:26:55.000000000","message":"Actually, it is just make clear that we have destination MAC field and source MAC field in the log data.\nAnd it is default conjunction by Linux feature.","commit_id":"57d7051d62c09be7d2e32ea99db7ca3069779878"},{"author":{"_account_id":13109,"name":"Germy Lure","email":"germylure@gmail.com"},"change_message_id":"a495871971fcbeaa1ebc55dcc5f723062af2c828","unresolved":false,"context_lines":[{"line_number":161,"context_line":"* --log_level can be \u0027info\u0027, \u0027warn\u0027, \u0027error\u0027, \u0027debug\u0027 or \u0027notice\u0027 for security group rules resource."},{"line_number":162,"context_line":"    And only support default \u0027info\u0027 log level for firewall rules resource."},{"line_number":163,"context_line":""},{"line_number":164,"context_line":"* --destination can be any node where support rsyslog server. And in the server side,"},{"line_number":165,"context_line":"    the log file will be named as follows and placed into folder that named by source ip."},{"line_number":166,"context_line":""},{"line_number":167,"context_line":"  * fw_rules : \u0027fw_rules\u0027 + \u003ctenant_id\u003e"}],"source_content_type":"text/x-rst","patch_set":17,"id":"da20952f_8b9d2bbe","line":164,"updated":"2015-08-29 03:32:16.000000000","message":"Only IP and port enough? Do we need an account? usrname and passwd?","commit_id":"57d7051d62c09be7d2e32ea99db7ca3069779878"},{"author":{"_account_id":15905,"name":"Cao Xuan Hoang","email":"xuanhoangqb@gmail.com","username":"hoangcx"},"change_message_id":"34f0a6c51ec33620fae477a0a6b32f1771fea7c1","unresolved":false,"context_lines":[{"line_number":161,"context_line":"* --log_level can be \u0027info\u0027, \u0027warn\u0027, \u0027error\u0027, \u0027debug\u0027 or \u0027notice\u0027 for security group rules resource."},{"line_number":162,"context_line":"    And only support default \u0027info\u0027 log level for firewall rules resource."},{"line_number":163,"context_line":""},{"line_number":164,"context_line":"* --destination can be any node where support rsyslog server. And in the server side,"},{"line_number":165,"context_line":"    the log file will be named as follows and placed into folder that named by source ip."},{"line_number":166,"context_line":""},{"line_number":167,"context_line":"  * fw_rules : \u0027fw_rules\u0027 + \u003ctenant_id\u003e"}],"source_content_type":"text/x-rst","patch_set":17,"id":"ba15a1d1_eaabd0d4","line":164,"in_reply_to":"ba15a1d1_daf57dcb","updated":"2015-09-15 09:48:59.000000000","message":"I have just updated new revisions to support flexible choosing logger drivers (Syslog logger - or a Splunk logger, or File logger, or Swift logger). So that they can propose a solution as their demand (account authorize necessary or not).\n\nFor Rsyslog logger, we don\u0027t need it. Please refer: http://docs.openstack.org/openstack-ops/content/logging_monitoring.html#centrally-managing-logs","commit_id":"57d7051d62c09be7d2e32ea99db7ca3069779878"},{"author":{"_account_id":13109,"name":"Germy Lure","email":"germylure@gmail.com"},"change_message_id":"cf41776891917c1e8f16207185b3bf1ffc4e9959","unresolved":false,"context_lines":[{"line_number":161,"context_line":"* --log_level can be \u0027info\u0027, \u0027warn\u0027, \u0027error\u0027, \u0027debug\u0027 or \u0027notice\u0027 for security group rules resource."},{"line_number":162,"context_line":"    And only support default \u0027info\u0027 log level for firewall rules resource."},{"line_number":163,"context_line":""},{"line_number":164,"context_line":"* --destination can be any node where support rsyslog server. And in the server side,"},{"line_number":165,"context_line":"    the log file will be named as follows and placed into folder that named by source ip."},{"line_number":166,"context_line":""},{"line_number":167,"context_line":"  * fw_rules : \u0027fw_rules\u0027 + \u003ctenant_id\u003e"}],"source_content_type":"text/x-rst","patch_set":17,"id":"ba15a1d1_daf57dcb","line":164,"in_reply_to":"da20952f_3360a8cf","updated":"2015-09-15 08:38:49.000000000","message":"I can\u0027t see anything about account.\nDon\u0027t we need an account to store logs to \"remote host\"?","commit_id":"57d7051d62c09be7d2e32ea99db7ca3069779878"},{"author":{"_account_id":13702,"name":"yushiro","username":"yushiro","inactive":true},"change_message_id":"f59858593589bb56e077293bf442ef6f44fdb3b0","unresolved":false,"context_lines":[{"line_number":161,"context_line":"* --log_level can be \u0027info\u0027, \u0027warn\u0027, \u0027error\u0027, \u0027debug\u0027 or \u0027notice\u0027 for security group rules resource."},{"line_number":162,"context_line":"    And only support default \u0027info\u0027 log level for firewall rules resource."},{"line_number":163,"context_line":""},{"line_number":164,"context_line":"* --destination can be any node where support rsyslog server. And in the server side,"},{"line_number":165,"context_line":"    the log file will be named as follows and placed into folder that named by source ip."},{"line_number":166,"context_line":""},{"line_number":167,"context_line":"  * fw_rules : \u0027fw_rules\u0027 + \u003ctenant_id\u003e"}],"source_content_type":"text/x-rst","patch_set":17,"id":"da20952f_3360a8cf","line":164,"in_reply_to":"da20952f_8b9d2bbe","updated":"2015-09-08 11:26:55.000000000","message":"Thank you for your comment.\n\nI\u0027ll consider the above case.  I\u0027ll update the patch soon.","commit_id":"57d7051d62c09be7d2e32ea99db7ca3069779878"},{"author":{"_account_id":13109,"name":"Germy Lure","email":"germylure@gmail.com"},"change_message_id":"a495871971fcbeaa1ebc55dcc5f723062af2c828","unresolved":false,"context_lines":[{"line_number":272,"context_line":""},{"line_number":273,"context_line":"None"},{"line_number":274,"context_line":""},{"line_number":275,"context_line":"Performance Impact"},{"line_number":276,"context_line":"------------------"},{"line_number":277,"context_line":""},{"line_number":278,"context_line":"Current design is to log data directory into logfile, but considering"}],"source_content_type":"text/x-rst","patch_set":17,"id":"da20952f_60cf9629","line":275,"updated":"2015-08-29 03:32:16.000000000","message":"Can you give some rough data to show the impact? bandwidth? latency?","commit_id":"57d7051d62c09be7d2e32ea99db7ca3069779878"},{"author":{"_account_id":15905,"name":"Cao Xuan Hoang","email":"xuanhoangqb@gmail.com","username":"hoangcx"},"change_message_id":"34f0a6c51ec33620fae477a0a6b32f1771fea7c1","unresolved":false,"context_lines":[{"line_number":272,"context_line":""},{"line_number":273,"context_line":"None"},{"line_number":274,"context_line":""},{"line_number":275,"context_line":"Performance Impact"},{"line_number":276,"context_line":"------------------"},{"line_number":277,"context_line":""},{"line_number":278,"context_line":"Current design is to log data directory into logfile, but considering"}],"source_content_type":"text/x-rst","patch_set":17,"id":"ba15a1d1_ca7dac1d","line":275,"in_reply_to":"ba15a1d1_efb445f3","updated":"2015-09-15 09:48:59.000000000","message":"I totally agree with you. I will consider about performance impact. \n\nCurrently, we are proposing to support flexible choosing logger drivers. So the problem is that which logger is suitable for user\u0027s demand. I guess.","commit_id":"57d7051d62c09be7d2e32ea99db7ca3069779878"},{"author":{"_account_id":13702,"name":"yushiro","username":"yushiro","inactive":true},"change_message_id":"f59858593589bb56e077293bf442ef6f44fdb3b0","unresolved":false,"context_lines":[{"line_number":272,"context_line":""},{"line_number":273,"context_line":"None"},{"line_number":274,"context_line":""},{"line_number":275,"context_line":"Performance Impact"},{"line_number":276,"context_line":"------------------"},{"line_number":277,"context_line":""},{"line_number":278,"context_line":"Current design is to log data directory into logfile, but considering"}],"source_content_type":"text/x-rst","patch_set":17,"id":"da20952f_bf7ebf68","line":275,"in_reply_to":"da20952f_60cf9629","updated":"2015-09-08 11:26:55.000000000","message":"Thank you for your consideration. \nWe are currently confirming/filling the specs. So those data will be showed in detail after the spec get approval.","commit_id":"57d7051d62c09be7d2e32ea99db7ca3069779878"},{"author":{"_account_id":13109,"name":"Germy Lure","email":"germylure@gmail.com"},"change_message_id":"cf41776891917c1e8f16207185b3bf1ffc4e9959","unresolved":false,"context_lines":[{"line_number":272,"context_line":""},{"line_number":273,"context_line":"None"},{"line_number":274,"context_line":""},{"line_number":275,"context_line":"Performance Impact"},{"line_number":276,"context_line":"------------------"},{"line_number":277,"context_line":""},{"line_number":278,"context_line":"Current design is to log data directory into logfile, but considering"}],"source_content_type":"text/x-rst","patch_set":17,"id":"ba15a1d1_efb445f3","line":275,"in_reply_to":"da20952f_bf7ebf68","updated":"2015-09-15 08:38:49.000000000","message":"I think the performance impact will be one of the key point to determine whether user will use this feature.\nSo I still think that some rough test data is necessary.","commit_id":"57d7051d62c09be7d2e32ea99db7ca3069779878"},{"author":{"_account_id":13109,"name":"Germy Lure","email":"germylure@gmail.com"},"change_message_id":"a495871971fcbeaa1ebc55dcc5f723062af2c828","unresolved":false,"context_lines":[{"line_number":278,"context_line":"Current design is to log data directory into logfile, but considering"},{"line_number":279,"context_line":"to log data into memory (e.g. cyclic buffer) to minimize performance overhead."},{"line_number":280,"context_line":""},{"line_number":281,"context_line":"IPv6 Impact"},{"line_number":282,"context_line":"-----------"},{"line_number":283,"context_line":""},{"line_number":284,"context_line":"None"}],"source_content_type":"text/x-rst","patch_set":17,"id":"da20952f_4077f2d2","line":281,"updated":"2015-08-29 03:32:16.000000000","message":"Just support IPv4?","commit_id":"57d7051d62c09be7d2e32ea99db7ca3069779878"},{"author":{"_account_id":13702,"name":"yushiro","username":"yushiro","inactive":true},"change_message_id":"f59858593589bb56e077293bf442ef6f44fdb3b0","unresolved":false,"context_lines":[{"line_number":278,"context_line":"Current design is to log data directory into logfile, but considering"},{"line_number":279,"context_line":"to log data into memory (e.g. cyclic buffer) to minimize performance overhead."},{"line_number":280,"context_line":""},{"line_number":281,"context_line":"IPv6 Impact"},{"line_number":282,"context_line":"-----------"},{"line_number":283,"context_line":""},{"line_number":284,"context_line":"None"}],"source_content_type":"text/x-rst","patch_set":17,"id":"da20952f_ffebd710","line":281,"in_reply_to":"da20952f_4077f2d2","updated":"2015-09-08 11:26:55.000000000","message":"No, we will support both IPv4 and IPv6. I will update this section.","commit_id":"57d7051d62c09be7d2e32ea99db7ca3069779878"},{"author":{"_account_id":13109,"name":"Germy Lure","email":"germylure@gmail.com"},"change_message_id":"cf41776891917c1e8f16207185b3bf1ffc4e9959","unresolved":false,"context_lines":[{"line_number":278,"context_line":"Current design is to log data directory into logfile, but considering"},{"line_number":279,"context_line":"to log data into memory (e.g. cyclic buffer) to minimize performance overhead."},{"line_number":280,"context_line":""},{"line_number":281,"context_line":"IPv6 Impact"},{"line_number":282,"context_line":"-----------"},{"line_number":283,"context_line":""},{"line_number":284,"context_line":"None"}],"source_content_type":"text/x-rst","patch_set":17,"id":"ba15a1d1_8fe34933","line":281,"in_reply_to":"da20952f_ffebd710","updated":"2015-09-15 08:38:49.000000000","message":"Done","commit_id":"57d7051d62c09be7d2e32ea99db7ca3069779878"},{"author":{"_account_id":13109,"name":"Germy Lure","email":"germylure@gmail.com"},"change_message_id":"a495871971fcbeaa1ebc55dcc5f723062af2c828","unresolved":false,"context_lines":[{"line_number":339,"context_line":":For FW:"},{"line_number":340,"context_line":"       ulogd2"},{"line_number":341,"context_line":""},{"line_number":342,"context_line":"Testing"},{"line_number":343,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":344,"context_line":""},{"line_number":345,"context_line":"* Unit Test"}],"source_content_type":"text/x-rst","patch_set":17,"id":"da20952f_8b076bc9","line":342,"updated":"2015-08-29 03:32:16.000000000","message":"Need a performance test","commit_id":"57d7051d62c09be7d2e32ea99db7ca3069779878"},{"author":{"_account_id":15905,"name":"Cao Xuan Hoang","email":"xuanhoangqb@gmail.com","username":"hoangcx"},"change_message_id":"34f0a6c51ec33620fae477a0a6b32f1771fea7c1","unresolved":false,"context_lines":[{"line_number":339,"context_line":":For FW:"},{"line_number":340,"context_line":"       ulogd2"},{"line_number":341,"context_line":""},{"line_number":342,"context_line":"Testing"},{"line_number":343,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":344,"context_line":""},{"line_number":345,"context_line":"* Unit Test"}],"source_content_type":"text/x-rst","patch_set":17,"id":"ba15a1d1_8adc9413","line":342,"in_reply_to":"ba15a1d1_2f831d58","updated":"2015-09-15 09:48:59.000000000","message":"@Germy: Yes. Please check the above comment for the same consideration.","commit_id":"57d7051d62c09be7d2e32ea99db7ca3069779878"},{"author":{"_account_id":13702,"name":"yushiro","username":"yushiro","inactive":true},"change_message_id":"f59858593589bb56e077293bf442ef6f44fdb3b0","unresolved":false,"context_lines":[{"line_number":339,"context_line":":For FW:"},{"line_number":340,"context_line":"       ulogd2"},{"line_number":341,"context_line":""},{"line_number":342,"context_line":"Testing"},{"line_number":343,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":344,"context_line":""},{"line_number":345,"context_line":"* Unit Test"}],"source_content_type":"text/x-rst","patch_set":17,"id":"da20952f_7f6d8798","line":342,"in_reply_to":"da20952f_13800d8a","updated":"2015-09-08 11:26:55.000000000","message":"@Ryan: Thanks for your response. Yes.\n\n@Germy: Please check Ryan\u0027s comment.","commit_id":"57d7051d62c09be7d2e32ea99db7ca3069779878"},{"author":{"_account_id":13109,"name":"Germy Lure","email":"germylure@gmail.com"},"change_message_id":"cf41776891917c1e8f16207185b3bf1ffc4e9959","unresolved":false,"context_lines":[{"line_number":339,"context_line":":For FW:"},{"line_number":340,"context_line":"       ulogd2"},{"line_number":341,"context_line":""},{"line_number":342,"context_line":"Testing"},{"line_number":343,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":344,"context_line":""},{"line_number":345,"context_line":"* Unit Test"}],"source_content_type":"text/x-rst","patch_set":17,"id":"ba15a1d1_2f831d58","line":342,"in_reply_to":"da20952f_7f6d8798","updated":"2015-09-15 08:38:49.000000000","message":"@Ryan,@Yushiro What I mean is that we need some performance test cases, not only unit and functional.\nAnd again, I think the performance impact will be one of the key point to determine whether user will use this feature.","commit_id":"57d7051d62c09be7d2e32ea99db7ca3069779878"},{"author":{"_account_id":11682,"name":"Ryan Moats","email":"rmoats@us.ibm.com","username":"regXboi"},"change_message_id":"b9dec33d147f3fe553ef102af4471769af26d1f2","unresolved":false,"context_lines":[{"line_number":339,"context_line":":For FW:"},{"line_number":340,"context_line":"       ulogd2"},{"line_number":341,"context_line":""},{"line_number":342,"context_line":"Testing"},{"line_number":343,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":344,"context_line":""},{"line_number":345,"context_line":"* Unit Test"}],"source_content_type":"text/x-rst","patch_set":17,"id":"da20952f_13800d8a","line":342,"in_reply_to":"da20952f_8b076bc9","updated":"2015-09-01 13:12:18.000000000","message":"Would performance testing land under rally?","commit_id":"57d7051d62c09be7d2e32ea99db7ca3069779878"},{"author":{"_account_id":7805,"name":"Li Ma","email":"skywalker.nick@gmail.com","username":"Nick"},"change_message_id":"cb2944174b8422ba01ac7a1112c66997f8dfd1d2","unresolved":false,"context_lines":[{"line_number":156,"context_line":"+-----------------+--------+---------------+-------+--------------------------+"},{"line_number":157,"context_line":"|log_level        |string  |N/A            |CRD    |Log levels                |"},{"line_number":158,"context_line":"+-----------------+--------+---------------+-------+--------------------------+"},{"line_number":159,"context_line":"|log_driver_type  |string  |N/A            |R      |Specify type of log driver|"},{"line_number":160,"context_line":"+-----------------+--------+---------------+-------+--------------------------+"},{"line_number":161,"context_line":""},{"line_number":162,"context_line":"The LoggerDriverRsyslog has the following attributes:"}],"source_content_type":"text/x-rst","patch_set":18,"id":"da20952f_0b492431","line":159,"updated":"2015-09-11 04:42:31.000000000","message":"Do you provide a general driver layer that allows others to implement different driver backends?","commit_id":"0e9117f9b0d6dddf7795058e832cd75fbf4f2c1b"},{"author":{"_account_id":15905,"name":"Cao Xuan Hoang","email":"xuanhoangqb@gmail.com","username":"hoangcx"},"change_message_id":"8d9bfb05635559a01327b7bad7dcbde05ab68eeb","unresolved":false,"context_lines":[{"line_number":156,"context_line":"+-----------------+--------+---------------+-------+--------------------------+"},{"line_number":157,"context_line":"|log_level        |string  |N/A            |CRD    |Log levels                |"},{"line_number":158,"context_line":"+-----------------+--------+---------------+-------+--------------------------+"},{"line_number":159,"context_line":"|log_driver_type  |string  |N/A            |R      |Specify type of log driver|"},{"line_number":160,"context_line":"+-----------------+--------+---------------+-------+--------------------------+"},{"line_number":161,"context_line":""},{"line_number":162,"context_line":"The LoggerDriverRsyslog has the following attributes:"}],"source_content_type":"text/x-rst","patch_set":18,"id":"da20952f_777d226c","line":159,"in_reply_to":"da20952f_0b492431","updated":"2015-09-11 08:24:42.000000000","message":"Yes. I am going to propose general driver layer as you mentioned. To avoid the confusing and correct this, I will update in detail in next revision.","commit_id":"0e9117f9b0d6dddf7795058e832cd75fbf4f2c1b"},{"author":{"_account_id":7805,"name":"Li Ma","email":"skywalker.nick@gmail.com","username":"Nick"},"change_message_id":"fb2d67788233924fa35f337dfabda32896ef8b0c","unresolved":false,"context_lines":[{"line_number":156,"context_line":"+-----------------+--------+---------------+-------+--------------------------+"},{"line_number":157,"context_line":"|log_level        |string  |N/A            |CRD    |Log levels                |"},{"line_number":158,"context_line":"+-----------------+--------+---------------+-------+--------------------------+"},{"line_number":159,"context_line":"|log_driver_type  |string  |N/A            |R      |Specify type of log driver|"},{"line_number":160,"context_line":"+-----------------+--------+---------------+-------+--------------------------+"},{"line_number":161,"context_line":""},{"line_number":162,"context_line":"The LoggerDriverRsyslog has the following attributes:"}],"source_content_type":"text/x-rst","patch_set":18,"id":"ba15a1d1_21db741d","line":159,"in_reply_to":"da20952f_777d226c","updated":"2015-09-12 06:11:10.000000000","message":"OK.","commit_id":"0e9117f9b0d6dddf7795058e832cd75fbf4f2c1b"},{"author":{"_account_id":7805,"name":"Li Ma","email":"skywalker.nick@gmail.com","username":"Nick"},"change_message_id":"cb2944174b8422ba01ac7a1112c66997f8dfd1d2","unresolved":false,"context_lines":[{"line_number":159,"context_line":"|log_driver_type  |string  |N/A            |R      |Specify type of log driver|"},{"line_number":160,"context_line":"+-----------------+--------+---------------+-------+--------------------------+"},{"line_number":161,"context_line":""},{"line_number":162,"context_line":"The LoggerDriverRsyslog has the following attributes:"},{"line_number":163,"context_line":""},{"line_number":164,"context_line":"+-----------------+--------+---------------+-------+--------------------------+"},{"line_number":165,"context_line":"|Attribute name   |Type    |Default Value  |CRUD   |Description               |"}],"source_content_type":"text/x-rst","patch_set":18,"id":"da20952f_8bd53444","line":162,"updated":"2015-09-11 04:42:31.000000000","message":"Rsyslog or Syslog? So, your logging API only supports Rsyslog, not Syslog facilities?\n\nRsyslog is a kind of syslog facilities, but there are other \nsimilar facilities available, both open sourced or proprietary, running on Linux.\n\nIf I use other syslog facility in my Linux distro, as far as I know, I can also take advantage of your logging API. It is transparent.\n\nI suggest you make the name more general and I prefer \u0027Syslog\u0027 than \u0027Rsyslog\u0027.\n\nSyslog is an Internet Standard Protocol: http://tools.ietf.org/html/rfc5424\n\nRsyslog is one of its applications.","commit_id":"0e9117f9b0d6dddf7795058e832cd75fbf4f2c1b"},{"author":{"_account_id":15905,"name":"Cao Xuan Hoang","email":"xuanhoangqb@gmail.com","username":"hoangcx"},"change_message_id":"8d9bfb05635559a01327b7bad7dcbde05ab68eeb","unresolved":false,"context_lines":[{"line_number":159,"context_line":"|log_driver_type  |string  |N/A            |R      |Specify type of log driver|"},{"line_number":160,"context_line":"+-----------------+--------+---------------+-------+--------------------------+"},{"line_number":161,"context_line":""},{"line_number":162,"context_line":"The LoggerDriverRsyslog has the following attributes:"},{"line_number":163,"context_line":""},{"line_number":164,"context_line":"+-----------------+--------+---------------+-------+--------------------------+"},{"line_number":165,"context_line":"|Attribute name   |Type    |Default Value  |CRUD   |Description               |"}],"source_content_type":"text/x-rst","patch_set":18,"id":"da20952f_f7893270","line":162,"in_reply_to":"da20952f_8bd53444","updated":"2015-09-11 08:24:42.000000000","message":"When admin doesn\u0027t specify logging driver type, default logger driver is SYSLOG and default \"log_path\" is \"localhost:/var/log/\" (See L457).\n\nCurrently: Beside default Syslog facilities supported, we propose to support Rsyslog as a kind of logger driver to transfer/store log data to dedicate central log. (Refer: http://docs.openstack.org/openstack-ops/content/logging_monitoring.html#centrally-managing-logs).\n\nIn the further, we will propose to support others kind of logger drivers (Splunk logger, or File logger, or Swift logger...) by adding new table as \"LoggerDriverRsyslog\" table.","commit_id":"0e9117f9b0d6dddf7795058e832cd75fbf4f2c1b"},{"author":{"_account_id":7805,"name":"Li Ma","email":"skywalker.nick@gmail.com","username":"Nick"},"change_message_id":"fb2d67788233924fa35f337dfabda32896ef8b0c","unresolved":false,"context_lines":[{"line_number":159,"context_line":"|log_driver_type  |string  |N/A            |R      |Specify type of log driver|"},{"line_number":160,"context_line":"+-----------------+--------+---------------+-------+--------------------------+"},{"line_number":161,"context_line":""},{"line_number":162,"context_line":"The LoggerDriverRsyslog has the following attributes:"},{"line_number":163,"context_line":""},{"line_number":164,"context_line":"+-----------------+--------+---------------+-------+--------------------------+"},{"line_number":165,"context_line":"|Attribute name   |Type    |Default Value  |CRUD   |Description               |"}],"source_content_type":"text/x-rst","patch_set":18,"id":"ba15a1d1_81ce0059","line":162,"in_reply_to":"da20952f_f7893270","updated":"2015-09-12 06:11:10.000000000","message":"Thanks for explanation. That does make sense.","commit_id":"0e9117f9b0d6dddf7795058e832cd75fbf4f2c1b"},{"author":{"_account_id":7805,"name":"Li Ma","email":"skywalker.nick@gmail.com","username":"Nick"},"change_message_id":"048e2c6fae9a9ec45f71cdd6144032c44c43be0c","unresolved":false,"context_lines":[{"line_number":155,"context_line":"|log_level        |string  |N/A            |CRD    |Log levels                |"},{"line_number":156,"context_line":"+-----------------+--------+---------------+-------+--------------------------+"},{"line_number":157,"context_line":""},{"line_number":158,"context_line":"The GenericLoggerDriver has the following attributes:"},{"line_number":159,"context_line":""},{"line_number":160,"context_line":"+-----------------+--------+---------------+-------+--------------------------+"},{"line_number":161,"context_line":"|Attribute name   |Type    |Default Value  |CRUD   |Description               |"}],"source_content_type":"text/x-rst","patch_set":19,"id":"ba15a1d1_21f2949b","line":158,"updated":"2015-09-12 06:14:44.000000000","message":"Another problem that just came up my mind. Can we combine different logger driver together in DB side?\n\nIn your implementation, when we implement a kind of driver, we have to create a new table for it.\n\nI think it is possible to create one table that fit for all the drivers that each driver doesn\u0027t need to use all the columns. This can make it more concise.","commit_id":"633e28cc6447d56452deb750242394c09ae3528b"},{"author":{"_account_id":15905,"name":"Cao Xuan Hoang","email":"xuanhoangqb@gmail.com","username":"hoangcx"},"change_message_id":"2d2e689d6114a9393c52269878e81e0967b83700","unresolved":false,"context_lines":[{"line_number":155,"context_line":"|log_level        |string  |N/A            |CRD    |Log levels                |"},{"line_number":156,"context_line":"+-----------------+--------+---------------+-------+--------------------------+"},{"line_number":157,"context_line":""},{"line_number":158,"context_line":"The GenericLoggerDriver has the following attributes:"},{"line_number":159,"context_line":""},{"line_number":160,"context_line":"+-----------------+--------+---------------+-------+--------------------------+"},{"line_number":161,"context_line":"|Attribute name   |Type    |Default Value  |CRUD   |Description               |"}],"source_content_type":"text/x-rst","patch_set":19,"id":"ba15a1d1_e30f84df","line":158,"in_reply_to":"ba15a1d1_21f2949b","updated":"2015-09-15 09:08:20.000000000","message":"Yes, I understand the solution. However, Could you please wait for some comments from others whether it is Ok or not. Then I\u0027ll update it.\n\n@Sean: How do you think about combination different logger driver together in DB side?","commit_id":"633e28cc6447d56452deb750242394c09ae3528b"},{"author":{"_account_id":4656,"name":"Sean M. Collins","email":"sean@coreitpro.com","username":"scollins"},"change_message_id":"ed2782e921157054338085a578a956ec7dd55bfb","unresolved":false,"context_lines":[{"line_number":211,"context_line":"            \u0027tenant_id\u0027: {\u0027allow_post\u0027: True, \u0027allow_put\u0027: False,"},{"line_number":212,"context_line":"                          \u0027required_by_policy\u0027: True,"},{"line_number":213,"context_line":"                          \u0027is_visible\u0027: True},"},{"line_number":214,"context_line":"            \u0027log_level\u0027: {\u0027allow_post\u0027: True, \u0027allow_put\u0027: False,"},{"line_number":215,"context_line":"                          \u0027is_visible\u0027: True, \u0027default\u0027: \u0027info\u0027,"},{"line_number":216,"context_line":"                          \u0027validate\u0027: {\u0027type:values\u0027: sg_log_level_supported}},"},{"line_number":217,"context_line":"            \u0027log_driver_type\u0027: {\u0027allow_post\u0027: False, \u0027allow_put\u0027: False,"}],"source_content_type":"text/x-rst","patch_set":19,"id":"ba15a1d1_fd3adfcc","line":214,"updated":"2015-09-14 14:04:02.000000000","message":"This is a rsyslog specific attribute. What does this attribute mean for loggers that aren\u0027t syslog based?","commit_id":"633e28cc6447d56452deb750242394c09ae3528b"},{"author":{"_account_id":15905,"name":"Cao Xuan Hoang","email":"xuanhoangqb@gmail.com","username":"hoangcx"},"change_message_id":"ed5a428bd62f8c238a383ea1f50472e37bfe0af8","unresolved":false,"context_lines":[{"line_number":211,"context_line":"            \u0027tenant_id\u0027: {\u0027allow_post\u0027: True, \u0027allow_put\u0027: False,"},{"line_number":212,"context_line":"                          \u0027required_by_policy\u0027: True,"},{"line_number":213,"context_line":"                          \u0027is_visible\u0027: True},"},{"line_number":214,"context_line":"            \u0027log_level\u0027: {\u0027allow_post\u0027: True, \u0027allow_put\u0027: False,"},{"line_number":215,"context_line":"                          \u0027is_visible\u0027: True, \u0027default\u0027: \u0027info\u0027,"},{"line_number":216,"context_line":"                          \u0027validate\u0027: {\u0027type:values\u0027: sg_log_level_supported}},"},{"line_number":217,"context_line":"            \u0027log_driver_type\u0027: {\u0027allow_post\u0027: False, \u0027allow_put\u0027: False,"}],"source_content_type":"text/x-rst","patch_set":19,"id":"ba15a1d1_03b28294","line":214,"in_reply_to":"ba15a1d1_8361b23b","updated":"2015-09-16 05:53:13.000000000","message":"I see. Thanks for correcting me.\nI will remove this attribute in the next revision.\n\nBTW: Could you please give me your suggestion in L158 about what Li Ma considered?","commit_id":"633e28cc6447d56452deb750242394c09ae3528b"},{"author":{"_account_id":4656,"name":"Sean M. Collins","email":"sean@coreitpro.com","username":"scollins"},"change_message_id":"9b28cdba572525aef919540c1f03cd748aae8c0a","unresolved":false,"context_lines":[{"line_number":211,"context_line":"            \u0027tenant_id\u0027: {\u0027allow_post\u0027: True, \u0027allow_put\u0027: False,"},{"line_number":212,"context_line":"                          \u0027required_by_policy\u0027: True,"},{"line_number":213,"context_line":"                          \u0027is_visible\u0027: True},"},{"line_number":214,"context_line":"            \u0027log_level\u0027: {\u0027allow_post\u0027: True, \u0027allow_put\u0027: False,"},{"line_number":215,"context_line":"                          \u0027is_visible\u0027: True, \u0027default\u0027: \u0027info\u0027,"},{"line_number":216,"context_line":"                          \u0027validate\u0027: {\u0027type:values\u0027: sg_log_level_supported}},"},{"line_number":217,"context_line":"            \u0027log_driver_type\u0027: {\u0027allow_post\u0027: False, \u0027allow_put\u0027: False,"}],"source_content_type":"text/x-rst","patch_set":19,"id":"ba15a1d1_8361b23b","line":214,"in_reply_to":"ba15a1d1_e3b464f3","updated":"2015-09-16 05:38:31.000000000","message":"That is baking into the API something that is tied directly to an implementation. I don\u0027t think that\u0027s good. What about for non-linux or non-iptables based logging?","commit_id":"633e28cc6447d56452deb750242394c09ae3528b"},{"author":{"_account_id":15905,"name":"Cao Xuan Hoang","email":"xuanhoangqb@gmail.com","username":"hoangcx"},"change_message_id":"2d2e689d6114a9393c52269878e81e0967b83700","unresolved":false,"context_lines":[{"line_number":211,"context_line":"            \u0027tenant_id\u0027: {\u0027allow_post\u0027: True, \u0027allow_put\u0027: False,"},{"line_number":212,"context_line":"                          \u0027required_by_policy\u0027: True,"},{"line_number":213,"context_line":"                          \u0027is_visible\u0027: True},"},{"line_number":214,"context_line":"            \u0027log_level\u0027: {\u0027allow_post\u0027: True, \u0027allow_put\u0027: False,"},{"line_number":215,"context_line":"                          \u0027is_visible\u0027: True, \u0027default\u0027: \u0027info\u0027,"},{"line_number":216,"context_line":"                          \u0027validate\u0027: {\u0027type:values\u0027: sg_log_level_supported}},"},{"line_number":217,"context_line":"            \u0027log_driver_type\u0027: {\u0027allow_post\u0027: False, \u0027allow_put\u0027: False,"}],"source_content_type":"text/x-rst","patch_set":19,"id":"ba15a1d1_e3b464f3","line":214,"in_reply_to":"ba15a1d1_fd3adfcc","updated":"2015-09-15 09:08:20.000000000","message":"--log_level is Linux iptables\u0027s LOG option feature. I think log_level attribute doesn\u0027t depend on loggers.\nPlease refer http://lxr.free-electrons.com/source/net/ipv4/netfilter/ipt_LOG.c?v\u003d3.2#L414 (L414-450).\n\nPlease correct me if my understanding is wrong.","commit_id":"633e28cc6447d56452deb750242394c09ae3528b"},{"author":{"_account_id":11682,"name":"Ryan Moats","email":"rmoats@us.ibm.com","username":"regXboi"},"change_message_id":"3a4b898129f0bd2aa1d6b66f1f7084b7efa45b16","unresolved":false,"context_lines":[{"line_number":11,"context_line":"https://bugs.launchpad.net/neutron/+bug/1468366"},{"line_number":12,"context_line":""},{"line_number":13,"context_line":"Logging is currently a missing feature in security-group \u0026 firewall."},{"line_number":14,"context_line":"It is critical for troubleshooting."},{"line_number":15,"context_line":"Changing the security-group API/DB column by adding a logging function would"},{"line_number":16,"context_line":"break the compatibility with the AWS security-group."},{"line_number":17,"context_line":"For the same reason, we should avoid changing the API/DB column in FWaaS."}],"source_content_type":"text/x-rst","patch_set":20,"id":"ba15a1d1_496b2686","line":14,"updated":"2015-09-19 18:34:11.000000000","message":"nit: pull this sentence into the first setence with something like\n\nLogging, a critical feature for troubleshooting, is currently missing from the security group and FWaaS feature sets.","commit_id":"71fbed18d91fd4eb84fff5ab6dec1b395e00fc00"},{"author":{"_account_id":15905,"name":"Cao Xuan Hoang","email":"xuanhoangqb@gmail.com","username":"hoangcx"},"change_message_id":"d0b6bbe4fdbf2e5709982db0883ac40ad770cf3c","unresolved":false,"context_lines":[{"line_number":11,"context_line":"https://bugs.launchpad.net/neutron/+bug/1468366"},{"line_number":12,"context_line":""},{"line_number":13,"context_line":"Logging is currently a missing feature in security-group \u0026 firewall."},{"line_number":14,"context_line":"It is critical for troubleshooting."},{"line_number":15,"context_line":"Changing the security-group API/DB column by adding a logging function would"},{"line_number":16,"context_line":"break the compatibility with the AWS security-group."},{"line_number":17,"context_line":"For the same reason, we should avoid changing the API/DB column in FWaaS."}],"source_content_type":"text/x-rst","patch_set":20,"id":"ba15a1d1_5f750d30","line":14,"in_reply_to":"ba15a1d1_496b2686","updated":"2015-09-21 01:33:36.000000000","message":"Done","commit_id":"71fbed18d91fd4eb84fff5ab6dec1b395e00fc00"},{"author":{"_account_id":11682,"name":"Ryan Moats","email":"rmoats@us.ibm.com","username":"regXboi"},"change_message_id":"3a4b898129f0bd2aa1d6b66f1f7084b7efa45b16","unresolved":false,"context_lines":[{"line_number":14,"context_line":"It is critical for troubleshooting."},{"line_number":15,"context_line":"Changing the security-group API/DB column by adding a logging function would"},{"line_number":16,"context_line":"break the compatibility with the AWS security-group."},{"line_number":17,"context_line":"For the same reason, we should avoid changing the API/DB column in FWaaS."},{"line_number":18,"context_line":""},{"line_number":19,"context_line":"Hence, we propose a generic logging API that can configure log for"},{"line_number":20,"context_line":"security-group and firewall rules in order to make the trouble shooting"}],"source_content_type":"text/x-rst","patch_set":20,"id":"ba15a1d1_290912de","line":17,"updated":"2015-09-19 18:34:11.000000000","message":"Nit: these sentences appear in the alternatives section already, so we don\u0027t need them here.  Rather replace the start of the sentence below with something like\n\nAs alternatives would break AWS security group compatibility (see below), this specification proposes a generic ...","commit_id":"71fbed18d91fd4eb84fff5ab6dec1b395e00fc00"},{"author":{"_account_id":15905,"name":"Cao Xuan Hoang","email":"xuanhoangqb@gmail.com","username":"hoangcx"},"change_message_id":"d0b6bbe4fdbf2e5709982db0883ac40ad770cf3c","unresolved":false,"context_lines":[{"line_number":14,"context_line":"It is critical for troubleshooting."},{"line_number":15,"context_line":"Changing the security-group API/DB column by adding a logging function would"},{"line_number":16,"context_line":"break the compatibility with the AWS security-group."},{"line_number":17,"context_line":"For the same reason, we should avoid changing the API/DB column in FWaaS."},{"line_number":18,"context_line":""},{"line_number":19,"context_line":"Hence, we propose a generic logging API that can configure log for"},{"line_number":20,"context_line":"security-group and firewall rules in order to make the trouble shooting"}],"source_content_type":"text/x-rst","patch_set":20,"id":"ba15a1d1_7f72514b","line":17,"in_reply_to":"ba15a1d1_290912de","updated":"2015-09-21 01:33:36.000000000","message":"Done","commit_id":"71fbed18d91fd4eb84fff5ab6dec1b395e00fc00"},{"author":{"_account_id":11682,"name":"Ryan Moats","email":"rmoats@us.ibm.com","username":"regXboi"},"change_message_id":"3a4b898129f0bd2aa1d6b66f1f7084b7efa45b16","unresolved":false,"context_lines":[{"line_number":40,"context_line":""},{"line_number":41,"context_line":"Proposed Change"},{"line_number":42,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":43,"context_line":"* We propose to create a new logging API for Neutron, and to support logging"},{"line_number":44,"context_line":"  for security-group and firewall rules as a first implementation of the"},{"line_number":45,"context_line":"  logging API."},{"line_number":46,"context_line":""}],"source_content_type":"text/x-rst","patch_set":20,"id":"ba15a1d1_c90df6e9","line":43,"updated":"2015-09-19 18:34:11.000000000","message":"nit: \"creating\" rather than \"to create\"","commit_id":"71fbed18d91fd4eb84fff5ab6dec1b395e00fc00"},{"author":{"_account_id":15905,"name":"Cao Xuan Hoang","email":"xuanhoangqb@gmail.com","username":"hoangcx"},"change_message_id":"d0b6bbe4fdbf2e5709982db0883ac40ad770cf3c","unresolved":false,"context_lines":[{"line_number":40,"context_line":""},{"line_number":41,"context_line":"Proposed Change"},{"line_number":42,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":43,"context_line":"* We propose to create a new logging API for Neutron, and to support logging"},{"line_number":44,"context_line":"  for security-group and firewall rules as a first implementation of the"},{"line_number":45,"context_line":"  logging API."},{"line_number":46,"context_line":""}],"source_content_type":"text/x-rst","patch_set":20,"id":"ba15a1d1_1f8eb527","line":43,"in_reply_to":"ba15a1d1_c90df6e9","updated":"2015-09-21 01:33:36.000000000","message":"Done","commit_id":"71fbed18d91fd4eb84fff5ab6dec1b395e00fc00"},{"author":{"_account_id":11682,"name":"Ryan Moats","email":"rmoats@us.ibm.com","username":"regXboi"},"change_message_id":"3a4b898129f0bd2aa1d6b66f1f7084b7efa45b16","unresolved":false,"context_lines":[{"line_number":45,"context_line":"  logging API."},{"line_number":46,"context_line":""},{"line_number":47,"context_line":"* Storing log data depend on logger driver that is chosen regarding to use"},{"line_number":48,"context_line":"  case demand."},{"line_number":49,"context_line":""},{"line_number":50,"context_line":"* Only operators (or Cloud admins, developers etc) with \"admin\" role can"},{"line_number":51,"context_line":"  enable/disable logging."}],"source_content_type":"text/x-rst","patch_set":20,"id":"ba15a1d1_e9123a09","line":48,"updated":"2015-09-19 18:34:11.000000000","message":"Unfortunately, I\u0027m not sure what this sentence means...","commit_id":"71fbed18d91fd4eb84fff5ab6dec1b395e00fc00"},{"author":{"_account_id":15905,"name":"Cao Xuan Hoang","email":"xuanhoangqb@gmail.com","username":"hoangcx"},"change_message_id":"d0b6bbe4fdbf2e5709982db0883ac40ad770cf3c","unresolved":false,"context_lines":[{"line_number":45,"context_line":"  logging API."},{"line_number":46,"context_line":""},{"line_number":47,"context_line":"* Storing log data depend on logger driver that is chosen regarding to use"},{"line_number":48,"context_line":"  case demand."},{"line_number":49,"context_line":""},{"line_number":50,"context_line":"* Only operators (or Cloud admins, developers etc) with \"admin\" role can"},{"line_number":51,"context_line":"  enable/disable logging."}],"source_content_type":"text/x-rst","patch_set":20,"id":"ba15a1d1_ff9c215f","line":48,"in_reply_to":"ba15a1d1_e9123a09","updated":"2015-09-21 01:33:36.000000000","message":"I mean: Logged data can be stored by choosing logger driver with use case demand.","commit_id":"71fbed18d91fd4eb84fff5ab6dec1b395e00fc00"},{"author":{"_account_id":11682,"name":"Ryan Moats","email":"rmoats@us.ibm.com","username":"regXboi"},"change_message_id":"3a4b898129f0bd2aa1d6b66f1f7084b7efa45b16","unresolved":false,"context_lines":[{"line_number":66,"context_line":":dir:"},{"line_number":67,"context_line":"    Direction(ingress/i, egress/o)"},{"line_number":68,"context_line":":uuid:"},{"line_number":69,"context_line":"    Tenant\u0027s UUID [first 18 characters of uuid in case SG [4] and full"},{"line_number":70,"context_line":"    characters in case FWaaS [5]]"},{"line_number":71,"context_line":":act:"},{"line_number":72,"context_line":"    Action(Accept/A, Deny/D) [Only for firewall resource]"}],"source_content_type":"text/x-rst","patch_set":20,"id":"ba15a1d1_a9f522cc","line":69,"updated":"2015-09-19 18:34:11.000000000","message":"I *think* the parenthetical phrase means you are taking the first 18 characters of the SG uuid and all of the characters from FWaaS uuid?  If that is the case, let\u0027s say that, because when I read this, I\u0027m not 100% sure","commit_id":"71fbed18d91fd4eb84fff5ab6dec1b395e00fc00"},{"author":{"_account_id":11682,"name":"Ryan Moats","email":"rmoats@us.ibm.com","username":"regXboi"},"change_message_id":"9d03ea0bf119771725ba5a4816096a18bfee2735","unresolved":false,"context_lines":[{"line_number":66,"context_line":":dir:"},{"line_number":67,"context_line":"    Direction(ingress/i, egress/o)"},{"line_number":68,"context_line":":uuid:"},{"line_number":69,"context_line":"    Tenant\u0027s UUID [first 18 characters of uuid in case SG [4] and full"},{"line_number":70,"context_line":"    characters in case FWaaS [5]]"},{"line_number":71,"context_line":":act:"},{"line_number":72,"context_line":"    Action(Accept/A, Deny/D) [Only for firewall resource]"}],"source_content_type":"text/x-rst","patch_set":20,"id":"ba15a1d1_719236a1","line":69,"in_reply_to":"ba15a1d1_3fba99c1","updated":"2015-09-22 15:03:39.000000000","message":"Then please say that","commit_id":"71fbed18d91fd4eb84fff5ab6dec1b395e00fc00"},{"author":{"_account_id":15905,"name":"Cao Xuan Hoang","email":"xuanhoangqb@gmail.com","username":"hoangcx"},"change_message_id":"d0b6bbe4fdbf2e5709982db0883ac40ad770cf3c","unresolved":false,"context_lines":[{"line_number":66,"context_line":":dir:"},{"line_number":67,"context_line":"    Direction(ingress/i, egress/o)"},{"line_number":68,"context_line":":uuid:"},{"line_number":69,"context_line":"    Tenant\u0027s UUID [first 18 characters of uuid in case SG [4] and full"},{"line_number":70,"context_line":"    characters in case FWaaS [5]]"},{"line_number":71,"context_line":":act:"},{"line_number":72,"context_line":"    Action(Accept/A, Deny/D) [Only for firewall resource]"}],"source_content_type":"text/x-rst","patch_set":20,"id":"ba15a1d1_3fba99c1","line":69,"in_reply_to":"ba15a1d1_a9f522cc","updated":"2015-09-21 01:33:36.000000000","message":"No. I mean Tenant\u0027s UUID characters that will be logged for further processing. But in case of SG we can only use the first 18 characters of tenant UIID (refer [4]) and all of the characters of tenant UIID in case of FWaaS (refer [5]).","commit_id":"71fbed18d91fd4eb84fff5ab6dec1b395e00fc00"},{"author":{"_account_id":11682,"name":"Ryan Moats","email":"rmoats@us.ibm.com","username":"regXboi"},"change_message_id":"3a4b898129f0bd2aa1d6b66f1f7084b7efa45b16","unresolved":false,"context_lines":[{"line_number":121,"context_line":"Data Model Impact"},{"line_number":122,"context_line":"-----------------"},{"line_number":123,"context_line":""},{"line_number":124,"context_line":"The sg_rules logging has the following attributes:"},{"line_number":125,"context_line":""},{"line_number":126,"context_line":"+-----------------+--------+---------------+-------+--------------------------+"},{"line_number":127,"context_line":"|Attribute name   |Type    |Default Value  |CRUD   |Description               |"}],"source_content_type":"text/x-rst","patch_set":20,"id":"ba15a1d1_092bee34","line":124,"updated":"2015-09-19 18:34:11.000000000","message":"Is this a new table with rows defined below or ?","commit_id":"71fbed18d91fd4eb84fff5ab6dec1b395e00fc00"},{"author":{"_account_id":15905,"name":"Cao Xuan Hoang","email":"xuanhoangqb@gmail.com","username":"hoangcx"},"change_message_id":"d0b6bbe4fdbf2e5709982db0883ac40ad770cf3c","unresolved":false,"context_lines":[{"line_number":121,"context_line":"Data Model Impact"},{"line_number":122,"context_line":"-----------------"},{"line_number":123,"context_line":""},{"line_number":124,"context_line":"The sg_rules logging has the following attributes:"},{"line_number":125,"context_line":""},{"line_number":126,"context_line":"+-----------------+--------+---------------+-------+--------------------------+"},{"line_number":127,"context_line":"|Attribute name   |Type    |Default Value  |CRUD   |Description               |"}],"source_content_type":"text/x-rst","patch_set":20,"id":"ba15a1d1_ffeae1ab","line":124,"in_reply_to":"ba15a1d1_092bee34","updated":"2015-09-21 01:33:36.000000000","message":"Yes. This table use for sg rules logging.","commit_id":"71fbed18d91fd4eb84fff5ab6dec1b395e00fc00"},{"author":{"_account_id":11682,"name":"Ryan Moats","email":"rmoats@us.ibm.com","username":"regXboi"},"change_message_id":"9d03ea0bf119771725ba5a4816096a18bfee2735","unresolved":false,"context_lines":[{"line_number":121,"context_line":"Data Model Impact"},{"line_number":122,"context_line":"-----------------"},{"line_number":123,"context_line":""},{"line_number":124,"context_line":"The sg_rules logging has the following attributes:"},{"line_number":125,"context_line":""},{"line_number":126,"context_line":"+-----------------+--------+---------------+-------+--------------------------+"},{"line_number":127,"context_line":"|Attribute name   |Type    |Default Value  |CRUD   |Description               |"}],"source_content_type":"text/x-rst","patch_set":20,"id":"ba15a1d1_91f34a0a","line":124,"in_reply_to":"ba15a1d1_ffeae1ab","updated":"2015-09-22 15:03:39.000000000","message":"Then please say so","commit_id":"71fbed18d91fd4eb84fff5ab6dec1b395e00fc00"},{"author":{"_account_id":11682,"name":"Ryan Moats","email":"rmoats@us.ibm.com","username":"regXboi"},"change_message_id":"3a4b898129f0bd2aa1d6b66f1f7084b7efa45b16","unresolved":false,"context_lines":[{"line_number":130,"context_line":"|                 |        |               |       |resource ID               |"},{"line_number":131,"context_line":"+-----------------+--------+---------------+-------+--------------------------+"},{"line_number":132,"context_line":"|tenant_id        |uuid    |N/A            |R      |Id of tenant that creates |"},{"line_number":133,"context_line":"|                 |        |               |       |logging                   |"},{"line_number":134,"context_line":"+-----------------+--------+---------------+-------+--------------------------|"},{"line_number":135,"context_line":"|rule_id          |uuid    |N/A            |CRD    |Security-group-rule ID for|"},{"line_number":136,"context_line":"|                 |        |               |       |logging                   |"}],"source_content_type":"text/x-rst","patch_set":20,"id":"ba15a1d1_2930329e","line":133,"updated":"2015-09-19 18:34:11.000000000","message":"nit: Id of tenant that created this logging resource ID","commit_id":"71fbed18d91fd4eb84fff5ab6dec1b395e00fc00"},{"author":{"_account_id":15905,"name":"Cao Xuan Hoang","email":"xuanhoangqb@gmail.com","username":"hoangcx"},"change_message_id":"d0b6bbe4fdbf2e5709982db0883ac40ad770cf3c","unresolved":false,"context_lines":[{"line_number":130,"context_line":"|                 |        |               |       |resource ID               |"},{"line_number":131,"context_line":"+-----------------+--------+---------------+-------+--------------------------+"},{"line_number":132,"context_line":"|tenant_id        |uuid    |N/A            |R      |Id of tenant that creates |"},{"line_number":133,"context_line":"|                 |        |               |       |logging                   |"},{"line_number":134,"context_line":"+-----------------+--------+---------------+-------+--------------------------|"},{"line_number":135,"context_line":"|rule_id          |uuid    |N/A            |CRD    |Security-group-rule ID for|"},{"line_number":136,"context_line":"|                 |        |               |       |logging                   |"}],"source_content_type":"text/x-rst","patch_set":20,"id":"ba15a1d1_9fd085f9","line":133,"in_reply_to":"ba15a1d1_2930329e","updated":"2015-09-21 01:33:36.000000000","message":"Done","commit_id":"71fbed18d91fd4eb84fff5ab6dec1b395e00fc00"},{"author":{"_account_id":11682,"name":"Ryan Moats","email":"rmoats@us.ibm.com","username":"regXboi"},"change_message_id":"3a4b898129f0bd2aa1d6b66f1f7084b7efa45b16","unresolved":false,"context_lines":[{"line_number":133,"context_line":"|                 |        |               |       |logging                   |"},{"line_number":134,"context_line":"+-----------------+--------+---------------+-------+--------------------------|"},{"line_number":135,"context_line":"|rule_id          |uuid    |N/A            |CRD    |Security-group-rule ID for|"},{"line_number":136,"context_line":"|                 |        |               |       |logging                   |"},{"line_number":137,"context_line":"+-----------------+--------+---------------+-------+--------------------------+"},{"line_number":138,"context_line":""},{"line_number":139,"context_line":"The fw_rules logging has the following attributes:"}],"source_content_type":"text/x-rst","patch_set":20,"id":"ba15a1d1_e929da38","line":136,"updated":"2015-09-19 18:34:11.000000000","message":"nit: Security-group-rule UUID for this logging resource ID","commit_id":"71fbed18d91fd4eb84fff5ab6dec1b395e00fc00"},{"author":{"_account_id":15905,"name":"Cao Xuan Hoang","email":"xuanhoangqb@gmail.com","username":"hoangcx"},"change_message_id":"d0b6bbe4fdbf2e5709982db0883ac40ad770cf3c","unresolved":false,"context_lines":[{"line_number":133,"context_line":"|                 |        |               |       |logging                   |"},{"line_number":134,"context_line":"+-----------------+--------+---------------+-------+--------------------------|"},{"line_number":135,"context_line":"|rule_id          |uuid    |N/A            |CRD    |Security-group-rule ID for|"},{"line_number":136,"context_line":"|                 |        |               |       |logging                   |"},{"line_number":137,"context_line":"+-----------------+--------+---------------+-------+--------------------------+"},{"line_number":138,"context_line":""},{"line_number":139,"context_line":"The fw_rules logging has the following attributes:"}],"source_content_type":"text/x-rst","patch_set":20,"id":"ba15a1d1_5fdaed18","line":136,"in_reply_to":"ba15a1d1_e929da38","updated":"2015-09-21 01:33:36.000000000","message":"Done","commit_id":"71fbed18d91fd4eb84fff5ab6dec1b395e00fc00"},{"author":{"_account_id":11682,"name":"Ryan Moats","email":"rmoats@us.ibm.com","username":"regXboi"},"change_message_id":"3a4b898129f0bd2aa1d6b66f1f7084b7efa45b16","unresolved":false,"context_lines":[{"line_number":136,"context_line":"|                 |        |               |       |logging                   |"},{"line_number":137,"context_line":"+-----------------+--------+---------------+-------+--------------------------+"},{"line_number":138,"context_line":""},{"line_number":139,"context_line":"The fw_rules logging has the following attributes:"},{"line_number":140,"context_line":""},{"line_number":141,"context_line":"+-----------------+--------+---------------+-------+--------------------------+"},{"line_number":142,"context_line":"|Attribute name   |Type    |Default Value  |CRUD   |Description               |"}],"source_content_type":"text/x-rst","patch_set":20,"id":"ba15a1d1_891ffe08","line":139,"updated":"2015-09-19 18:34:11.000000000","message":"Again, new table?  Is this the same table as for sg logging?","commit_id":"71fbed18d91fd4eb84fff5ab6dec1b395e00fc00"},{"author":{"_account_id":15905,"name":"Cao Xuan Hoang","email":"xuanhoangqb@gmail.com","username":"hoangcx"},"change_message_id":"d0b6bbe4fdbf2e5709982db0883ac40ad770cf3c","unresolved":false,"context_lines":[{"line_number":136,"context_line":"|                 |        |               |       |logging                   |"},{"line_number":137,"context_line":"+-----------------+--------+---------------+-------+--------------------------+"},{"line_number":138,"context_line":""},{"line_number":139,"context_line":"The fw_rules logging has the following attributes:"},{"line_number":140,"context_line":""},{"line_number":141,"context_line":"+-----------------+--------+---------------+-------+--------------------------+"},{"line_number":142,"context_line":"|Attribute name   |Type    |Default Value  |CRUD   |Description               |"}],"source_content_type":"text/x-rst","patch_set":20,"id":"ba15a1d1_ff01816b","line":139,"in_reply_to":"ba15a1d1_891ffe08","updated":"2015-09-21 01:33:36.000000000","message":"Yes. This is new table but for fw rules logging.","commit_id":"71fbed18d91fd4eb84fff5ab6dec1b395e00fc00"},{"author":{"_account_id":11682,"name":"Ryan Moats","email":"rmoats@us.ibm.com","username":"regXboi"},"change_message_id":"9d03ea0bf119771725ba5a4816096a18bfee2735","unresolved":false,"context_lines":[{"line_number":136,"context_line":"|                 |        |               |       |logging                   |"},{"line_number":137,"context_line":"+-----------------+--------+---------------+-------+--------------------------+"},{"line_number":138,"context_line":""},{"line_number":139,"context_line":"The fw_rules logging has the following attributes:"},{"line_number":140,"context_line":""},{"line_number":141,"context_line":"+-----------------+--------+---------------+-------+--------------------------+"},{"line_number":142,"context_line":"|Attribute name   |Type    |Default Value  |CRUD   |Description               |"}],"source_content_type":"text/x-rst","patch_set":20,"id":"ba15a1d1_71d9d682","line":139,"in_reply_to":"ba15a1d1_ff01816b","updated":"2015-09-22 15:03:39.000000000","message":"Then please say so","commit_id":"71fbed18d91fd4eb84fff5ab6dec1b395e00fc00"},{"author":{"_account_id":11682,"name":"Ryan Moats","email":"rmoats@us.ibm.com","username":"regXboi"},"change_message_id":"3a4b898129f0bd2aa1d6b66f1f7084b7efa45b16","unresolved":false,"context_lines":[{"line_number":145,"context_line":"|                 |        |               |       |ID                        |"},{"line_number":146,"context_line":"+-----------------+--------+---------------+-------+--------------------------+"},{"line_number":147,"context_line":"|tenant_id        |uuid    |N/A            |R      |Id of tenant that creates |"},{"line_number":148,"context_line":"|                 |        |               |       |logging                   |"},{"line_number":149,"context_line":"+-----------------+--------+---------------+-------+--------------------------+"},{"line_number":150,"context_line":"|rule_id          |uuid    |N/A            |CRD    |Firewall-rule ID for      |"},{"line_number":151,"context_line":"|                 |        |               |       |logging                   |"}],"source_content_type":"text/x-rst","patch_set":20,"id":"ba15a1d1_a91c4214","line":148,"updated":"2015-09-19 18:34:11.000000000","message":"nit: Id of tenant that created this logging resource ID","commit_id":"71fbed18d91fd4eb84fff5ab6dec1b395e00fc00"},{"author":{"_account_id":15905,"name":"Cao Xuan Hoang","email":"xuanhoangqb@gmail.com","username":"hoangcx"},"change_message_id":"d0b6bbe4fdbf2e5709982db0883ac40ad770cf3c","unresolved":false,"context_lines":[{"line_number":145,"context_line":"|                 |        |               |       |ID                        |"},{"line_number":146,"context_line":"+-----------------+--------+---------------+-------+--------------------------+"},{"line_number":147,"context_line":"|tenant_id        |uuid    |N/A            |R      |Id of tenant that creates |"},{"line_number":148,"context_line":"|                 |        |               |       |logging                   |"},{"line_number":149,"context_line":"+-----------------+--------+---------------+-------+--------------------------+"},{"line_number":150,"context_line":"|rule_id          |uuid    |N/A            |CRD    |Firewall-rule ID for      |"},{"line_number":151,"context_line":"|                 |        |               |       |logging                   |"}],"source_content_type":"text/x-rst","patch_set":20,"id":"ba15a1d1_9ff7258c","line":148,"in_reply_to":"ba15a1d1_a91c4214","updated":"2015-09-21 01:33:36.000000000","message":"Done","commit_id":"71fbed18d91fd4eb84fff5ab6dec1b395e00fc00"},{"author":{"_account_id":11682,"name":"Ryan Moats","email":"rmoats@us.ibm.com","username":"regXboi"},"change_message_id":"3a4b898129f0bd2aa1d6b66f1f7084b7efa45b16","unresolved":false,"context_lines":[{"line_number":148,"context_line":"|                 |        |               |       |logging                   |"},{"line_number":149,"context_line":"+-----------------+--------+---------------+-------+--------------------------+"},{"line_number":150,"context_line":"|rule_id          |uuid    |N/A            |CRD    |Firewall-rule ID for      |"},{"line_number":151,"context_line":"|                 |        |               |       |logging                   |"},{"line_number":152,"context_line":"+-----------------+--------+---------------+-------+--------------------------+"},{"line_number":153,"context_line":""},{"line_number":154,"context_line":"The GenericLoggerDriver has the following attributes:"}],"source_content_type":"text/x-rst","patch_set":20,"id":"ba15a1d1_69162af3","line":151,"updated":"2015-09-19 18:34:11.000000000","message":"nit: Firewall rule UUID for this logging resource ID","commit_id":"71fbed18d91fd4eb84fff5ab6dec1b395e00fc00"},{"author":{"_account_id":15905,"name":"Cao Xuan Hoang","email":"xuanhoangqb@gmail.com","username":"hoangcx"},"change_message_id":"d0b6bbe4fdbf2e5709982db0883ac40ad770cf3c","unresolved":false,"context_lines":[{"line_number":148,"context_line":"|                 |        |               |       |logging                   |"},{"line_number":149,"context_line":"+-----------------+--------+---------------+-------+--------------------------+"},{"line_number":150,"context_line":"|rule_id          |uuid    |N/A            |CRD    |Firewall-rule ID for      |"},{"line_number":151,"context_line":"|                 |        |               |       |logging                   |"},{"line_number":152,"context_line":"+-----------------+--------+---------------+-------+--------------------------+"},{"line_number":153,"context_line":""},{"line_number":154,"context_line":"The GenericLoggerDriver has the following attributes:"}],"source_content_type":"text/x-rst","patch_set":20,"id":"ba15a1d1_bff46987","line":151,"in_reply_to":"ba15a1d1_69162af3","updated":"2015-09-21 01:33:36.000000000","message":"Done","commit_id":"71fbed18d91fd4eb84fff5ab6dec1b395e00fc00"},{"author":{"_account_id":11682,"name":"Ryan Moats","email":"rmoats@us.ibm.com","username":"regXboi"},"change_message_id":"3a4b898129f0bd2aa1d6b66f1f7084b7efa45b16","unresolved":false,"context_lines":[{"line_number":151,"context_line":"|                 |        |               |       |logging                   |"},{"line_number":152,"context_line":"+-----------------+--------+---------------+-------+--------------------------+"},{"line_number":153,"context_line":""},{"line_number":154,"context_line":"The GenericLoggerDriver has the following attributes:"},{"line_number":155,"context_line":""},{"line_number":156,"context_line":"+-----------------+--------+---------------+-------+--------------------------+"},{"line_number":157,"context_line":"|Attribute name   |Type    |Default Value  |CRUD   |Description               |"}],"source_content_type":"text/x-rst","patch_set":20,"id":"ba15a1d1_09d20e35","line":154,"updated":"2015-09-19 18:34:11.000000000","message":"Another new table?","commit_id":"71fbed18d91fd4eb84fff5ab6dec1b395e00fc00"},{"author":{"_account_id":15905,"name":"Cao Xuan Hoang","email":"xuanhoangqb@gmail.com","username":"hoangcx"},"change_message_id":"d0b6bbe4fdbf2e5709982db0883ac40ad770cf3c","unresolved":false,"context_lines":[{"line_number":151,"context_line":"|                 |        |               |       |logging                   |"},{"line_number":152,"context_line":"+-----------------+--------+---------------+-------+--------------------------+"},{"line_number":153,"context_line":""},{"line_number":154,"context_line":"The GenericLoggerDriver has the following attributes:"},{"line_number":155,"context_line":""},{"line_number":156,"context_line":"+-----------------+--------+---------------+-------+--------------------------+"},{"line_number":157,"context_line":"|Attribute name   |Type    |Default Value  |CRUD   |Description               |"}],"source_content_type":"text/x-rst","patch_set":20,"id":"ba15a1d1_df335d61","line":154,"in_reply_to":"ba15a1d1_09d20e35","updated":"2015-09-21 01:33:36.000000000","message":"Yes. This table is described for all logger driver types (Syslog logger - or a Splunk logger, or File logger, or Swift logger...).","commit_id":"71fbed18d91fd4eb84fff5ab6dec1b395e00fc00"},{"author":{"_account_id":11682,"name":"Ryan Moats","email":"rmoats@us.ibm.com","username":"regXboi"},"change_message_id":"9d03ea0bf119771725ba5a4816096a18bfee2735","unresolved":false,"context_lines":[{"line_number":151,"context_line":"|                 |        |               |       |logging                   |"},{"line_number":152,"context_line":"+-----------------+--------+---------------+-------+--------------------------+"},{"line_number":153,"context_line":""},{"line_number":154,"context_line":"The GenericLoggerDriver has the following attributes:"},{"line_number":155,"context_line":""},{"line_number":156,"context_line":"+-----------------+--------+---------------+-------+--------------------------+"},{"line_number":157,"context_line":"|Attribute name   |Type    |Default Value  |CRUD   |Description               |"}],"source_content_type":"text/x-rst","patch_set":20,"id":"ba15a1d1_51c5b28b","line":154,"in_reply_to":"ba15a1d1_df335d61","updated":"2015-09-22 15:03:39.000000000","message":"Then please say so","commit_id":"71fbed18d91fd4eb84fff5ab6dec1b395e00fc00"},{"author":{"_account_id":11682,"name":"Ryan Moats","email":"rmoats@us.ibm.com","username":"regXboi"},"change_message_id":"3a4b898129f0bd2aa1d6b66f1f7084b7efa45b16","unresolved":false,"context_lines":[{"line_number":163,"context_line":"|type             |string  |N/A            |CRD    |Logger driver type        |"},{"line_number":164,"context_line":"+-----------------+--------+---------------+-------+--------------------------+"},{"line_number":165,"context_line":""},{"line_number":166,"context_line":"The LoggerDriverRsyslog has the following attributes:"},{"line_number":167,"context_line":""},{"line_number":168,"context_line":"+-----------------+--------+---------------+-------+--------------------------+"},{"line_number":169,"context_line":"|Attribute name   |Type    |Default Value  |CRUD   |Description               |"}],"source_content_type":"text/x-rst","patch_set":20,"id":"ba15a1d1_29d7d224","line":166,"updated":"2015-09-19 18:34:11.000000000","message":"Yet another new table?","commit_id":"71fbed18d91fd4eb84fff5ab6dec1b395e00fc00"},{"author":{"_account_id":15905,"name":"Cao Xuan Hoang","email":"xuanhoangqb@gmail.com","username":"hoangcx"},"change_message_id":"d0b6bbe4fdbf2e5709982db0883ac40ad770cf3c","unresolved":false,"context_lines":[{"line_number":163,"context_line":"|type             |string  |N/A            |CRD    |Logger driver type        |"},{"line_number":164,"context_line":"+-----------------+--------+---------------+-------+--------------------------+"},{"line_number":165,"context_line":""},{"line_number":166,"context_line":"The LoggerDriverRsyslog has the following attributes:"},{"line_number":167,"context_line":""},{"line_number":168,"context_line":"+-----------------+--------+---------------+-------+--------------------------+"},{"line_number":169,"context_line":"|Attribute name   |Type    |Default Value  |CRUD   |Description               |"}],"source_content_type":"text/x-rst","patch_set":20,"id":"ba15a1d1_3f7db9e7","line":166,"in_reply_to":"ba15a1d1_29d7d224","updated":"2015-09-21 01:33:36.000000000","message":"Yes. This table is specified Rsyslog logger driver.\n\nP/s: Another proposal that we can combine different logger driver types together in DB side. With this proposal we can create one table that fit for all the drivers that each driver doesn\u0027t need to use all the columns.\n\nBut i am waiting to get more comments about this. How\u0027s about you?","commit_id":"71fbed18d91fd4eb84fff5ab6dec1b395e00fc00"},{"author":{"_account_id":11682,"name":"Ryan Moats","email":"rmoats@us.ibm.com","username":"regXboi"},"change_message_id":"9d03ea0bf119771725ba5a4816096a18bfee2735","unresolved":false,"context_lines":[{"line_number":163,"context_line":"|type             |string  |N/A            |CRD    |Logger driver type        |"},{"line_number":164,"context_line":"+-----------------+--------+---------------+-------+--------------------------+"},{"line_number":165,"context_line":""},{"line_number":166,"context_line":"The LoggerDriverRsyslog has the following attributes:"},{"line_number":167,"context_line":""},{"line_number":168,"context_line":"+-----------------+--------+---------------+-------+--------------------------+"},{"line_number":169,"context_line":"|Attribute name   |Type    |Default Value  |CRUD   |Description               |"}],"source_content_type":"text/x-rst","patch_set":20,"id":"ba15a1d1_31ba7e0b","line":166,"in_reply_to":"ba15a1d1_3f7db9e7","updated":"2015-09-22 15:03:39.000000000","message":"Ditto previous comments","commit_id":"71fbed18d91fd4eb84fff5ab6dec1b395e00fc00"},{"author":{"_account_id":11682,"name":"Ryan Moats","email":"rmoats@us.ibm.com","username":"regXboi"},"change_message_id":"3a4b898129f0bd2aa1d6b66f1f7084b7efa45b16","unresolved":false,"context_lines":[{"line_number":171,"context_line":"|tenant_id        |uuid    |N/A            |CRD    |Tenant creates logging    |"},{"line_number":172,"context_line":"+-----------------+--------+---------------+-------+--------------------------+"},{"line_number":173,"context_line":"|remote_host      |string  |N/A            |CRD    |Specify Node is will be   |"},{"line_number":174,"context_line":"|                 |        |               |       |log data                  |"},{"line_number":175,"context_line":"+-----------------+--------+---------------+-------+--------------------------+"},{"line_number":176,"context_line":"|log_path         |string  |N/A            |CRD    |Specify location will be  |"},{"line_number":177,"context_line":"|                 |        |               |       |stored log data           |"}],"source_content_type":"text/x-rst","patch_set":20,"id":"ba15a1d1_e9e0fafc","line":174,"updated":"2015-09-19 18:34:11.000000000","message":"nit: Specify Node that will log data","commit_id":"71fbed18d91fd4eb84fff5ab6dec1b395e00fc00"},{"author":{"_account_id":15905,"name":"Cao Xuan Hoang","email":"xuanhoangqb@gmail.com","username":"hoangcx"},"change_message_id":"d0b6bbe4fdbf2e5709982db0883ac40ad770cf3c","unresolved":false,"context_lines":[{"line_number":171,"context_line":"|tenant_id        |uuid    |N/A            |CRD    |Tenant creates logging    |"},{"line_number":172,"context_line":"+-----------------+--------+---------------+-------+--------------------------+"},{"line_number":173,"context_line":"|remote_host      |string  |N/A            |CRD    |Specify Node is will be   |"},{"line_number":174,"context_line":"|                 |        |               |       |log data                  |"},{"line_number":175,"context_line":"+-----------------+--------+---------------+-------+--------------------------+"},{"line_number":176,"context_line":"|log_path         |string  |N/A            |CRD    |Specify location will be  |"},{"line_number":177,"context_line":"|                 |        |               |       |stored log data           |"}],"source_content_type":"text/x-rst","patch_set":20,"id":"ba15a1d1_df811dc5","line":174,"in_reply_to":"ba15a1d1_e9e0fafc","updated":"2015-09-21 01:33:36.000000000","message":"Done","commit_id":"71fbed18d91fd4eb84fff5ab6dec1b395e00fc00"},{"author":{"_account_id":11682,"name":"Ryan Moats","email":"rmoats@us.ibm.com","username":"regXboi"},"change_message_id":"3a4b898129f0bd2aa1d6b66f1f7084b7efa45b16","unresolved":false,"context_lines":[{"line_number":174,"context_line":"|                 |        |               |       |log data                  |"},{"line_number":175,"context_line":"+-----------------+--------+---------------+-------+--------------------------+"},{"line_number":176,"context_line":"|log_path         |string  |N/A            |CRD    |Specify location will be  |"},{"line_number":177,"context_line":"|                 |        |               |       |stored log data           |"},{"line_number":178,"context_line":"+-----------------+--------+---------------+-------+--------------------------+"},{"line_number":179,"context_line":"|log_level        |string  |N/A            |CRD    |Log levels                |"},{"line_number":180,"context_line":"+-----------------+--------+---------------+-------+--------------------------+"}],"source_content_type":"text/x-rst","patch_set":20,"id":"ba15a1d1_89e61e15","line":177,"updated":"2015-09-19 18:34:11.000000000","message":"nit: Specify Location on Node that will store logged data","commit_id":"71fbed18d91fd4eb84fff5ab6dec1b395e00fc00"},{"author":{"_account_id":15905,"name":"Cao Xuan Hoang","email":"xuanhoangqb@gmail.com","username":"hoangcx"},"change_message_id":"d0b6bbe4fdbf2e5709982db0883ac40ad770cf3c","unresolved":false,"context_lines":[{"line_number":174,"context_line":"|                 |        |               |       |log data                  |"},{"line_number":175,"context_line":"+-----------------+--------+---------------+-------+--------------------------+"},{"line_number":176,"context_line":"|log_path         |string  |N/A            |CRD    |Specify location will be  |"},{"line_number":177,"context_line":"|                 |        |               |       |stored log data           |"},{"line_number":178,"context_line":"+-----------------+--------+---------------+-------+--------------------------+"},{"line_number":179,"context_line":"|log_level        |string  |N/A            |CRD    |Log levels                |"},{"line_number":180,"context_line":"+-----------------+--------+---------------+-------+--------------------------+"}],"source_content_type":"text/x-rst","patch_set":20,"id":"ba15a1d1_ff8661da","line":177,"in_reply_to":"ba15a1d1_89e61e15","updated":"2015-09-21 01:33:36.000000000","message":"Done","commit_id":"71fbed18d91fd4eb84fff5ab6dec1b395e00fc00"},{"author":{"_account_id":11682,"name":"Ryan Moats","email":"rmoats@us.ibm.com","username":"regXboi"},"change_message_id":"3a4b898129f0bd2aa1d6b66f1f7084b7efa45b16","unresolved":false,"context_lines":[{"line_number":209,"context_line":"                          \u0027required_by_policy\u0027: True,"},{"line_number":210,"context_line":"                          \u0027is_visible\u0027: True},"},{"line_number":211,"context_line":"            \u0027log_driver_type\u0027: {\u0027allow_post\u0027: False, \u0027allow_put\u0027: False,"},{"line_number":212,"context_line":"                                \u0027is_visible\u0027: True},"},{"line_number":213,"context_line":"        },"},{"line_number":214,"context_line":"        \u0027fw_rules\u0027: {"},{"line_number":215,"context_line":"            \u0027id\u0027: {\u0027allow_post\u0027: False, \u0027allow_put\u0027: False,"}],"source_content_type":"text/x-rst","patch_set":20,"id":"ba15a1d1_09b9aeec","line":212,"updated":"2015-09-19 18:34:11.000000000","message":"Doesn\u0027t this require a column in the sg_rules impact table above to store the log_driver_type for a particular rule?","commit_id":"71fbed18d91fd4eb84fff5ab6dec1b395e00fc00"},{"author":{"_account_id":15905,"name":"Cao Xuan Hoang","email":"xuanhoangqb@gmail.com","username":"hoangcx"},"change_message_id":"d0b6bbe4fdbf2e5709982db0883ac40ad770cf3c","unresolved":false,"context_lines":[{"line_number":209,"context_line":"                          \u0027required_by_policy\u0027: True,"},{"line_number":210,"context_line":"                          \u0027is_visible\u0027: True},"},{"line_number":211,"context_line":"            \u0027log_driver_type\u0027: {\u0027allow_post\u0027: False, \u0027allow_put\u0027: False,"},{"line_number":212,"context_line":"                                \u0027is_visible\u0027: True},"},{"line_number":213,"context_line":"        },"},{"line_number":214,"context_line":"        \u0027fw_rules\u0027: {"},{"line_number":215,"context_line":"            \u0027id\u0027: {\u0027allow_post\u0027: False, \u0027allow_put\u0027: False,"}],"source_content_type":"text/x-rst","patch_set":20,"id":"ba15a1d1_5f766d07","line":212,"in_reply_to":"ba15a1d1_09b9aeec","updated":"2015-09-21 01:33:36.000000000","message":"No. This doesn\u0027t need a column in the sg_rules impact table above. This is just reference to logger drivers to show information in detail.","commit_id":"71fbed18d91fd4eb84fff5ab6dec1b395e00fc00"},{"author":{"_account_id":11682,"name":"Ryan Moats","email":"rmoats@us.ibm.com","username":"regXboi"},"change_message_id":"9d03ea0bf119771725ba5a4816096a18bfee2735","unresolved":false,"context_lines":[{"line_number":209,"context_line":"                          \u0027required_by_policy\u0027: True,"},{"line_number":210,"context_line":"                          \u0027is_visible\u0027: True},"},{"line_number":211,"context_line":"            \u0027log_driver_type\u0027: {\u0027allow_post\u0027: False, \u0027allow_put\u0027: False,"},{"line_number":212,"context_line":"                                \u0027is_visible\u0027: True},"},{"line_number":213,"context_line":"        },"},{"line_number":214,"context_line":"        \u0027fw_rules\u0027: {"},{"line_number":215,"context_line":"            \u0027id\u0027: {\u0027allow_post\u0027: False, \u0027allow_put\u0027: False,"}],"source_content_type":"text/x-rst","patch_set":20,"id":"ba15a1d1_716eb697","line":212,"in_reply_to":"ba15a1d1_5f766d07","updated":"2015-09-22 15:03:39.000000000","message":"so you are proposing to do a join between the two tables to display this?","commit_id":"71fbed18d91fd4eb84fff5ab6dec1b395e00fc00"},{"author":{"_account_id":15905,"name":"Cao Xuan Hoang","email":"xuanhoangqb@gmail.com","username":"hoangcx"},"change_message_id":"91a1b46b2e8c817891ada01e61f707b82308544f","unresolved":false,"context_lines":[{"line_number":209,"context_line":"                          \u0027required_by_policy\u0027: True,"},{"line_number":210,"context_line":"                          \u0027is_visible\u0027: True},"},{"line_number":211,"context_line":"            \u0027log_driver_type\u0027: {\u0027allow_post\u0027: False, \u0027allow_put\u0027: False,"},{"line_number":212,"context_line":"                                \u0027is_visible\u0027: True},"},{"line_number":213,"context_line":"        },"},{"line_number":214,"context_line":"        \u0027fw_rules\u0027: {"},{"line_number":215,"context_line":"            \u0027id\u0027: {\u0027allow_post\u0027: False, \u0027allow_put\u0027: False,"}],"source_content_type":"text/x-rst","patch_set":20,"id":"ba15a1d1_681eb371","line":212,"in_reply_to":"ba15a1d1_716eb697","updated":"2015-09-23 03:11:01.000000000","message":"Yes.","commit_id":"71fbed18d91fd4eb84fff5ab6dec1b395e00fc00"},{"author":{"_account_id":11682,"name":"Ryan Moats","email":"rmoats@us.ibm.com","username":"regXboi"},"change_message_id":"3a4b898129f0bd2aa1d6b66f1f7084b7efa45b16","unresolved":false,"context_lines":[{"line_number":224,"context_line":"                          \u0027is_visible\u0027: True},"},{"line_number":225,"context_line":"            \u0027log_driver_type\u0027: {\u0027allow_post\u0027: False, \u0027allow_put\u0027: False,"},{"line_number":226,"context_line":"                                \u0027is_visible\u0027: True},"},{"line_number":227,"context_line":"        }"},{"line_number":228,"context_line":"        \u0027log_driver_types\u0027: {"},{"line_number":229,"context_line":"            \u0027type\u0027: {\u0027allow_post\u0027: False, \u0027allow_put\u0027: False,"},{"line_number":230,"context_line":"                     \u0027is_visible\u0027: True},"}],"source_content_type":"text/x-rst","patch_set":20,"id":"ba15a1d1_e9b79af3","line":227,"updated":"2015-09-19 18:34:11.000000000","message":"Doesn\u0027t this require a column in the firewall impact table above to store the log_driver_type for a particular rule?","commit_id":"71fbed18d91fd4eb84fff5ab6dec1b395e00fc00"},{"author":{"_account_id":11682,"name":"Ryan Moats","email":"rmoats@us.ibm.com","username":"regXboi"},"change_message_id":"9d03ea0bf119771725ba5a4816096a18bfee2735","unresolved":false,"context_lines":[{"line_number":224,"context_line":"                          \u0027is_visible\u0027: True},"},{"line_number":225,"context_line":"            \u0027log_driver_type\u0027: {\u0027allow_post\u0027: False, \u0027allow_put\u0027: False,"},{"line_number":226,"context_line":"                                \u0027is_visible\u0027: True},"},{"line_number":227,"context_line":"        }"},{"line_number":228,"context_line":"        \u0027log_driver_types\u0027: {"},{"line_number":229,"context_line":"            \u0027type\u0027: {\u0027allow_post\u0027: False, \u0027allow_put\u0027: False,"},{"line_number":230,"context_line":"                     \u0027is_visible\u0027: True},"}],"source_content_type":"text/x-rst","patch_set":20,"id":"ba15a1d1_b1120e08","line":227,"in_reply_to":"ba15a1d1_3f64d947","updated":"2015-09-22 15:03:39.000000000","message":"ditto above comment","commit_id":"71fbed18d91fd4eb84fff5ab6dec1b395e00fc00"},{"author":{"_account_id":15905,"name":"Cao Xuan Hoang","email":"xuanhoangqb@gmail.com","username":"hoangcx"},"change_message_id":"91a1b46b2e8c817891ada01e61f707b82308544f","unresolved":false,"context_lines":[{"line_number":224,"context_line":"                          \u0027is_visible\u0027: True},"},{"line_number":225,"context_line":"            \u0027log_driver_type\u0027: {\u0027allow_post\u0027: False, \u0027allow_put\u0027: False,"},{"line_number":226,"context_line":"                                \u0027is_visible\u0027: True},"},{"line_number":227,"context_line":"        }"},{"line_number":228,"context_line":"        \u0027log_driver_types\u0027: {"},{"line_number":229,"context_line":"            \u0027type\u0027: {\u0027allow_post\u0027: False, \u0027allow_put\u0027: False,"},{"line_number":230,"context_line":"                     \u0027is_visible\u0027: True},"}],"source_content_type":"text/x-rst","patch_set":20,"id":"ba15a1d1_cef90782","line":227,"in_reply_to":"ba15a1d1_b1120e08","updated":"2015-09-23 03:11:01.000000000","message":"Yes.","commit_id":"71fbed18d91fd4eb84fff5ab6dec1b395e00fc00"},{"author":{"_account_id":15905,"name":"Cao Xuan Hoang","email":"xuanhoangqb@gmail.com","username":"hoangcx"},"change_message_id":"d0b6bbe4fdbf2e5709982db0883ac40ad770cf3c","unresolved":false,"context_lines":[{"line_number":224,"context_line":"                          \u0027is_visible\u0027: True},"},{"line_number":225,"context_line":"            \u0027log_driver_type\u0027: {\u0027allow_post\u0027: False, \u0027allow_put\u0027: False,"},{"line_number":226,"context_line":"                                \u0027is_visible\u0027: True},"},{"line_number":227,"context_line":"        }"},{"line_number":228,"context_line":"        \u0027log_driver_types\u0027: {"},{"line_number":229,"context_line":"            \u0027type\u0027: {\u0027allow_post\u0027: False, \u0027allow_put\u0027: False,"},{"line_number":230,"context_line":"                     \u0027is_visible\u0027: True},"}],"source_content_type":"text/x-rst","patch_set":20,"id":"ba15a1d1_3f64d947","line":227,"in_reply_to":"ba15a1d1_e9b79af3","updated":"2015-09-21 01:33:36.000000000","message":"No. This doesn\u0027t need a column in the fw_rules impact table above. This is just reference to logger drivers to show information in detail.","commit_id":"71fbed18d91fd4eb84fff5ab6dec1b395e00fc00"},{"author":{"_account_id":11682,"name":"Ryan Moats","email":"rmoats@us.ibm.com","username":"regXboi"},"change_message_id":"3a4b898129f0bd2aa1d6b66f1f7084b7efa45b16","unresolved":false,"context_lines":[{"line_number":280,"context_line":"|rsyslog             |/logging/{tenant_id}/rsyslog/{id}    |GET               |"},{"line_number":281,"context_line":"+--------------------+-------------------------------------+------------------+"},{"line_number":282,"context_line":"|rsyslog             |/logging/{tenant_id}/rsyslog/{id}    |DELETE            |"},{"line_number":283,"context_line":"+--------------------+-------------------------------------+------------------+"},{"line_number":284,"context_line":""},{"line_number":285,"context_line":""},{"line_number":286,"context_line":"Sample request/responses for sg-rule logging. That\u0027s similar to fw-rule logging."}],"source_content_type":"text/x-rst","patch_set":20,"id":"ba15a1d1_89cdbe88","line":283,"updated":"2015-09-19 18:34:11.000000000","message":"I expect I\u0027ll have comments on this section once the data impact quesitons above are clarified","commit_id":"71fbed18d91fd4eb84fff5ab6dec1b395e00fc00"},{"author":{"_account_id":15905,"name":"Cao Xuan Hoang","email":"xuanhoangqb@gmail.com","username":"hoangcx"},"change_message_id":"d0b6bbe4fdbf2e5709982db0883ac40ad770cf3c","unresolved":false,"context_lines":[{"line_number":280,"context_line":"|rsyslog             |/logging/{tenant_id}/rsyslog/{id}    |GET               |"},{"line_number":281,"context_line":"+--------------------+-------------------------------------+------------------+"},{"line_number":282,"context_line":"|rsyslog             |/logging/{tenant_id}/rsyslog/{id}    |DELETE            |"},{"line_number":283,"context_line":"+--------------------+-------------------------------------+------------------+"},{"line_number":284,"context_line":""},{"line_number":285,"context_line":""},{"line_number":286,"context_line":"Sample request/responses for sg-rule logging. That\u0027s similar to fw-rule logging."}],"source_content_type":"text/x-rst","patch_set":20,"id":"ba15a1d1_df583d8d","line":283,"in_reply_to":"ba15a1d1_89cdbe88","updated":"2015-09-21 01:33:36.000000000","message":"Yes. Please.","commit_id":"71fbed18d91fd4eb84fff5ab6dec1b395e00fc00"},{"author":{"_account_id":11682,"name":"Ryan Moats","email":"rmoats@us.ibm.com","username":"regXboi"},"change_message_id":"9d03ea0bf119771725ba5a4816096a18bfee2735","unresolved":false,"context_lines":[{"line_number":292,"context_line":"        {"},{"line_number":293,"context_line":"            \"sg_rule\": {"},{"line_number":294,"context_line":"                \"rule_id\": \"e30abd17-fef9-4739-8617-dc26da88e686\","},{"line_number":295,"context_line":"                \"log_level\": \"info\","},{"line_number":296,"context_line":"             }"},{"line_number":297,"context_line":"        }"},{"line_number":298,"context_line":""}],"source_content_type":"text/x-rst","patch_set":20,"id":"ba15a1d1_11c97a78","line":295,"updated":"2015-09-22 15:03:39.000000000","message":"I\u0027m not comfortable with a direct drop into log_level here, I think you should either specify the missing pieces to get to the right place or update the attribute information above.","commit_id":"71fbed18d91fd4eb84fff5ab6dec1b395e00fc00"},{"author":{"_account_id":15905,"name":"Cao Xuan Hoang","email":"xuanhoangqb@gmail.com","username":"hoangcx"},"change_message_id":"91a1b46b2e8c817891ada01e61f707b82308544f","unresolved":false,"context_lines":[{"line_number":292,"context_line":"        {"},{"line_number":293,"context_line":"            \"sg_rule\": {"},{"line_number":294,"context_line":"                \"rule_id\": \"e30abd17-fef9-4739-8617-dc26da88e686\","},{"line_number":295,"context_line":"                \"log_level\": \"info\","},{"line_number":296,"context_line":"             }"},{"line_number":297,"context_line":"        }"},{"line_number":298,"context_line":""}],"source_content_type":"text/x-rst","patch_set":20,"id":"ba15a1d1_cb3b39d0","line":295,"in_reply_to":"ba15a1d1_11c97a78","updated":"2015-09-23 03:11:01.000000000","message":"I\u0027m sorry. This is my mistake when update from PS19 to PS20. This line should be removed and moved to  L329 below.","commit_id":"71fbed18d91fd4eb84fff5ab6dec1b395e00fc00"},{"author":{"_account_id":11682,"name":"Ryan Moats","email":"rmoats@us.ibm.com","username":"regXboi"},"change_message_id":"9d03ea0bf119771725ba5a4816096a18bfee2735","unresolved":false,"context_lines":[{"line_number":301,"context_line":"           \"sg_rule\": {"},{"line_number":302,"context_line":"               \"id\": \"46ebaec0-0570-43ac-82f6-60d2b03168c4\","},{"line_number":303,"context_line":"               \"tenant_id\": \"8d4c70a21fed4aeba121a1a429ba0d04\","},{"line_number":304,"context_line":"               \"rule_id\": \"e30abd17-fef9-4739-8617-dc26da88e686\","},{"line_number":305,"context_line":"           }"},{"line_number":306,"context_line":"        }"},{"line_number":307,"context_line":""}],"source_content_type":"text/x-rst","patch_set":20,"id":"ba15a1d1_5196124d","line":304,"updated":"2015-09-22 15:03:39.000000000","message":"imho, the response should include all information in the request","commit_id":"71fbed18d91fd4eb84fff5ab6dec1b395e00fc00"},{"author":{"_account_id":15905,"name":"Cao Xuan Hoang","email":"xuanhoangqb@gmail.com","username":"hoangcx"},"change_message_id":"91a1b46b2e8c817891ada01e61f707b82308544f","unresolved":false,"context_lines":[{"line_number":301,"context_line":"           \"sg_rule\": {"},{"line_number":302,"context_line":"               \"id\": \"46ebaec0-0570-43ac-82f6-60d2b03168c4\","},{"line_number":303,"context_line":"               \"tenant_id\": \"8d4c70a21fed4aeba121a1a429ba0d04\","},{"line_number":304,"context_line":"               \"rule_id\": \"e30abd17-fef9-4739-8617-dc26da88e686\","},{"line_number":305,"context_line":"           }"},{"line_number":306,"context_line":"        }"},{"line_number":307,"context_line":""}],"source_content_type":"text/x-rst","patch_set":20,"id":"ba15a1d1_0ba291fc","line":304,"in_reply_to":"ba15a1d1_5196124d","updated":"2015-09-23 03:11:01.000000000","message":"Yes. This response has already included all information in the request as sg_rules logging table.\nMaybe it makes you confused with above wrong request.","commit_id":"71fbed18d91fd4eb84fff5ab6dec1b395e00fc00"},{"author":{"_account_id":11682,"name":"Ryan Moats","email":"rmoats@us.ibm.com","username":"regXboi"},"change_message_id":"9d03ea0bf119771725ba5a4816096a18bfee2735","unresolved":false,"context_lines":[{"line_number":353,"context_line":"                \"tenant_id\": \"8d4c70a21fed4aeba121a1a429ba0d04\","},{"line_number":354,"context_line":"                \"id\": \"46ebaec0-0570-43ac-82f6-60d2b03168c4\","},{"line_number":355,"context_line":"                \"rule_id\": \"e30abd17-fef9-4739-8617-dc26da88e686\","},{"line_number":356,"context_line":"                \"rsyslog\": [{"},{"line_number":357,"context_line":"                    \"id\": \"5f126d84-551a-4dcf-bb01-0e9c0df0c793\","},{"line_number":358,"context_line":"                    \"tenant_id\": \"8d4c70a21fed4aeba121a1a429ba0d04\","},{"line_number":359,"context_line":"                    \"remote_host\": \"10.164.176.132:514\","}],"source_content_type":"text/x-rst","patch_set":20,"id":"ba15a1d1_71f47686","line":356,"updated":"2015-09-22 15:03:39.000000000","message":"This doesn\u0027t line up with the attribute information provided above","commit_id":"71fbed18d91fd4eb84fff5ab6dec1b395e00fc00"},{"author":{"_account_id":15905,"name":"Cao Xuan Hoang","email":"xuanhoangqb@gmail.com","username":"hoangcx"},"change_message_id":"91a1b46b2e8c817891ada01e61f707b82308544f","unresolved":false,"context_lines":[{"line_number":353,"context_line":"                \"tenant_id\": \"8d4c70a21fed4aeba121a1a429ba0d04\","},{"line_number":354,"context_line":"                \"id\": \"46ebaec0-0570-43ac-82f6-60d2b03168c4\","},{"line_number":355,"context_line":"                \"rule_id\": \"e30abd17-fef9-4739-8617-dc26da88e686\","},{"line_number":356,"context_line":"                \"rsyslog\": [{"},{"line_number":357,"context_line":"                    \"id\": \"5f126d84-551a-4dcf-bb01-0e9c0df0c793\","},{"line_number":358,"context_line":"                    \"tenant_id\": \"8d4c70a21fed4aeba121a1a429ba0d04\","},{"line_number":359,"context_line":"                    \"remote_host\": \"10.164.176.132:514\","}],"source_content_type":"text/x-rst","patch_set":20,"id":"ba15a1d1_8b8d417e","line":356,"in_reply_to":"ba15a1d1_71f47686","updated":"2015-09-23 03:11:01.000000000","message":"This information is referred to logger driver table to show information in detail.\n\nWith the attribute provided above: In that case, we just created logging rule but has not applied this rule to any log driver type. So it doesn\u0027t line up.","commit_id":"71fbed18d91fd4eb84fff5ab6dec1b395e00fc00"}],"specs/liberty/packet-logging.rst":[{"author":{"_account_id":17096,"name":"Aditi Rajagopal","email":"arajagopal@us.ibm.com","username":"aditirajagopal"},"change_message_id":"f45e45cdd930c25bb09378b30b4893285d0e032a","unresolved":false,"context_lines":[{"line_number":15,"context_line":""},{"line_number":16,"context_line":"Operators need packet logs for trouble shooting."},{"line_number":17,"context_line":"However, current Neutron doesn\u0027t have the packet logging function."},{"line_number":18,"context_line":"e.g. Security-group, Firewall"},{"line_number":19,"context_line":""},{"line_number":20,"context_line":"Changing Security-group API/DB column and implement logging function"},{"line_number":21,"context_line":"is bad approach because of the compatibility with AWS Security-group."}],"source_content_type":"text/x-rst","patch_set":1,"id":"3a50d1a3_07040abe","line":18,"updated":"2015-07-20 18:37:59.000000000","message":"Please consider rewording the block of text above as follows:\n\"We would like to implement a packet logging API for neutron resources in order to make the trouble shooting process easier for operators (or Cloud admins, developers etc).\n\nPacket logging is currently a missing component in Neutron (particularly for security-group \u0026 firewall), and it is critical for troubleshooting.","commit_id":"9615adf9af0fba2012b43e4884829d5ed6e7efe4"},{"author":{"_account_id":13702,"name":"yushiro","username":"yushiro","inactive":true},"change_message_id":"d33b03e94ac7ff8e348a4c931cbb1ad522b553fb","unresolved":false,"context_lines":[{"line_number":15,"context_line":""},{"line_number":16,"context_line":"Operators need packet logs for trouble shooting."},{"line_number":17,"context_line":"However, current Neutron doesn\u0027t have the packet logging function."},{"line_number":18,"context_line":"e.g. Security-group, Firewall"},{"line_number":19,"context_line":""},{"line_number":20,"context_line":"Changing Security-group API/DB column and implement logging function"},{"line_number":21,"context_line":"is bad approach because of the compatibility with AWS Security-group."}],"source_content_type":"text/x-rst","patch_set":1,"id":"3a50d1a3_23733382","line":18,"in_reply_to":"3a50d1a3_07040abe","updated":"2015-07-20 21:08:05.000000000","message":"Done","commit_id":"9615adf9af0fba2012b43e4884829d5ed6e7efe4"},{"author":{"_account_id":17096,"name":"Aditi Rajagopal","email":"arajagopal@us.ibm.com","username":"aditirajagopal"},"change_message_id":"f45e45cdd930c25bb09378b30b4893285d0e032a","unresolved":false,"context_lines":[{"line_number":19,"context_line":""},{"line_number":20,"context_line":"Changing Security-group API/DB column and implement logging function"},{"line_number":21,"context_line":"is bad approach because of the compatibility with AWS Security-group."},{"line_number":22,"context_line":"FWaaS also should not change the API/DB column."},{"line_number":23,"context_line":""},{"line_number":24,"context_line":"Hence, the common API that set logging configuration is necessary."},{"line_number":25,"context_line":""}],"source_content_type":"text/x-rst","patch_set":1,"id":"3a50d1a3_c78f0222","line":22,"updated":"2015-07-20 18:37:59.000000000","message":"Please consider rewording this paragraph as follows: \"Changing the security-group API/DB column by adding a logging function would break the compatibility with the AWS Security-group\" For the same reason, we should avoid changing the API/DB column in FWaaS.","commit_id":"9615adf9af0fba2012b43e4884829d5ed6e7efe4"},{"author":{"_account_id":13702,"name":"yushiro","username":"yushiro","inactive":true},"change_message_id":"d33b03e94ac7ff8e348a4c931cbb1ad522b553fb","unresolved":false,"context_lines":[{"line_number":19,"context_line":""},{"line_number":20,"context_line":"Changing Security-group API/DB column and implement logging function"},{"line_number":21,"context_line":"is bad approach because of the compatibility with AWS Security-group."},{"line_number":22,"context_line":"FWaaS also should not change the API/DB column."},{"line_number":23,"context_line":""},{"line_number":24,"context_line":"Hence, the common API that set logging configuration is necessary."},{"line_number":25,"context_line":""}],"source_content_type":"text/x-rst","patch_set":1,"id":"3a50d1a3_63261b6a","line":22,"in_reply_to":"3a50d1a3_c78f0222","updated":"2015-07-20 21:08:05.000000000","message":"Done","commit_id":"9615adf9af0fba2012b43e4884829d5ed6e7efe4"},{"author":{"_account_id":17096,"name":"Aditi Rajagopal","email":"arajagopal@us.ibm.com","username":"aditirajagopal"},"change_message_id":"f45e45cdd930c25bb09378b30b4893285d0e032a","unresolved":false,"context_lines":[{"line_number":36,"context_line":"   or were dropped."},{"line_number":37,"context_line":""},{"line_number":38,"context_line":"    * To show logs for tenant-users, the function which is able to correct log"},{"line_number":39,"context_line":"      and filter is necessary.  Therefore, it is out-of-scope in this specs."},{"line_number":40,"context_line":""},{"line_number":41,"context_line":"Proposed Change"},{"line_number":42,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"}],"source_content_type":"text/x-rst","patch_set":1,"id":"3a50d1a3_4740d2a5","line":39,"updated":"2015-07-20 18:37:59.000000000","message":"I don\u0027t think it is necessary to add Tenant-Users in this part of the spec. I think it would be sufficient enough for you to state this in the intro: \n\n\"In the future, the API can be expanded to satisfy the needs to Tenant-Users; this would involve additional filtering which would be out of scope for this spec.\"","commit_id":"9615adf9af0fba2012b43e4884829d5ed6e7efe4"},{"author":{"_account_id":13702,"name":"yushiro","username":"yushiro","inactive":true},"change_message_id":"d33b03e94ac7ff8e348a4c931cbb1ad522b553fb","unresolved":false,"context_lines":[{"line_number":36,"context_line":"   or were dropped."},{"line_number":37,"context_line":""},{"line_number":38,"context_line":"    * To show logs for tenant-users, the function which is able to correct log"},{"line_number":39,"context_line":"      and filter is necessary.  Therefore, it is out-of-scope in this specs."},{"line_number":40,"context_line":""},{"line_number":41,"context_line":"Proposed Change"},{"line_number":42,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"}],"source_content_type":"text/x-rst","patch_set":1,"id":"3a50d1a3_de4b4458","line":39,"in_reply_to":"3a50d1a3_4740d2a5","updated":"2015-07-20 21:08:05.000000000","message":"Done","commit_id":"9615adf9af0fba2012b43e4884829d5ed6e7efe4"},{"author":{"_account_id":9911,"name":"Wei Wang","email":"wangwei@unitedstack.com","username":"DamonWang"},"change_message_id":"73c1e7d10164c5962cc3b65bb2235d5299cfa160","unresolved":false,"context_lines":[{"line_number":49,"context_line":"    * ex. /var/log/neutron/security-group/security-group.log"},{"line_number":50,"context_line":"    *     /var/log/neutron/firewall/firewall.log"},{"line_number":51,"context_line":""},{"line_number":52,"context_line":"* The output logs will be limited on the number of files and wrap up the logs"},{"line_number":53,"context_line":"  if the max is reached by using log rotate Linux feature."},{"line_number":54,"context_line":""},{"line_number":55,"context_line":"* Only operators can control logging or not."}],"source_content_type":"text/x-rst","patch_set":1,"id":"3a50d1a3_e9ceb059","line":52,"updated":"2015-07-20 10:31:47.000000000","message":"file size will be a quota, right?","commit_id":"9615adf9af0fba2012b43e4884829d5ed6e7efe4"},{"author":{"_account_id":13702,"name":"yushiro","username":"yushiro","inactive":true},"change_message_id":"3229c2e112a3f0883af7a67fde9488137a657586","unresolved":false,"context_lines":[{"line_number":49,"context_line":"    * ex. /var/log/neutron/security-group/security-group.log"},{"line_number":50,"context_line":"    *     /var/log/neutron/firewall/firewall.log"},{"line_number":51,"context_line":""},{"line_number":52,"context_line":"* The output logs will be limited on the number of files and wrap up the logs"},{"line_number":53,"context_line":"  if the max is reached by using log rotate Linux feature."},{"line_number":54,"context_line":""},{"line_number":55,"context_line":"* Only operators can control logging or not."}],"source_content_type":"text/x-rst","patch_set":1,"id":"3a50d1a3_5ad199cc","line":52,"in_reply_to":"3a50d1a3_e9ceb059","updated":"2015-07-20 13:55:41.000000000","message":"No. In current implementation, log rotate configuration is set when installing OpenStack.\nWe\u0027ll use log rotate feature in Linux.\nMaybe, we\u0027ll post WIP at Wednesday. Please confirm it.","commit_id":"9615adf9af0fba2012b43e4884829d5ed6e7efe4"},{"author":{"_account_id":9911,"name":"Wei Wang","email":"wangwei@unitedstack.com","username":"DamonWang"},"change_message_id":"73c1e7d10164c5962cc3b65bb2235d5299cfa160","unresolved":false,"context_lines":[{"line_number":50,"context_line":"    *     /var/log/neutron/firewall/firewall.log"},{"line_number":51,"context_line":""},{"line_number":52,"context_line":"* The output logs will be limited on the number of files and wrap up the logs"},{"line_number":53,"context_line":"  if the max is reached by using log rotate Linux feature."},{"line_number":54,"context_line":""},{"line_number":55,"context_line":"* Only operators can control logging or not."},{"line_number":56,"context_line":""}],"source_content_type":"text/x-rst","patch_set":1,"id":"3a50d1a3_c920944c","line":53,"updated":"2015-07-20 10:31:47.000000000","message":"Speed of Log writing seems also needed, especially when user get a DoS attack, but I\u0027m not sure whether we can.","commit_id":"9615adf9af0fba2012b43e4884829d5ed6e7efe4"},{"author":{"_account_id":13702,"name":"yushiro","username":"yushiro","inactive":true},"change_message_id":"3229c2e112a3f0883af7a67fde9488137a657586","unresolved":false,"context_lines":[{"line_number":50,"context_line":"    *     /var/log/neutron/firewall/firewall.log"},{"line_number":51,"context_line":""},{"line_number":52,"context_line":"* The output logs will be limited on the number of files and wrap up the logs"},{"line_number":53,"context_line":"  if the max is reached by using log rotate Linux feature."},{"line_number":54,"context_line":""},{"line_number":55,"context_line":"* Only operators can control logging or not."},{"line_number":56,"context_line":""}],"source_content_type":"text/x-rst","patch_set":1,"id":"3a50d1a3_1a279113","line":53,"in_reply_to":"3a50d1a3_c920944c","updated":"2015-07-20 13:55:41.000000000","message":"DDoS attack is not confined to matters of this spec.\nI think hitcount feature is a one of solution about that. However, hit count feature is out-of-scope.","commit_id":"9615adf9af0fba2012b43e4884829d5ed6e7efe4"},{"author":{"_account_id":17096,"name":"Aditi Rajagopal","email":"arajagopal@us.ibm.com","username":"aditirajagopal"},"change_message_id":"f45e45cdd930c25bb09378b30b4893285d0e032a","unresolved":false,"context_lines":[{"line_number":52,"context_line":"* The output logs will be limited on the number of files and wrap up the logs"},{"line_number":53,"context_line":"  if the max is reached by using log rotate Linux feature."},{"line_number":54,"context_line":""},{"line_number":55,"context_line":"* Only operators can control logging or not."},{"line_number":56,"context_line":""},{"line_number":57,"context_line":"* The logging feature is disabled by default, and it can be enabled by"},{"line_number":58,"context_line":"  something like this."}],"source_content_type":"text/x-rst","patch_set":1,"id":"3a50d1a3_a71196ae","line":55,"updated":"2015-07-20 18:37:59.000000000","message":"nit: consider rewording this to: \"Only operators can enable/disable logging\"","commit_id":"9615adf9af0fba2012b43e4884829d5ed6e7efe4"},{"author":{"_account_id":13702,"name":"yushiro","username":"yushiro","inactive":true},"change_message_id":"d33b03e94ac7ff8e348a4c931cbb1ad522b553fb","unresolved":false,"context_lines":[{"line_number":52,"context_line":"* The output logs will be limited on the number of files and wrap up the logs"},{"line_number":53,"context_line":"  if the max is reached by using log rotate Linux feature."},{"line_number":54,"context_line":""},{"line_number":55,"context_line":"* Only operators can control logging or not."},{"line_number":56,"context_line":""},{"line_number":57,"context_line":"* The logging feature is disabled by default, and it can be enabled by"},{"line_number":58,"context_line":"  something like this."}],"source_content_type":"text/x-rst","patch_set":1,"id":"3a50d1a3_1e420c3f","line":55,"in_reply_to":"3a50d1a3_a71196ae","updated":"2015-07-20 21:08:05.000000000","message":"Done","commit_id":"9615adf9af0fba2012b43e4884829d5ed6e7efe4"},{"author":{"_account_id":9911,"name":"Wei Wang","email":"wangwei@unitedstack.com","username":"DamonWang"},"change_message_id":"73c1e7d10164c5962cc3b65bb2235d5299cfa160","unresolved":false,"context_lines":[{"line_number":70,"context_line":":act:"},{"line_number":71,"context_line":"    Action(ACCEPT/A, Otherwise/D) [Only for Firewall resource]"},{"line_number":72,"context_line":":IN:"},{"line_number":73,"context_line":"    input device"},{"line_number":74,"context_line":":OUT:"},{"line_number":75,"context_line":"    output device"},{"line_number":76,"context_line":":MAC:"}],"source_content_type":"text/x-rst","patch_set":1,"id":"3a50d1a3_a9c5085c","line":73,"updated":"2015-07-20 10:31:47.000000000","message":"the input device users see is like \"ethX\" or \"tapXXX\"?","commit_id":"9615adf9af0fba2012b43e4884829d5ed6e7efe4"},{"author":{"_account_id":13702,"name":"yushiro","username":"yushiro","inactive":true},"change_message_id":"3229c2e112a3f0883af7a67fde9488137a657586","unresolved":false,"context_lines":[{"line_number":70,"context_line":":act:"},{"line_number":71,"context_line":"    Action(ACCEPT/A, Otherwise/D) [Only for Firewall resource]"},{"line_number":72,"context_line":":IN:"},{"line_number":73,"context_line":"    input device"},{"line_number":74,"context_line":":OUT:"},{"line_number":75,"context_line":"    output device"},{"line_number":76,"context_line":":MAC:"}],"source_content_type":"text/x-rst","patch_set":1,"id":"3a50d1a3_5ae759e4","line":73,"in_reply_to":"3a50d1a3_a9c5085c","updated":"2015-07-20 13:55:41.000000000","message":"example:\n\nIN\u003dqbr2fe19647-9a\nOUT\u003dqbr2fe19647-9a","commit_id":"9615adf9af0fba2012b43e4884829d5ed6e7efe4"},{"author":{"_account_id":9911,"name":"Wei Wang","email":"wangwei@unitedstack.com","username":"DamonWang"},"change_message_id":"73c1e7d10164c5962cc3b65bb2235d5299cfa160","unresolved":false,"context_lines":[{"line_number":199,"context_line":"------------------"},{"line_number":200,"context_line":""},{"line_number":201,"context_line":"* Current design is to log data directory into logfile, but considering"},{"line_number":202,"context_line":"  to log data into memory (e.g. cyclic buffer) to minimize performance overhead."},{"line_number":203,"context_line":""},{"line_number":204,"context_line":"IPv6 Impact"},{"line_number":205,"context_line":"-----------"}],"source_content_type":"text/x-rst","patch_set":1,"id":"3a50d1a3_095afc83","line":202,"updated":"2015-07-20 10:31:47.000000000","message":"log performance under heavy traffic, and the memory, cpu and disk usage should be think over.","commit_id":"9615adf9af0fba2012b43e4884829d5ed6e7efe4"},{"author":{"_account_id":9911,"name":"Wei Wang","email":"wangwei@unitedstack.com","username":"DamonWang"},"change_message_id":"73c1e7d10164c5962cc3b65bb2235d5299cfa160","unresolved":false,"context_lines":[{"line_number":236,"context_line":"  y-furukawa-2"},{"line_number":237,"context_line":""},{"line_number":238,"context_line":"Other contributors:"},{"line_number":239,"context_line":"  hoangcx"},{"line_number":240,"context_line":""},{"line_number":241,"context_line":"Work Items"},{"line_number":242,"context_line":"----------"}],"source_content_type":"text/x-rst","patch_set":1,"id":"3a50d1a3_09e8bc7b","line":239,"updated":"2015-07-20 10:31:47.000000000","message":"I\u0027d like make contributions if I can.","commit_id":"9615adf9af0fba2012b43e4884829d5ed6e7efe4"},{"author":{"_account_id":17096,"name":"Aditi Rajagopal","email":"arajagopal@us.ibm.com","username":"aditirajagopal"},"change_message_id":"206522ea7baf57d4a69e17f2e25236f0566fb006","unresolved":false,"context_lines":[{"line_number":19,"context_line":""},{"line_number":20,"context_line":"Changing the security-group API/DB column by adding a logging function"},{"line_number":21,"context_line":"would break the compatibility with the AWS Security-group\" For the same reason,"},{"line_number":22,"context_line":"we should avoid changing the API/DB column in FWaaS."},{"line_number":23,"context_line":""},{"line_number":24,"context_line":"Hence, the common API that set logging configuration is necessary."},{"line_number":25,"context_line":""}],"source_content_type":"text/x-rst","patch_set":2,"id":"3a50d1a3_de3d7abc","line":22,"updated":"2015-07-21 03:21:39.000000000","message":"nit: remove the \" after group, and replace with a \u0027.\u0027","commit_id":"d1fb146a274db2538ed4cfb26130ffa78976ddaf"},{"author":{"_account_id":13702,"name":"yushiro","username":"yushiro","inactive":true},"change_message_id":"e65df9a34de7672b32c78e31086d762c09bb7e2d","unresolved":false,"context_lines":[{"line_number":19,"context_line":""},{"line_number":20,"context_line":"Changing the security-group API/DB column by adding a logging function"},{"line_number":21,"context_line":"would break the compatibility with the AWS Security-group\" For the same reason,"},{"line_number":22,"context_line":"we should avoid changing the API/DB column in FWaaS."},{"line_number":23,"context_line":""},{"line_number":24,"context_line":"Hence, the common API that set logging configuration is necessary."},{"line_number":25,"context_line":""}],"source_content_type":"text/x-rst","patch_set":2,"id":"3a50d1a3_aa738814","line":22,"in_reply_to":"3a50d1a3_de3d7abc","updated":"2015-07-21 07:15:31.000000000","message":"Done","commit_id":"d1fb146a274db2538ed4cfb26130ffa78976ddaf"},{"author":{"_account_id":17096,"name":"Aditi Rajagopal","email":"arajagopal@us.ibm.com","username":"aditirajagopal"},"change_message_id":"206522ea7baf57d4a69e17f2e25236f0566fb006","unresolved":false,"context_lines":[{"line_number":27,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":28,"context_line":""},{"line_number":29,"context_line":"Security-group and Firewall doesn\u0027t have a feature of packet logging at all today,"},{"line_number":30,"context_line":"but it\u0027s necessary for both tenant users and operators(includes Cloud admins, developers)."},{"line_number":31,"context_line":""},{"line_number":32,"context_line":"1. Operators need logs for trouble shooting."},{"line_number":33,"context_line":""}],"source_content_type":"text/x-rst","patch_set":2,"id":"3a50d1a3_be698ec0","line":30,"updated":"2015-07-21 03:21:39.000000000","message":"If you are planning on introducing another patch, feel free to consider rewording the paragraph above to:\n\n\"Packet logging is currently a missing feature in Security-Group, and Firewall, and it is a necessary tool for both tenant users, and operators (including Cloud admins, developers etc).\"","commit_id":"d1fb146a274db2538ed4cfb26130ffa78976ddaf"},{"author":{"_account_id":13702,"name":"yushiro","username":"yushiro","inactive":true},"change_message_id":"e65df9a34de7672b32c78e31086d762c09bb7e2d","unresolved":false,"context_lines":[{"line_number":27,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":28,"context_line":""},{"line_number":29,"context_line":"Security-group and Firewall doesn\u0027t have a feature of packet logging at all today,"},{"line_number":30,"context_line":"but it\u0027s necessary for both tenant users and operators(includes Cloud admins, developers)."},{"line_number":31,"context_line":""},{"line_number":32,"context_line":"1. Operators need logs for trouble shooting."},{"line_number":33,"context_line":""}],"source_content_type":"text/x-rst","patch_set":2,"id":"3a50d1a3_4583d556","line":30,"in_reply_to":"3a50d1a3_be698ec0","updated":"2015-07-21 07:15:31.000000000","message":"Done","commit_id":"d1fb146a274db2538ed4cfb26130ffa78976ddaf"},{"author":{"_account_id":4656,"name":"Sean M. Collins","email":"sean@coreitpro.com","username":"scollins"},"change_message_id":"298c745465661d9867c238032c3a41d8b69b608d","unresolved":false,"context_lines":[{"line_number":48,"context_line":"  in each Compute Node or Network Node using iptables\u0027s log function."},{"line_number":49,"context_line":""},{"line_number":50,"context_line":"    * ex. /var/log/neutron/security-group/security-group.log"},{"line_number":51,"context_line":"    *     /var/log/neutron/firewall/firewall.log"},{"line_number":52,"context_line":""},{"line_number":53,"context_line":"* The output logs will be limited on the number of files and wrap up the logs"},{"line_number":54,"context_line":"  if the max is reached by using log rotate Linux feature."}],"source_content_type":"text/x-rst","patch_set":2,"id":"3a50d1a3_34b1efe1","line":51,"updated":"2015-07-21 19:01:48.000000000","message":"Same comment as your other proposals - logging to a file on a network node is not cloudy - the API should have some way of exposing to the API user where to store the logs. Also, wouldn\u0027t you be creating a logfile per object? perhaps a format of \"object+UUID\"? Not just one file that dumps everything","commit_id":"d1fb146a274db2538ed4cfb26130ffa78976ddaf"},{"author":{"_account_id":13702,"name":"yushiro","username":"yushiro","inactive":true},"change_message_id":"25bacb4e33e3e35d87d021ebd5d985d22aaa69df","unresolved":false,"context_lines":[{"line_number":48,"context_line":"  in each Compute Node or Network Node using iptables\u0027s log function."},{"line_number":49,"context_line":""},{"line_number":50,"context_line":"    * ex. /var/log/neutron/security-group/security-group.log"},{"line_number":51,"context_line":"    *     /var/log/neutron/firewall/firewall.log"},{"line_number":52,"context_line":""},{"line_number":53,"context_line":"* The output logs will be limited on the number of files and wrap up the logs"},{"line_number":54,"context_line":"  if the max is reached by using log rotate Linux feature."}],"source_content_type":"text/x-rst","patch_set":2,"id":"3a50d1a3_1e72e949","line":51,"in_reply_to":"3a50d1a3_34b1efe1","updated":"2015-07-27 09:43:09.000000000","message":"Thank you for your suggestion.\nWe will add the following attributes into REST API: \n\n* \"destination\" : This attribute will use for specifying where log file will be stored. \n                  ex: 10.164.176.133:154 with log file named by \"service_type+UUID\".log\n                  If we don\u0027t specify, log file will be stored in localhost.\n\nWe\u0027ll transfer the logfile to dedicated server by using rsyslog feature.","commit_id":"d1fb146a274db2538ed4cfb26130ffa78976ddaf"},{"author":{"_account_id":4656,"name":"Sean M. Collins","email":"sean@coreitpro.com","username":"scollins"},"change_message_id":"298c745465661d9867c238032c3a41d8b69b608d","unresolved":false,"context_lines":[{"line_number":53,"context_line":"* The output logs will be limited on the number of files and wrap up the logs"},{"line_number":54,"context_line":"  if the max is reached by using log rotate Linux feature."},{"line_number":55,"context_line":""},{"line_number":56,"context_line":"* Only operators can enable/disable logging"},{"line_number":57,"context_line":""},{"line_number":58,"context_line":"* The logging feature is disabled by default, and it can be enabled by"},{"line_number":59,"context_line":"  something like this."}],"source_content_type":"text/x-rst","patch_set":2,"id":"3a50d1a3_54b4bbcf","line":56,"updated":"2015-07-21 19:01:48.000000000","message":"There is no \"operator\" role currently in Neutron IIRC. Do you mean only users with the \"admin\" role?\n\nAlso, your problem statement suggests that later tenants could use this API - can you clarify this point to say the first iteration will be admin only?","commit_id":"d1fb146a274db2538ed4cfb26130ffa78976ddaf"},{"author":{"_account_id":13702,"name":"yushiro","username":"yushiro","inactive":true},"change_message_id":"25bacb4e33e3e35d87d021ebd5d985d22aaa69df","unresolved":false,"context_lines":[{"line_number":53,"context_line":"* The output logs will be limited on the number of files and wrap up the logs"},{"line_number":54,"context_line":"  if the max is reached by using log rotate Linux feature."},{"line_number":55,"context_line":""},{"line_number":56,"context_line":"* Only operators can enable/disable logging"},{"line_number":57,"context_line":""},{"line_number":58,"context_line":"* The logging feature is disabled by default, and it can be enabled by"},{"line_number":59,"context_line":"  something like this."}],"source_content_type":"text/x-rst","patch_set":2,"id":"3a50d1a3_debfa15e","line":56,"in_reply_to":"3a50d1a3_54b4bbcf","updated":"2015-07-27 09:43:09.000000000","message":"You\u0027re right.  \"admin\" role is true.\n\nHowever,\nhttps://review.openstack.org/#/c/132134/4/specs/liberty/security-group-logging.rst  and L.22\nI\u0027ve been commented from other members about \"operators\".\n\nSo, I\u0027ll update about \"admin\" role description.","commit_id":"d1fb146a274db2538ed4cfb26130ffa78976ddaf"},{"author":{"_account_id":4656,"name":"Sean M. Collins","email":"sean@coreitpro.com","username":"scollins"},"change_message_id":"298c745465661d9867c238032c3a41d8b69b608d","unresolved":false,"context_lines":[{"line_number":128,"context_line":"    neutron packet-logging-delete \u003cpacket-logging-id\u003e"},{"line_number":129,"context_line":""},{"line_number":130,"context_line":"Note: --service_type can be \u0027fw\u0027, \u0027fw-rule\u0027, \u0027sg\u0027 or \u0027sg-rule\u0027."},{"line_number":131,"context_line":"      --log_level can be \u0027info\u0027, \u0027warn\u0027, \u0027error\u0027, \u0027debug\u0027 or \u0027notice\u0027."},{"line_number":132,"context_line":""},{"line_number":133,"context_line":"See REST API Impact"},{"line_number":134,"context_line":""}],"source_content_type":"text/x-rst","patch_set":2,"id":"3a50d1a3_f4cb8751","line":131,"updated":"2015-07-21 19:01:48.000000000","message":"You should put this in the description for the service_type in the table, instead of here","commit_id":"d1fb146a274db2538ed4cfb26130ffa78976ddaf"},{"author":{"_account_id":13702,"name":"yushiro","username":"yushiro","inactive":true},"change_message_id":"25bacb4e33e3e35d87d021ebd5d985d22aaa69df","unresolved":false,"context_lines":[{"line_number":128,"context_line":"    neutron packet-logging-delete \u003cpacket-logging-id\u003e"},{"line_number":129,"context_line":""},{"line_number":130,"context_line":"Note: --service_type can be \u0027fw\u0027, \u0027fw-rule\u0027, \u0027sg\u0027 or \u0027sg-rule\u0027."},{"line_number":131,"context_line":"      --log_level can be \u0027info\u0027, \u0027warn\u0027, \u0027error\u0027, \u0027debug\u0027 or \u0027notice\u0027."},{"line_number":132,"context_line":""},{"line_number":133,"context_line":"See REST API Impact"},{"line_number":134,"context_line":""}],"source_content_type":"text/x-rst","patch_set":2,"id":"3a50d1a3_9e7039de","line":131,"in_reply_to":"3a50d1a3_f4cb8751","updated":"2015-07-27 09:43:09.000000000","message":"Done","commit_id":"d1fb146a274db2538ed4cfb26130ffa78976ddaf"},{"author":{"_account_id":17096,"name":"Aditi Rajagopal","email":"arajagopal@us.ibm.com","username":"aditirajagopal"},"change_message_id":"206522ea7baf57d4a69e17f2e25236f0566fb006","unresolved":false,"context_lines":[{"line_number":200,"context_line":"------------------"},{"line_number":201,"context_line":""},{"line_number":202,"context_line":"* Current design is to log data directory into logfile, but considering"},{"line_number":203,"context_line":"  to log data into memory (e.g. cyclic buffer) to minimize performance overhead."},{"line_number":204,"context_line":""},{"line_number":205,"context_line":"IPv6 Impact"},{"line_number":206,"context_line":"-----------"}],"source_content_type":"text/x-rst","patch_set":2,"id":"3a50d1a3_be5f4e40","line":203,"updated":"2015-07-21 03:21:39.000000000","message":"Could you please provide more details here? I\u0027m assuming you mean \"log data directly into a logfile\" but I\u0027m not sure what you mean by \"considering to log data into memory\"\n\nI can help reword this, but I would need more details :)","commit_id":"d1fb146a274db2538ed4cfb26130ffa78976ddaf"},{"author":{"_account_id":13702,"name":"yushiro","username":"yushiro","inactive":true},"change_message_id":"e65df9a34de7672b32c78e31086d762c09bb7e2d","unresolved":false,"context_lines":[{"line_number":200,"context_line":"------------------"},{"line_number":201,"context_line":""},{"line_number":202,"context_line":"* Current design is to log data directory into logfile, but considering"},{"line_number":203,"context_line":"  to log data into memory (e.g. cyclic buffer) to minimize performance overhead."},{"line_number":204,"context_line":""},{"line_number":205,"context_line":"IPv6 Impact"},{"line_number":206,"context_line":"-----------"}],"source_content_type":"text/x-rst","patch_set":2,"id":"3a50d1a3_6ac020e1","line":203,"in_reply_to":"3a50d1a3_be5f4e40","updated":"2015-07-21 07:15:31.000000000","message":"I\u0027ll explain about current implementation :)\n\nWe use syslog to forward packets that has identifier to user log file (for ex. packet come to device -\u003e syslog -\u003e parse -\u003e user log file)","commit_id":"d1fb146a274db2538ed4cfb26130ffa78976ddaf"},{"author":{"_account_id":9911,"name":"Wei Wang","email":"wangwei@unitedstack.com","username":"DamonWang"},"change_message_id":"c8df498cfc8a40e6c1fcb15d27093d7a62c1edc9","unresolved":false,"context_lines":[{"line_number":110,"context_line":""},{"line_number":111,"context_line":"example log::"},{"line_number":112,"context_line":""},{"line_number":113,"context_line":"  [sg]:[i f0343833-ae61-48ee-98] IN\u003dqbr2fe19647-9a"},{"line_number":114,"context_line":"  OUT\u003dqbr2fe19647-9a PHYSIN\u003dqvb2fe19647-9a PHYSOUT\u003dtap2fe19647-9a"},{"line_number":115,"context_line":"  MAC\u003dff:ff:ff:ff:ff:ff:86:D4:00:35:23:66:08:00 SRC\u003d0.0.0.0"},{"line_number":116,"context_line":"  DST\u003d255.255.255.255 LEN\u003d328 TOS\u003d0x10 PREC\u003d0x00 TTL\u003d128 ID\u003d0"}],"source_content_type":"text/x-rst","patch_set":3,"id":"3a50d1a3_ac09612e","line":113,"updated":"2015-07-21 07:44:04.000000000","message":"Is that appropriate to show qbrXXX to consumer since it will show mechanism under cloud? Especially when we use it in public cloud.","commit_id":"3ddd8f19a1ed86932976c564465b2e6c9caade3b"},{"author":{"_account_id":15905,"name":"Cao Xuan Hoang","email":"xuanhoangqb@gmail.com","username":"hoangcx"},"change_message_id":"6d2ee42f68ef88ed5f1abb6d8d0e96a328b041db","unresolved":false,"context_lines":[{"line_number":110,"context_line":""},{"line_number":111,"context_line":"example log::"},{"line_number":112,"context_line":""},{"line_number":113,"context_line":"  [sg]:[i f0343833-ae61-48ee-98] IN\u003dqbr2fe19647-9a"},{"line_number":114,"context_line":"  OUT\u003dqbr2fe19647-9a PHYSIN\u003dqvb2fe19647-9a PHYSOUT\u003dtap2fe19647-9a"},{"line_number":115,"context_line":"  MAC\u003dff:ff:ff:ff:ff:ff:86:D4:00:35:23:66:08:00 SRC\u003d0.0.0.0"},{"line_number":116,"context_line":"  DST\u003d255.255.255.255 LEN\u003d328 TOS\u003d0x10 PREC\u003d0x00 TTL\u003d128 ID\u003d0"}],"source_content_type":"text/x-rst","patch_set":3,"id":"3a50d1a3_408f3ccc","line":113,"in_reply_to":"3a50d1a3_00d4d444","updated":"2015-07-21 09:51:33.000000000","message":"Yes. We won\u0027t show logs directory for Tenant-Users.\n\nIt is the further processing for packet log\u0027s data before it would be showed to Tenant-Users. This is out-of-scope for this spec as mentioned at L39-L41.\n\nIn Next cycle, we have to consider following works:\n- How to collects logs and show to Tenant-Users.\n- What information will replace to show to Tenant-Users (ex. tap-xxxx , qr-xxxx \u003d\u003e port uuid or name)","commit_id":"3ddd8f19a1ed86932976c564465b2e6c9caade3b"},{"author":{"_account_id":9911,"name":"Wei Wang","email":"wangwei@unitedstack.com","username":"DamonWang"},"change_message_id":"04d2a4d03f4a26603c0c49eb354923a0c676dba6","unresolved":false,"context_lines":[{"line_number":110,"context_line":""},{"line_number":111,"context_line":"example log::"},{"line_number":112,"context_line":""},{"line_number":113,"context_line":"  [sg]:[i f0343833-ae61-48ee-98] IN\u003dqbr2fe19647-9a"},{"line_number":114,"context_line":"  OUT\u003dqbr2fe19647-9a PHYSIN\u003dqvb2fe19647-9a PHYSOUT\u003dtap2fe19647-9a"},{"line_number":115,"context_line":"  MAC\u003dff:ff:ff:ff:ff:ff:86:D4:00:35:23:66:08:00 SRC\u003d0.0.0.0"},{"line_number":116,"context_line":"  DST\u003d255.255.255.255 LEN\u003d328 TOS\u003d0x10 PREC\u003d0x00 TTL\u003d128 ID\u003d0"}],"source_content_type":"text/x-rst","patch_set":3,"id":"3a50d1a3_eda2004b","line":113,"in_reply_to":"3a50d1a3_408f3ccc","updated":"2015-07-21 16:19:22.000000000","message":"get it","commit_id":"3ddd8f19a1ed86932976c564465b2e6c9caade3b"},{"author":{"_account_id":9911,"name":"Wei Wang","email":"wangwei@unitedstack.com","username":"DamonWang"},"change_message_id":"7a2ee6d1680568747efc7f2c19bc6766af36868e","unresolved":false,"context_lines":[{"line_number":110,"context_line":""},{"line_number":111,"context_line":"example log::"},{"line_number":112,"context_line":""},{"line_number":113,"context_line":"  [sg]:[i f0343833-ae61-48ee-98] IN\u003dqbr2fe19647-9a"},{"line_number":114,"context_line":"  OUT\u003dqbr2fe19647-9a PHYSIN\u003dqvb2fe19647-9a PHYSOUT\u003dtap2fe19647-9a"},{"line_number":115,"context_line":"  MAC\u003dff:ff:ff:ff:ff:ff:86:D4:00:35:23:66:08:00 SRC\u003d0.0.0.0"},{"line_number":116,"context_line":"  DST\u003d255.255.255.255 LEN\u003d328 TOS\u003d0x10 PREC\u003d0x00 TTL\u003d128 ID\u003d0"}],"source_content_type":"text/x-rst","patch_set":3,"id":"3a50d1a3_00d4d444","line":113,"in_reply_to":"3a50d1a3_4f720f4b","updated":"2015-07-21 09:15:20.000000000","message":"I mean tenant users, or the end users.\n\nI see \"it is a necessary tool for both tenant users...\" in the above","commit_id":"3ddd8f19a1ed86932976c564465b2e6c9caade3b"},{"author":{"_account_id":15905,"name":"Cao Xuan Hoang","email":"xuanhoangqb@gmail.com","username":"hoangcx"},"change_message_id":"f36bcd6bcecb3add233b1a44a45a6239d1a8a47c","unresolved":false,"context_lines":[{"line_number":110,"context_line":""},{"line_number":111,"context_line":"example log::"},{"line_number":112,"context_line":""},{"line_number":113,"context_line":"  [sg]:[i f0343833-ae61-48ee-98] IN\u003dqbr2fe19647-9a"},{"line_number":114,"context_line":"  OUT\u003dqbr2fe19647-9a PHYSIN\u003dqvb2fe19647-9a PHYSOUT\u003dtap2fe19647-9a"},{"line_number":115,"context_line":"  MAC\u003dff:ff:ff:ff:ff:ff:86:D4:00:35:23:66:08:00 SRC\u003d0.0.0.0"},{"line_number":116,"context_line":"  DST\u003d255.255.255.255 LEN\u003d328 TOS\u003d0x10 PREC\u003d0x00 TTL\u003d128 ID\u003d0"}],"source_content_type":"text/x-rst","patch_set":3,"id":"3a50d1a3_4f720f4b","line":113,"in_reply_to":"3a50d1a3_ac09612e","updated":"2015-07-21 08:26:13.000000000","message":"What do you mean for \"consumer\"? Is it Tenant-Users or Operators?\nCould you please check the scope of this specification as above description?\n\nP/s: This is hoangcx. I am a contributor for this feature.","commit_id":"3ddd8f19a1ed86932976c564465b2e6c9caade3b"},{"author":{"_account_id":11682,"name":"Ryan Moats","email":"rmoats@us.ibm.com","username":"regXboi"},"change_message_id":"be94edbbceeb21b94e379114df55e6c8ce041104","unresolved":false,"context_lines":[{"line_number":21,"context_line":"would break the compatibility with the AWS Security-group. For the same reason,"},{"line_number":22,"context_line":"we should avoid changing the API/DB column in FWaaS."},{"line_number":23,"context_line":""},{"line_number":24,"context_line":"Hence, the common API that set logging configuration is necessary."},{"line_number":25,"context_line":""},{"line_number":26,"context_line":"Problem Description"},{"line_number":27,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"}],"source_content_type":"text/x-rst","patch_set":5,"id":"3a50d1a3_55340a49","line":24,"updated":"2015-07-24 13:55:56.000000000","message":"I think that Ls 20-24 are better situated in an alternative solution section","commit_id":"c8f068d35dad1ff49d3e55021b6b33689bb22027"},{"author":{"_account_id":13702,"name":"yushiro","username":"yushiro","inactive":true},"change_message_id":"7b1f78c68f3704e68394be27e5db2d7100d95287","unresolved":false,"context_lines":[{"line_number":21,"context_line":"would break the compatibility with the AWS Security-group. For the same reason,"},{"line_number":22,"context_line":"we should avoid changing the API/DB column in FWaaS."},{"line_number":23,"context_line":""},{"line_number":24,"context_line":"Hence, the common API that set logging configuration is necessary."},{"line_number":25,"context_line":""},{"line_number":26,"context_line":"Problem Description"},{"line_number":27,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"}],"source_content_type":"text/x-rst","patch_set":5,"id":"3a50d1a3_4142d43f","line":24,"in_reply_to":"3a50d1a3_55340a49","updated":"2015-07-27 10:06:42.000000000","message":"Done","commit_id":"c8f068d35dad1ff49d3e55021b6b33689bb22027"},{"author":{"_account_id":11682,"name":"Ryan Moats","email":"rmoats@us.ibm.com","username":"regXboi"},"change_message_id":"be94edbbceeb21b94e379114df55e6c8ce041104","unresolved":false,"context_lines":[{"line_number":26,"context_line":"Problem Description"},{"line_number":27,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":28,"context_line":""},{"line_number":29,"context_line":"Packet logging is currently a missing feature in Security-Group, and Firewall,"},{"line_number":30,"context_line":"and it is a necessary tool for both tenant users, and operators"},{"line_number":31,"context_line":"(including Cloud admins, developers etc)"},{"line_number":32,"context_line":""}],"source_content_type":"text/x-rst","patch_set":5,"id":"3a50d1a3_550baa7d","line":29,"updated":"2015-07-24 13:55:56.000000000","message":"nit: remove first comma and replace second comma with a period","commit_id":"c8f068d35dad1ff49d3e55021b6b33689bb22027"},{"author":{"_account_id":13702,"name":"yushiro","username":"yushiro","inactive":true},"change_message_id":"7b1f78c68f3704e68394be27e5db2d7100d95287","unresolved":false,"context_lines":[{"line_number":26,"context_line":"Problem Description"},{"line_number":27,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":28,"context_line":""},{"line_number":29,"context_line":"Packet logging is currently a missing feature in Security-Group, and Firewall,"},{"line_number":30,"context_line":"and it is a necessary tool for both tenant users, and operators"},{"line_number":31,"context_line":"(including Cloud admins, developers etc)"},{"line_number":32,"context_line":""}],"source_content_type":"text/x-rst","patch_set":5,"id":"3a50d1a3_613d90ba","line":29,"in_reply_to":"3a50d1a3_550baa7d","updated":"2015-07-27 10:06:42.000000000","message":"Done","commit_id":"c8f068d35dad1ff49d3e55021b6b33689bb22027"},{"author":{"_account_id":11682,"name":"Ryan Moats","email":"rmoats@us.ibm.com","username":"regXboi"},"change_message_id":"be94edbbceeb21b94e379114df55e6c8ce041104","unresolved":false,"context_lines":[{"line_number":27,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":28,"context_line":""},{"line_number":29,"context_line":"Packet logging is currently a missing feature in Security-Group, and Firewall,"},{"line_number":30,"context_line":"and it is a necessary tool for both tenant users, and operators"},{"line_number":31,"context_line":"(including Cloud admins, developers etc)"},{"line_number":32,"context_line":""},{"line_number":33,"context_line":"1. Operators need logs for trouble shooting."}],"source_content_type":"text/x-rst","patch_set":5,"id":"3a50d1a3_35237e07","line":30,"updated":"2015-07-24 13:55:56.000000000","message":"nit: s/and it/This","commit_id":"c8f068d35dad1ff49d3e55021b6b33689bb22027"},{"author":{"_account_id":13702,"name":"yushiro","username":"yushiro","inactive":true},"change_message_id":"7b1f78c68f3704e68394be27e5db2d7100d95287","unresolved":false,"context_lines":[{"line_number":27,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":28,"context_line":""},{"line_number":29,"context_line":"Packet logging is currently a missing feature in Security-Group, and Firewall,"},{"line_number":30,"context_line":"and it is a necessary tool for both tenant users, and operators"},{"line_number":31,"context_line":"(including Cloud admins, developers etc)"},{"line_number":32,"context_line":""},{"line_number":33,"context_line":"1. Operators need logs for trouble shooting."}],"source_content_type":"text/x-rst","patch_set":5,"id":"3a50d1a3_2147884c","line":30,"in_reply_to":"3a50d1a3_35237e07","updated":"2015-07-27 10:06:42.000000000","message":"Done","commit_id":"c8f068d35dad1ff49d3e55021b6b33689bb22027"},{"author":{"_account_id":11682,"name":"Ryan Moats","email":"rmoats@us.ibm.com","username":"regXboi"},"change_message_id":"be94edbbceeb21b94e379114df55e6c8ce041104","unresolved":false,"context_lines":[{"line_number":28,"context_line":""},{"line_number":29,"context_line":"Packet logging is currently a missing feature in Security-Group, and Firewall,"},{"line_number":30,"context_line":"and it is a necessary tool for both tenant users, and operators"},{"line_number":31,"context_line":"(including Cloud admins, developers etc)"},{"line_number":32,"context_line":""},{"line_number":33,"context_line":"1. Operators need logs for trouble shooting."},{"line_number":34,"context_line":""}],"source_content_type":"text/x-rst","patch_set":5,"id":"3a50d1a3_5582cac9","line":31,"updated":"2015-07-24 13:55:56.000000000","message":"nit: add \"to address the following use cases/scenarios:\"","commit_id":"c8f068d35dad1ff49d3e55021b6b33689bb22027"},{"author":{"_account_id":13702,"name":"yushiro","username":"yushiro","inactive":true},"change_message_id":"7b1f78c68f3704e68394be27e5db2d7100d95287","unresolved":false,"context_lines":[{"line_number":28,"context_line":""},{"line_number":29,"context_line":"Packet logging is currently a missing feature in Security-Group, and Firewall,"},{"line_number":30,"context_line":"and it is a necessary tool for both tenant users, and operators"},{"line_number":31,"context_line":"(including Cloud admins, developers etc)"},{"line_number":32,"context_line":""},{"line_number":33,"context_line":"1. Operators need logs for trouble shooting."},{"line_number":34,"context_line":""}],"source_content_type":"text/x-rst","patch_set":5,"id":"3a50d1a3_c174a49d","line":31,"in_reply_to":"3a50d1a3_5582cac9","updated":"2015-07-27 10:06:42.000000000","message":"Done","commit_id":"c8f068d35dad1ff49d3e55021b6b33689bb22027"},{"author":{"_account_id":11682,"name":"Ryan Moats","email":"rmoats@us.ibm.com","username":"regXboi"},"change_message_id":"be94edbbceeb21b94e379114df55e6c8ce041104","unresolved":false,"context_lines":[{"line_number":43,"context_line":"Proposed Change"},{"line_number":44,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":45,"context_line":"* This spec proposes to create new logging API for neutron resources."},{"line_number":46,"context_line":"  We will define a new resource named \"packet_logging\" (on the table)."},{"line_number":47,"context_line":""},{"line_number":48,"context_line":"* Adding logging API that outputs log data into logfile other than syslog"},{"line_number":49,"context_line":"  in each Compute Node or Network Node using iptables\u0027s log function."}],"source_content_type":"text/x-rst","patch_set":5,"id":"3a50d1a3_55b5ea7b","line":46,"updated":"2015-07-24 13:55:56.000000000","message":"nit: \"(on the table)\" is dangling?  what does it refer to?","commit_id":"c8f068d35dad1ff49d3e55021b6b33689bb22027"},{"author":{"_account_id":13702,"name":"yushiro","username":"yushiro","inactive":true},"change_message_id":"7b1f78c68f3704e68394be27e5db2d7100d95287","unresolved":false,"context_lines":[{"line_number":43,"context_line":"Proposed Change"},{"line_number":44,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":45,"context_line":"* This spec proposes to create new logging API for neutron resources."},{"line_number":46,"context_line":"  We will define a new resource named \"packet_logging\" (on the table)."},{"line_number":47,"context_line":""},{"line_number":48,"context_line":"* Adding logging API that outputs log data into logfile other than syslog"},{"line_number":49,"context_line":"  in each Compute Node or Network Node using iptables\u0027s log function."}],"source_content_type":"text/x-rst","patch_set":5,"id":"3a50d1a3_e177609d","line":46,"in_reply_to":"3a50d1a3_55b5ea7b","updated":"2015-07-27 10:06:42.000000000","message":"Done","commit_id":"c8f068d35dad1ff49d3e55021b6b33689bb22027"},{"author":{"_account_id":11682,"name":"Ryan Moats","email":"rmoats@us.ibm.com","username":"regXboi"},"change_message_id":"be94edbbceeb21b94e379114df55e6c8ce041104","unresolved":false,"context_lines":[{"line_number":49,"context_line":"  in each Compute Node or Network Node using iptables\u0027s log function."},{"line_number":50,"context_line":""},{"line_number":51,"context_line":"    * ex. /var/log/neutron/security-group/security-group.log"},{"line_number":52,"context_line":"    *     /var/log/neutron/firewall/firewall.log"},{"line_number":53,"context_line":""},{"line_number":54,"context_line":"* The output logs will be limited on the number of files and wrap up the logs"},{"line_number":55,"context_line":"  if the max is reached by using log rotate Linux feature."}],"source_content_type":"text/x-rst","patch_set":5,"id":"3a50d1a3_07c17980","line":52,"updated":"2015-07-24 13:55:56.000000000","message":"What if I want to log to somewhere other than /var/log/neutron?","commit_id":"c8f068d35dad1ff49d3e55021b6b33689bb22027"},{"author":{"_account_id":13702,"name":"yushiro","username":"yushiro","inactive":true},"change_message_id":"7b1f78c68f3704e68394be27e5db2d7100d95287","unresolved":false,"context_lines":[{"line_number":49,"context_line":"  in each Compute Node or Network Node using iptables\u0027s log function."},{"line_number":50,"context_line":""},{"line_number":51,"context_line":"    * ex. /var/log/neutron/security-group/security-group.log"},{"line_number":52,"context_line":"    *     /var/log/neutron/firewall/firewall.log"},{"line_number":53,"context_line":""},{"line_number":54,"context_line":"* The output logs will be limited on the number of files and wrap up the logs"},{"line_number":55,"context_line":"  if the max is reached by using log rotate Linux feature."}],"source_content_type":"text/x-rst","patch_set":5,"id":"3a50d1a3_817c5c73","line":52,"in_reply_to":"3a50d1a3_07c17980","updated":"2015-07-27 10:06:42.000000000","message":"We will add the following attributes into REST API:\n\n* \"destination\" : This attribute will use for specifying where log file will be stored. \n                  ex: 10.164.176.133:154 with log file named by \"service_type+UUID\".log\n                  If we don\u0027t specify, log file will be stored in localhost.\n\nWe\u0027ll transfer the logfile to dedicated server by using rsyslog feature.","commit_id":"c8f068d35dad1ff49d3e55021b6b33689bb22027"},{"author":{"_account_id":11682,"name":"Ryan Moats","email":"rmoats@us.ibm.com","username":"regXboi"},"change_message_id":"be94edbbceeb21b94e379114df55e6c8ce041104","unresolved":false,"context_lines":[{"line_number":52,"context_line":"    *     /var/log/neutron/firewall/firewall.log"},{"line_number":53,"context_line":""},{"line_number":54,"context_line":"* The output logs will be limited on the number of files and wrap up the logs"},{"line_number":55,"context_line":"  if the max is reached by using log rotate Linux feature."},{"line_number":56,"context_line":""},{"line_number":57,"context_line":"* Only operators can enable/disable logging"},{"line_number":58,"context_line":""}],"source_content_type":"text/x-rst","patch_set":5,"id":"3a50d1a3_0710994d","line":55,"updated":"2015-07-24 13:55:56.000000000","message":"For log rotation, how are the number and size of files set via the API?","commit_id":"c8f068d35dad1ff49d3e55021b6b33689bb22027"},{"author":{"_account_id":13702,"name":"yushiro","username":"yushiro","inactive":true},"change_message_id":"7b1f78c68f3704e68394be27e5db2d7100d95287","unresolved":false,"context_lines":[{"line_number":52,"context_line":"    *     /var/log/neutron/firewall/firewall.log"},{"line_number":53,"context_line":""},{"line_number":54,"context_line":"* The output logs will be limited on the number of files and wrap up the logs"},{"line_number":55,"context_line":"  if the max is reached by using log rotate Linux feature."},{"line_number":56,"context_line":""},{"line_number":57,"context_line":"* Only operators can enable/disable logging"},{"line_number":58,"context_line":""}],"source_content_type":"text/x-rst","patch_set":5,"id":"3a50d1a3_e108c0db","line":55,"in_reply_to":"3a50d1a3_0710994d","updated":"2015-07-27 10:06:42.000000000","message":"We\u0027ll change the implementation from log rotate to rsyslog.\n\nWe\u0027ll transfer the log file to dedicated server by using rsyslog feature.\n\nWe don\u0027t need to care about the size of log file issue.","commit_id":"c8f068d35dad1ff49d3e55021b6b33689bb22027"},{"author":{"_account_id":11682,"name":"Ryan Moats","email":"rmoats@us.ibm.com","username":"regXboi"},"change_message_id":"be94edbbceeb21b94e379114df55e6c8ce041104","unresolved":false,"context_lines":[{"line_number":54,"context_line":"* The output logs will be limited on the number of files and wrap up the logs"},{"line_number":55,"context_line":"  if the max is reached by using log rotate Linux feature."},{"line_number":56,"context_line":""},{"line_number":57,"context_line":"* Only operators can enable/disable logging"},{"line_number":58,"context_line":""},{"line_number":59,"context_line":"* The logging feature is disabled by default, and it can be enabled by"},{"line_number":60,"context_line":"  something like this."}],"source_content_type":"text/x-rst","patch_set":5,"id":"3a50d1a3_355b7e56","line":57,"updated":"2015-07-24 13:55:56.000000000","message":"If we have a tenant user use case, then don\u0027t we need a way for tenant users to use it?  If not, then remove the whole tenant user use case above.","commit_id":"c8f068d35dad1ff49d3e55021b6b33689bb22027"},{"author":{"_account_id":13702,"name":"yushiro","username":"yushiro","inactive":true},"change_message_id":"7b1f78c68f3704e68394be27e5db2d7100d95287","unresolved":false,"context_lines":[{"line_number":54,"context_line":"* The output logs will be limited on the number of files and wrap up the logs"},{"line_number":55,"context_line":"  if the max is reached by using log rotate Linux feature."},{"line_number":56,"context_line":""},{"line_number":57,"context_line":"* Only operators can enable/disable logging"},{"line_number":58,"context_line":""},{"line_number":59,"context_line":"* The logging feature is disabled by default, and it can be enabled by"},{"line_number":60,"context_line":"  something like this."}],"source_content_type":"text/x-rst","patch_set":5,"id":"3a50d1a3_61ca7070","line":57,"in_reply_to":"3a50d1a3_355b7e56","updated":"2015-07-27 10:06:42.000000000","message":"Tenant-user\u0027s use-case is necessary at Next cycle.\n\nTherefore, I\u0027d like to keep those description.","commit_id":"c8f068d35dad1ff49d3e55021b6b33689bb22027"},{"author":{"_account_id":105,"name":"Kyle Mestery","email":"mestery@mestery.com","username":"mestery"},"change_message_id":"4e55d27bd0f9959b48706e23f2788d42829325df","unresolved":false,"context_lines":[{"line_number":180,"context_line":"+--------------------+----------------------------------------+----------------------+"},{"line_number":181,"context_line":"|Object              |URI                                     |Type                  |"},{"line_number":182,"context_line":"+\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d+\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d+\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d+"},{"line_number":183,"context_line":"|packet-logging      |/packet-loggings                        |POST                  |"},{"line_number":184,"context_line":"+--------------------+----------------------------------------+----------------------+"},{"line_number":185,"context_line":"|packet-logging      |/packet-loggings                        |GET                   |"},{"line_number":186,"context_line":"+--------------------+----------------------------------------+----------------------+"}],"source_content_type":"text/x-rst","patch_set":5,"id":"3a50d1a3_b52f8ef5","line":183,"updated":"2015-07-24 13:47:52.000000000","message":"The URI \"/packet-loggings\" just seems wrong. I think \"/packet-logging\" (singular) would be better.","commit_id":"c8f068d35dad1ff49d3e55021b6b33689bb22027"},{"author":{"_account_id":13702,"name":"yushiro","username":"yushiro","inactive":true},"change_message_id":"7b1f78c68f3704e68394be27e5db2d7100d95287","unresolved":false,"context_lines":[{"line_number":180,"context_line":"+--------------------+----------------------------------------+----------------------+"},{"line_number":181,"context_line":"|Object              |URI                                     |Type                  |"},{"line_number":182,"context_line":"+\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d+\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d+\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d+"},{"line_number":183,"context_line":"|packet-logging      |/packet-loggings                        |POST                  |"},{"line_number":184,"context_line":"+--------------------+----------------------------------------+----------------------+"},{"line_number":185,"context_line":"|packet-logging      |/packet-loggings                        |GET                   |"},{"line_number":186,"context_line":"+--------------------+----------------------------------------+----------------------+"}],"source_content_type":"text/x-rst","patch_set":5,"id":"3a50d1a3_41273412","line":183,"in_reply_to":"3a50d1a3_b52f8ef5","updated":"2015-07-27 10:06:42.000000000","message":"In my opinion, URI framework must be specify plural case.\n\nhttp://developer.openstack.org/api-ref-networking-v2-ext.html \u003chttp://developer.openstack.org/api-ref-networking-v2-ext.html\u003e","commit_id":"c8f068d35dad1ff49d3e55021b6b33689bb22027"},{"author":{"_account_id":11682,"name":"Ryan Moats","email":"rmoats@us.ibm.com","username":"regXboi"},"change_message_id":"4820b71c2248ef7ae6f6cbe39dbf9a59a8166808","unresolved":false,"context_lines":[{"line_number":21,"context_line":"would break the compatibility with the AWS Security-group [1]. For the same reason,"},{"line_number":22,"context_line":"we should avoid changing the API/DB column in FWaaS [2]."},{"line_number":23,"context_line":""},{"line_number":24,"context_line":"Hence, the common API that set logging configuration is necessary."},{"line_number":25,"context_line":""},{"line_number":26,"context_line":"Problem Description"},{"line_number":27,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"}],"source_content_type":"text/x-rst","patch_set":6,"id":"3a50d1a3_38ca526f","line":24,"updated":"2015-07-27 12:41:36.000000000","message":"This isn\u0027t quite what I had in mind.  I was envisioning moving L\u0027s 20-24 down to L 326.","commit_id":"a5c6753f242b660303994a401abee1fa33379e8c"},{"author":{"_account_id":13702,"name":"yushiro","username":"yushiro","inactive":true},"change_message_id":"75d3da7c0a8e00c95304364d32a85d265dd4bcab","unresolved":false,"context_lines":[{"line_number":21,"context_line":"would break the compatibility with the AWS Security-group [1]. For the same reason,"},{"line_number":22,"context_line":"we should avoid changing the API/DB column in FWaaS [2]."},{"line_number":23,"context_line":""},{"line_number":24,"context_line":"Hence, the common API that set logging configuration is necessary."},{"line_number":25,"context_line":""},{"line_number":26,"context_line":"Problem Description"},{"line_number":27,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"}],"source_content_type":"text/x-rst","patch_set":6,"id":"3a50d1a3_6737b94d","line":24,"in_reply_to":"3a50d1a3_38ca526f","updated":"2015-07-28 01:27:31.000000000","message":"Oh, I\u0027m sorry. I misunderstood.  I\u0027ll move them into L.326.","commit_id":"a5c6753f242b660303994a401abee1fa33379e8c"},{"author":{"_account_id":11682,"name":"Ryan Moats","email":"rmoats@us.ibm.com","username":"regXboi"},"change_message_id":"4820b71c2248ef7ae6f6cbe39dbf9a59a8166808","unresolved":false,"context_lines":[{"line_number":27,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":28,"context_line":""},{"line_number":29,"context_line":"Packet logging is currently a missing feature in Security-Group and Firewall."},{"line_number":30,"context_line":"And this is a necessary tool for both tenant users and operators"},{"line_number":31,"context_line":"(including Cloud admins, developers etc) to address the following use cases/scenarios:"},{"line_number":32,"context_line":""},{"line_number":33,"context_line":"1. Operators need logs for trouble shooting."}],"source_content_type":"text/x-rst","patch_set":6,"id":"3a50d1a3_789c5a5d","line":30,"updated":"2015-07-27 12:41:36.000000000","message":"Nit: You still have the leading And - just start the sentence with \"This\"","commit_id":"a5c6753f242b660303994a401abee1fa33379e8c"},{"author":{"_account_id":13702,"name":"yushiro","username":"yushiro","inactive":true},"change_message_id":"75d3da7c0a8e00c95304364d32a85d265dd4bcab","unresolved":false,"context_lines":[{"line_number":27,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":28,"context_line":""},{"line_number":29,"context_line":"Packet logging is currently a missing feature in Security-Group and Firewall."},{"line_number":30,"context_line":"And this is a necessary tool for both tenant users and operators"},{"line_number":31,"context_line":"(including Cloud admins, developers etc) to address the following use cases/scenarios:"},{"line_number":32,"context_line":""},{"line_number":33,"context_line":"1. Operators need logs for trouble shooting."}],"source_content_type":"text/x-rst","patch_set":6,"id":"3a50d1a3_072835e1","line":30,"in_reply_to":"3a50d1a3_789c5a5d","updated":"2015-07-28 01:27:31.000000000","message":"Done","commit_id":"a5c6753f242b660303994a401abee1fa33379e8c"},{"author":{"_account_id":11682,"name":"Ryan Moats","email":"rmoats@us.ibm.com","username":"regXboi"},"change_message_id":"4820b71c2248ef7ae6f6cbe39dbf9a59a8166808","unresolved":false,"context_lines":[{"line_number":49,"context_line":"  and then transfer it to destination/remote node which support rsyslog server."},{"line_number":50,"context_line":""},{"line_number":51,"context_line":"* Only operators (or Cloud admins, developers etc) with \"admin\" role can enable/disable logging."},{"line_number":52,"context_line":"    * We will support for tenant user use cases in the near future."},{"line_number":53,"context_line":""},{"line_number":54,"context_line":"* The logging feature is disabled by default, and it can be enabled by"},{"line_number":55,"context_line":"  something like this."}],"source_content_type":"text/x-rst","patch_set":6,"id":"3a50d1a3_53929fa0","line":52,"updated":"2015-07-27 12:41:36.000000000","message":"(Continuing the discussion from PS5)\n\nI don\u0027t believe depending on rsyslog is a magic bullet.  We can (and should) certainly support it, but I think supporting logrotate is also necessary.  This makes me wonder why oslo.log doesn\u0027t appear to include such considerations.","commit_id":"a5c6753f242b660303994a401abee1fa33379e8c"},{"author":{"_account_id":13702,"name":"yushiro","username":"yushiro","inactive":true},"change_message_id":"1958b3d43a7227d11aaa56b9e9159838ca182d79","unresolved":false,"context_lines":[{"line_number":49,"context_line":"  and then transfer it to destination/remote node which support rsyslog server."},{"line_number":50,"context_line":""},{"line_number":51,"context_line":"* Only operators (or Cloud admins, developers etc) with \"admin\" role can enable/disable logging."},{"line_number":52,"context_line":"    * We will support for tenant user use cases in the near future."},{"line_number":53,"context_line":""},{"line_number":54,"context_line":"* The logging feature is disabled by default, and it can be enabled by"},{"line_number":55,"context_line":"  something like this."}],"source_content_type":"text/x-rst","patch_set":6,"id":"3a50d1a3_1ab62e3e","line":52,"in_reply_to":"3a50d1a3_2a315f5a","updated":"2015-07-28 13:45:28.000000000","message":"You\u0027re right. I\u0027m sorry I didn\u0027t describe \u0027logrotate\u0027 feature in this spec.\n\nI\u0027m going to use logrotate feature as following draft implementation:\nhttps://review.openstack.org/#/c/204481/2/etc/logrotate.d/iptables\n\nWhen installing neutron server, the operator can set up the  logrotate configuration.\n\nI\u0027ll describe about logrotate feature into this spec.","commit_id":"a5c6753f242b660303994a401abee1fa33379e8c"},{"author":{"_account_id":13702,"name":"yushiro","username":"yushiro","inactive":true},"change_message_id":"75d3da7c0a8e00c95304364d32a85d265dd4bcab","unresolved":false,"context_lines":[{"line_number":49,"context_line":"  and then transfer it to destination/remote node which support rsyslog server."},{"line_number":50,"context_line":""},{"line_number":51,"context_line":"* Only operators (or Cloud admins, developers etc) with \"admin\" role can enable/disable logging."},{"line_number":52,"context_line":"    * We will support for tenant user use cases in the near future."},{"line_number":53,"context_line":""},{"line_number":54,"context_line":"* The logging feature is disabled by default, and it can be enabled by"},{"line_number":55,"context_line":"  something like this."}],"source_content_type":"text/x-rst","patch_set":6,"id":"3a50d1a3_825f53e4","line":52,"in_reply_to":"3a50d1a3_53929fa0","updated":"2015-07-28 01:27:31.000000000","message":"You mean logrotate target is the log which is transferred to dedicated server or in case of storing at localhost?\n\nIn current implementation, when the log file stored at localhost (not specify --destination option), logrotate will run.","commit_id":"a5c6753f242b660303994a401abee1fa33379e8c"},{"author":{"_account_id":11682,"name":"Ryan Moats","email":"rmoats@us.ibm.com","username":"regXboi"},"change_message_id":"ae081e7476f6e4fa94554d95f9b589da88888cda","unresolved":false,"context_lines":[{"line_number":49,"context_line":"  and then transfer it to destination/remote node which support rsyslog server."},{"line_number":50,"context_line":""},{"line_number":51,"context_line":"* Only operators (or Cloud admins, developers etc) with \"admin\" role can enable/disable logging."},{"line_number":52,"context_line":"    * We will support for tenant user use cases in the near future."},{"line_number":53,"context_line":""},{"line_number":54,"context_line":"* The logging feature is disabled by default, and it can be enabled by"},{"line_number":55,"context_line":"  something like this."}],"source_content_type":"text/x-rst","patch_set":6,"id":"3a50d1a3_2a315f5a","line":52,"in_reply_to":"3a50d1a3_825f53e4","updated":"2015-07-28 13:00:48.000000000","message":"Since I don\u0027t see logrotate mentioned in the document, that\u0027s a hidden assumption that should be called out","commit_id":"a5c6753f242b660303994a401abee1fa33379e8c"},{"author":{"_account_id":11682,"name":"Ryan Moats","email":"rmoats@us.ibm.com","username":"regXboi"},"change_message_id":"4820b71c2248ef7ae6f6cbe39dbf9a59a8166808","unresolved":false,"context_lines":[{"line_number":130,"context_line":"| log_level       | string  |  N/A           | CRD   |Log levels                         |"},{"line_number":131,"context_line":"+-----------------+---------+----------------+-------+-----------------------------------+"},{"line_number":132,"context_line":"| destination     | string  |  N/A           | CRD   |Specify where (which node) log     |"},{"line_number":133,"context_line":"|                 |         |                |       |file will be stored.               |"},{"line_number":134,"context_line":"+-----------------+---------+----------------+-------+-----------------------------------+"},{"line_number":135,"context_line":""},{"line_number":136,"context_line":"Note: --log_level can be \u0027info\u0027, \u0027warn\u0027, \u0027error\u0027, \u0027debug\u0027 or \u0027notice\u0027 for \u0027sg\u0027 and \u0027sg-rule\u0027 service type."}],"source_content_type":"text/x-rst","patch_set":6,"id":"3a50d1a3_b3d0c354","line":133,"updated":"2015-07-27 12:41:36.000000000","message":"based on my above comment, I\u0027m leaning towards destination needs to be a URL.","commit_id":"a5c6753f242b660303994a401abee1fa33379e8c"},{"author":{"_account_id":13702,"name":"yushiro","username":"yushiro","inactive":true},"change_message_id":"75d3da7c0a8e00c95304364d32a85d265dd4bcab","unresolved":false,"context_lines":[{"line_number":130,"context_line":"| log_level       | string  |  N/A           | CRD   |Log levels                         |"},{"line_number":131,"context_line":"+-----------------+---------+----------------+-------+-----------------------------------+"},{"line_number":132,"context_line":"| destination     | string  |  N/A           | CRD   |Specify where (which node) log     |"},{"line_number":133,"context_line":"|                 |         |                |       |file will be stored.               |"},{"line_number":134,"context_line":"+-----------------+---------+----------------+-------+-----------------------------------+"},{"line_number":135,"context_line":""},{"line_number":136,"context_line":"Note: --log_level can be \u0027info\u0027, \u0027warn\u0027, \u0027error\u0027, \u0027debug\u0027 or \u0027notice\u0027 for \u0027sg\u0027 and \u0027sg-rule\u0027 service type."}],"source_content_type":"text/x-rst","patch_set":6,"id":"3a50d1a3_22e67f15","line":133,"in_reply_to":"3a50d1a3_b3d0c354","updated":"2015-07-28 01:27:31.000000000","message":"That\u0027s good.  I\u0027ll check up :-)","commit_id":"a5c6753f242b660303994a401abee1fa33379e8c"},{"author":{"_account_id":11682,"name":"Ryan Moats","email":"rmoats@us.ibm.com","username":"regXboi"},"change_message_id":"4820b71c2248ef7ae6f6cbe39dbf9a59a8166808","unresolved":false,"context_lines":[{"line_number":185,"context_line":"+--------------------+----------------------------------------+----------------------+"},{"line_number":186,"context_line":"|Object              |URI                                     |Type                  |"},{"line_number":187,"context_line":"+\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d+\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d+\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d+"},{"line_number":188,"context_line":"|packet-logging      |/packet-loggings                        |POST                  |"},{"line_number":189,"context_line":"+--------------------+----------------------------------------+----------------------+"},{"line_number":190,"context_line":"|packet-logging      |/packet-loggings                        |GET                   |"},{"line_number":191,"context_line":"+--------------------+----------------------------------------+----------------------+"}],"source_content_type":"text/x-rst","patch_set":6,"id":"3a50d1a3_13c4175d","line":188,"updated":"2015-07-27 12:41:36.000000000","message":"Needing this to be plural is preferred, but pluralizing a gerund isn\u0027t. \nI suggest \"packet-loggers\" as a collective that reads a little better.","commit_id":"a5c6753f242b660303994a401abee1fa33379e8c"},{"author":{"_account_id":13702,"name":"yushiro","username":"yushiro","inactive":true},"change_message_id":"75d3da7c0a8e00c95304364d32a85d265dd4bcab","unresolved":false,"context_lines":[{"line_number":185,"context_line":"+--------------------+----------------------------------------+----------------------+"},{"line_number":186,"context_line":"|Object              |URI                                     |Type                  |"},{"line_number":187,"context_line":"+\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d+\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d+\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d+"},{"line_number":188,"context_line":"|packet-logging      |/packet-loggings                        |POST                  |"},{"line_number":189,"context_line":"+--------------------+----------------------------------------+----------------------+"},{"line_number":190,"context_line":"|packet-logging      |/packet-loggings                        |GET                   |"},{"line_number":191,"context_line":"+--------------------+----------------------------------------+----------------------+"}],"source_content_type":"text/x-rst","patch_set":6,"id":"3a50d1a3_42e4ebde","line":188,"in_reply_to":"3a50d1a3_13c4175d","updated":"2015-07-28 01:27:31.000000000","message":"Thank you for your advice :-)\n\nI\u0027ll change this name.","commit_id":"a5c6753f242b660303994a401abee1fa33379e8c"},{"author":{"_account_id":4656,"name":"Sean M. Collins","email":"sean@coreitpro.com","username":"scollins"},"change_message_id":"21e32629ea218e71e032523bd06228bedbbe904c","unresolved":false,"context_lines":[{"line_number":124,"context_line":"| log_level       | string  |  N/A           | CRD   |Log levels                         |"},{"line_number":125,"context_line":"+-----------------+---------+----------------+-------+-----------------------------------+"},{"line_number":126,"context_line":"| destination     | string  |  N/A           | CRD   |Specify where (which node) log     |"},{"line_number":127,"context_line":"|                 |         |                |       |file will be stored.               |"},{"line_number":128,"context_line":"+-----------------+---------+----------------+-------+-----------------------------------+"},{"line_number":129,"context_line":""},{"line_number":130,"context_line":"Note: --log_level can be \u0027info\u0027, \u0027warn\u0027, \u0027error\u0027, \u0027debug\u0027 or \u0027notice\u0027 for \u0027sg-rule\u0027 service type."}],"source_content_type":"text/x-rst","patch_set":7,"id":"3a50d1a3_7173cc4e","line":127,"updated":"2015-07-28 17:04:42.000000000","message":"I would improve the description to say \"Specify how the logged packets will be stored\" - because even saying \"specify where (which node) log _file_\" is an implementation detail, and we could have multiple backends for storing this data.","commit_id":"b5a18c902c5748a9bbd07eb58daae9295224c8f2"},{"author":{"_account_id":13702,"name":"yushiro","username":"yushiro","inactive":true},"change_message_id":"f20601ccdfc6b28f4e31be26d42e3a8c117647c7","unresolved":false,"context_lines":[{"line_number":124,"context_line":"| log_level       | string  |  N/A           | CRD   |Log levels                         |"},{"line_number":125,"context_line":"+-----------------+---------+----------------+-------+-----------------------------------+"},{"line_number":126,"context_line":"| destination     | string  |  N/A           | CRD   |Specify where (which node) log     |"},{"line_number":127,"context_line":"|                 |         |                |       |file will be stored.               |"},{"line_number":128,"context_line":"+-----------------+---------+----------------+-------+-----------------------------------+"},{"line_number":129,"context_line":""},{"line_number":130,"context_line":"Note: --log_level can be \u0027info\u0027, \u0027warn\u0027, \u0027error\u0027, \u0027debug\u0027 or \u0027notice\u0027 for \u0027sg-rule\u0027 service type."}],"source_content_type":"text/x-rst","patch_set":7,"id":"3a50d1a3_7f65b942","line":127,"in_reply_to":"3a50d1a3_7173cc4e","updated":"2015-07-29 07:35:25.000000000","message":"Thank you for your comment, Sean.\n\nI agree with you. I\u0027ll change it.","commit_id":"b5a18c902c5748a9bbd07eb58daae9295224c8f2"},{"author":{"_account_id":11682,"name":"Ryan Moats","email":"rmoats@us.ibm.com","username":"regXboi"},"change_message_id":"723aebcac4c30c57932d1da11c47fc3ed663c71b","unresolved":false,"context_lines":[{"line_number":44,"context_line":""},{"line_number":45,"context_line":"    * We will also support logrotate feature in case of storing the logs"},{"line_number":46,"context_line":"      at own host. We will use Log rotate in Linux feature."},{"line_number":47,"context_line":"    * Operators can setup log rotate configuration when installing neutron environment."},{"line_number":48,"context_line":""},{"line_number":49,"context_line":"* Only operators (or Cloud admins, developers etc) with \"admin\" role can enable/disable logging."},{"line_number":50,"context_line":"    * We will support for tenant user use cases in the near future."}],"source_content_type":"text/x-rst","patch_set":8,"id":"3a50d1a3_7ce375a4","line":47,"updated":"2015-07-29 13:51:13.000000000","message":"nit: iiuc, the sub-bullet list needs to align with the indentation of the upper bullet list - that means the above need to be moved two spaces left (this also applies to L50 and Ls55 and 56 below)\n\nbigger issue: what about other operating systems?","commit_id":"e0cd0247ba61fb7537eb53634300e488c05ebdf5"},{"author":{"_account_id":15905,"name":"Cao Xuan Hoang","email":"xuanhoangqb@gmail.com","username":"hoangcx"},"change_message_id":"adb09ac7b4b98d670a47d1785258ebd80402e019","unresolved":false,"context_lines":[{"line_number":44,"context_line":""},{"line_number":45,"context_line":"    * We will also support logrotate feature in case of storing the logs"},{"line_number":46,"context_line":"      at own host. We will use Log rotate in Linux feature."},{"line_number":47,"context_line":"    * Operators can setup log rotate configuration when installing neutron environment."},{"line_number":48,"context_line":""},{"line_number":49,"context_line":"* Only operators (or Cloud admins, developers etc) with \"admin\" role can enable/disable logging."},{"line_number":50,"context_line":"    * We will support for tenant user use cases in the near future."}],"source_content_type":"text/x-rst","patch_set":8,"id":"3a50d1a3_cbe981b9","line":47,"in_reply_to":"3a50d1a3_7ce375a4","updated":"2015-07-30 01:12:44.000000000","message":"Thanks for your comments. I will update it.\n\nI think OpenStack can not run on other OSs for currently.\nTherefore, we don\u0027t have to care about this or at least at this time.","commit_id":"e0cd0247ba61fb7537eb53634300e488c05ebdf5"},{"author":{"_account_id":11682,"name":"Ryan Moats","email":"rmoats@us.ibm.com","username":"regXboi"},"change_message_id":"723aebcac4c30c57932d1da11c47fc3ed663c71b","unresolved":false,"context_lines":[{"line_number":47,"context_line":"    * Operators can setup log rotate configuration when installing neutron environment."},{"line_number":48,"context_line":""},{"line_number":49,"context_line":"* Only operators (or Cloud admins, developers etc) with \"admin\" role can enable/disable logging."},{"line_number":50,"context_line":"    * We will support for tenant user use cases in the near future."},{"line_number":51,"context_line":""},{"line_number":52,"context_line":"* The logging feature is disabled by default, and it can be enabled by"},{"line_number":53,"context_line":"  something like this."}],"source_content_type":"text/x-rst","patch_set":8,"id":"3a50d1a3_9ca3e142","line":50,"updated":"2015-07-29 13:51:13.000000000","message":"nit: iiuc, the sub-bullet list needs a blank line between the upper level bullet list and itself, so please add blank line between Ls49 and 50","commit_id":"e0cd0247ba61fb7537eb53634300e488c05ebdf5"},{"author":{"_account_id":15905,"name":"Cao Xuan Hoang","email":"xuanhoangqb@gmail.com","username":"hoangcx"},"change_message_id":"adb09ac7b4b98d670a47d1785258ebd80402e019","unresolved":false,"context_lines":[{"line_number":47,"context_line":"    * Operators can setup log rotate configuration when installing neutron environment."},{"line_number":48,"context_line":""},{"line_number":49,"context_line":"* Only operators (or Cloud admins, developers etc) with \"admin\" role can enable/disable logging."},{"line_number":50,"context_line":"    * We will support for tenant user use cases in the near future."},{"line_number":51,"context_line":""},{"line_number":52,"context_line":"* The logging feature is disabled by default, and it can be enabled by"},{"line_number":53,"context_line":"  something like this."}],"source_content_type":"text/x-rst","patch_set":8,"id":"3a50d1a3_2bd90523","line":50,"in_reply_to":"3a50d1a3_9ca3e142","updated":"2015-07-30 01:12:44.000000000","message":"Done","commit_id":"e0cd0247ba61fb7537eb53634300e488c05ebdf5"},{"author":{"_account_id":11682,"name":"Ryan Moats","email":"rmoats@us.ibm.com","username":"regXboi"},"change_message_id":"c67a38b3f6d8d3c6c7dc694741c43235c1075790","unresolved":false,"context_lines":[{"line_number":10,"context_line":""},{"line_number":11,"context_line":"https://bugs.launchpad.net/neutron/+bug/1468366"},{"line_number":12,"context_line":""},{"line_number":13,"context_line":"We would like to implement a packet logging API for neutron resources"},{"line_number":14,"context_line":"in order to make the trouble shooting process easier for operators"},{"line_number":15,"context_line":"(or Cloud admins, developers etc)."},{"line_number":16,"context_line":""}],"source_content_type":"text/x-rst","patch_set":9,"id":"3a50d1a3_66b36d4e","line":13,"updated":"2015-07-31 15:15:56.000000000","message":"please replace \"resources\" with \"firewall and security group rules\"","commit_id":"b7d21ef47ef410af7c5924254bd5d559fe971acd"},{"author":{"_account_id":15905,"name":"Cao Xuan Hoang","email":"xuanhoangqb@gmail.com","username":"hoangcx"},"change_message_id":"03ae4a608cb0ecc6146dfc1385fe98480beaee65","unresolved":false,"context_lines":[{"line_number":10,"context_line":""},{"line_number":11,"context_line":"https://bugs.launchpad.net/neutron/+bug/1468366"},{"line_number":12,"context_line":""},{"line_number":13,"context_line":"We would like to implement a packet logging API for neutron resources"},{"line_number":14,"context_line":"in order to make the trouble shooting process easier for operators"},{"line_number":15,"context_line":"(or Cloud admins, developers etc)."},{"line_number":16,"context_line":""}],"source_content_type":"text/x-rst","patch_set":9,"id":"3a50d1a3_643d708d","line":13,"in_reply_to":"3a50d1a3_66b36d4e","updated":"2015-08-03 08:07:05.000000000","message":"Our long term target is not only for firewall, security group rules but also for other neutron resources like VPN...\n\nSo i think we may keep this description in this section.","commit_id":"b7d21ef47ef410af7c5924254bd5d559fe971acd"},{"author":{"_account_id":11682,"name":"Ryan Moats","email":"rmoats@us.ibm.com","username":"regXboi"},"change_message_id":"c67a38b3f6d8d3c6c7dc694741c43235c1075790","unresolved":false,"context_lines":[{"line_number":36,"context_line":""},{"line_number":37,"context_line":"Proposed Change"},{"line_number":38,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":39,"context_line":"* This spec proposes to create new logging API for neutron resources."},{"line_number":40,"context_line":"  We will define a new resource named \"packet_logger\" (on the \"packet-logger\" table below)."},{"line_number":41,"context_line":""},{"line_number":42,"context_line":"* Adding logging API that outputs log data into logfile other than syslog"}],"source_content_type":"text/x-rst","patch_set":9,"id":"3a50d1a3_86aeb9e5","line":39,"updated":"2015-07-31 15:15:56.000000000","message":"please replace \"resources\" with \"firewall and security group rules\"","commit_id":"b7d21ef47ef410af7c5924254bd5d559fe971acd"},{"author":{"_account_id":15905,"name":"Cao Xuan Hoang","email":"xuanhoangqb@gmail.com","username":"hoangcx"},"change_message_id":"03ae4a608cb0ecc6146dfc1385fe98480beaee65","unresolved":false,"context_lines":[{"line_number":36,"context_line":""},{"line_number":37,"context_line":"Proposed Change"},{"line_number":38,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":39,"context_line":"* This spec proposes to create new logging API for neutron resources."},{"line_number":40,"context_line":"  We will define a new resource named \"packet_logger\" (on the \"packet-logger\" table below)."},{"line_number":41,"context_line":""},{"line_number":42,"context_line":"* Adding logging API that outputs log data into logfile other than syslog"}],"source_content_type":"text/x-rst","patch_set":9,"id":"3a50d1a3_e468a08a","line":39,"in_reply_to":"3a50d1a3_86aeb9e5","updated":"2015-08-03 08:07:05.000000000","message":"Yes. I will update as your advice as below:\n\n\"We proposes to create new logging API for neutron resources. In this spec, we will focus on firewall and security group rules.\"","commit_id":"b7d21ef47ef410af7c5924254bd5d559fe971acd"},{"author":{"_account_id":11682,"name":"Ryan Moats","email":"rmoats@us.ibm.com","username":"regXboi"},"change_message_id":"7219e66dbbefbe08d80f94a86281b65099293449","unresolved":false,"context_lines":[{"line_number":121,"context_line":"+-----------------+---------+----------------+-------+-----------------------------------+"},{"line_number":122,"context_line":"| tenant_id       | uuid    |  N/A           | R     |Id of tenant that creates logging  |"},{"line_number":123,"context_line":"+-----------------+---------+----------------+-------+-----------------------------------+"},{"line_number":124,"context_line":"| object_id       | uuid    |  N/A           | CRD   |Refer IDs for logging              |"},{"line_number":125,"context_line":"+-----------------+---------+----------------+-------+-----------------------------------+"},{"line_number":126,"context_line":"| service_type    | string  |  N/A           | CRD   |Log supported type: \u0027fw-rule\u0027 and  |"},{"line_number":127,"context_line":"|                 |         |                |       |                    \u0027sg-rule\u0027      |"}],"source_content_type":"text/x-rst","patch_set":9,"id":"3a50d1a3_da2050b3","line":124,"updated":"2015-07-30 13:35:26.000000000","message":"I didn\u0027t see any text that describes how object_id is constrained.  For example:\n\nWhat types of objects can have packet-loggers attached to them?\nIs an operator constrained to having only one packet-logger per object_id?\n\nThis needs to be clarified as it impacts the data model","commit_id":"b7d21ef47ef410af7c5924254bd5d559fe971acd"},{"author":{"_account_id":15905,"name":"Cao Xuan Hoang","email":"xuanhoangqb@gmail.com","username":"hoangcx"},"change_message_id":"03ae4a608cb0ecc6146dfc1385fe98480beaee65","unresolved":false,"context_lines":[{"line_number":121,"context_line":"+-----------------+---------+----------------+-------+-----------------------------------+"},{"line_number":122,"context_line":"| tenant_id       | uuid    |  N/A           | R     |Id of tenant that creates logging  |"},{"line_number":123,"context_line":"+-----------------+---------+----------------+-------+-----------------------------------+"},{"line_number":124,"context_line":"| object_id       | uuid    |  N/A           | CRD   |Refer IDs for logging              |"},{"line_number":125,"context_line":"+-----------------+---------+----------------+-------+-----------------------------------+"},{"line_number":126,"context_line":"| service_type    | string  |  N/A           | CRD   |Log supported type: \u0027fw-rule\u0027 and  |"},{"line_number":127,"context_line":"|                 |         |                |       |                    \u0027sg-rule\u0027      |"}],"source_content_type":"text/x-rst","patch_set":9,"id":"3a50d1a3_441e340d","line":124,"in_reply_to":"3a50d1a3_a662d5d7","updated":"2015-08-03 08:07:05.000000000","message":"1st point: Yes. We will add more description about this into \"Proposed Change\" section as above answer.\n\n2nd point: Yes. We will add this description below L135 as following: \n\n\"--object_id: Only one packet-logger can constrained per object_id\"","commit_id":"b7d21ef47ef410af7c5924254bd5d559fe971acd"},{"author":{"_account_id":15905,"name":"Cao Xuan Hoang","email":"xuanhoangqb@gmail.com","username":"hoangcx"},"change_message_id":"ff2eb1c0aa2cf5bb049b11a6425b5a008432a4bd","unresolved":false,"context_lines":[{"line_number":121,"context_line":"+-----------------+---------+----------------+-------+-----------------------------------+"},{"line_number":122,"context_line":"| tenant_id       | uuid    |  N/A           | R     |Id of tenant that creates logging  |"},{"line_number":123,"context_line":"+-----------------+---------+----------------+-------+-----------------------------------+"},{"line_number":124,"context_line":"| object_id       | uuid    |  N/A           | CRD   |Refer IDs for logging              |"},{"line_number":125,"context_line":"+-----------------+---------+----------------+-------+-----------------------------------+"},{"line_number":126,"context_line":"| service_type    | string  |  N/A           | CRD   |Log supported type: \u0027fw-rule\u0027 and  |"},{"line_number":127,"context_line":"|                 |         |                |       |                    \u0027sg-rule\u0027      |"}],"source_content_type":"text/x-rst","patch_set":9,"id":"3a50d1a3_f27f57a9","line":124,"in_reply_to":"3a50d1a3_da2050b3","updated":"2015-07-31 02:16:51.000000000","message":"1st question: \"types of objects\" is specified by service_type attribute. You can see an CLI example at L143-L144. To avoid misunderstanding, i think service_type may changed to object_type or object_id may changed to service_id. How do you think?\n\n2nd question: Yes. In current implementation, only one packet-logger can constrained per object_id.","commit_id":"b7d21ef47ef410af7c5924254bd5d559fe971acd"},{"author":{"_account_id":11682,"name":"Ryan Moats","email":"rmoats@us.ibm.com","username":"regXboi"},"change_message_id":"c67a38b3f6d8d3c6c7dc694741c43235c1075790","unresolved":false,"context_lines":[{"line_number":121,"context_line":"+-----------------+---------+----------------+-------+-----------------------------------+"},{"line_number":122,"context_line":"| tenant_id       | uuid    |  N/A           | R     |Id of tenant that creates logging  |"},{"line_number":123,"context_line":"+-----------------+---------+----------------+-------+-----------------------------------+"},{"line_number":124,"context_line":"| object_id       | uuid    |  N/A           | CRD   |Refer IDs for logging              |"},{"line_number":125,"context_line":"+-----------------+---------+----------------+-------+-----------------------------------+"},{"line_number":126,"context_line":"| service_type    | string  |  N/A           | CRD   |Log supported type: \u0027fw-rule\u0027 and  |"},{"line_number":127,"context_line":"|                 |         |                |       |                    \u0027sg-rule\u0027      |"}],"source_content_type":"text/x-rst","patch_set":9,"id":"3a50d1a3_a662d5d7","line":124,"in_reply_to":"3a50d1a3_f27f57a9","updated":"2015-07-31 15:15:56.000000000","message":"My point on the first question was that there is no text other than this table that says service_type is fw-rule or sg-rule.  That is talked about in the intro and the problem description, but in the proposed change, the text says \"neutron resources\", which is a whole different ballgame.\n\nimho, the answer to the second question needs to be written into the document somewhere.","commit_id":"b7d21ef47ef410af7c5924254bd5d559fe971acd"},{"author":{"_account_id":6524,"name":"Henry Gessau","email":"HenryG@gessau.net","username":"gessau"},"change_message_id":"3de56abd92ab0e4c208419749ab62a136e42ca1f","unresolved":false,"context_lines":[{"line_number":5,"context_line":" http://creativecommons.org/licenses/by/3.0/legalcode"},{"line_number":6,"context_line":""},{"line_number":7,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":8,"context_line":"Packet logging API"},{"line_number":9,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":10,"context_line":""},{"line_number":11,"context_line":"https://bugs.launchpad.net/neutron/+bug/1468366"}],"source_content_type":"text/x-rst","patch_set":10,"id":"1a4dcd0f_83c3ab56","line":8,"updated":"2015-08-06 13:50:50.000000000","message":"Please remove \"Packet\" here.\n\nSince you are now introducing a new generic logging API, please add a short introduction saying so and then say that this spec is for SG/FW rules.","commit_id":"1f21efa73a66c75d10e238433ca4ebd13272bbf2"},{"author":{"_account_id":13702,"name":"yushiro","username":"yushiro","inactive":true},"change_message_id":"70b90b31378c8132277742869359cf04eb3a7ef7","unresolved":false,"context_lines":[{"line_number":5,"context_line":" http://creativecommons.org/licenses/by/3.0/legalcode"},{"line_number":6,"context_line":""},{"line_number":7,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":8,"context_line":"Packet logging API"},{"line_number":9,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":10,"context_line":""},{"line_number":11,"context_line":"https://bugs.launchpad.net/neutron/+bug/1468366"}],"source_content_type":"text/x-rst","patch_set":10,"id":"1a4dcd0f_57f53dea","line":8,"in_reply_to":"1a4dcd0f_83c3ab56","updated":"2015-08-07 03:22:36.000000000","message":"Thanks for your advice. I will update as your comment on commit message: \"Logging API for security-group and firewall rules\"","commit_id":"1f21efa73a66c75d10e238433ca4ebd13272bbf2"},{"author":{"_account_id":6524,"name":"Henry Gessau","email":"HenryG@gessau.net","username":"gessau"},"change_message_id":"3de56abd92ab0e4c208419749ab62a136e42ca1f","unresolved":false,"context_lines":[{"line_number":8,"context_line":"Packet logging API"},{"line_number":9,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":10,"context_line":""},{"line_number":11,"context_line":"https://bugs.launchpad.net/neutron/+bug/1468366"},{"line_number":12,"context_line":""},{"line_number":13,"context_line":"We would like to implement a packet logging API for neutron resources"},{"line_number":14,"context_line":"in order to make the trouble shooting process easier for operators"}],"source_content_type":"text/x-rst","patch_set":10,"id":"1a4dcd0f_e3e4efe0","line":11,"updated":"2015-08-06 13:50:50.000000000","message":"Please change the wording of the RFE too.","commit_id":"1f21efa73a66c75d10e238433ca4ebd13272bbf2"},{"author":{"_account_id":13702,"name":"yushiro","username":"yushiro","inactive":true},"change_message_id":"70b90b31378c8132277742869359cf04eb3a7ef7","unresolved":false,"context_lines":[{"line_number":8,"context_line":"Packet logging API"},{"line_number":9,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":10,"context_line":""},{"line_number":11,"context_line":"https://bugs.launchpad.net/neutron/+bug/1468366"},{"line_number":12,"context_line":""},{"line_number":13,"context_line":"We would like to implement a packet logging API for neutron resources"},{"line_number":14,"context_line":"in order to make the trouble shooting process easier for operators"}],"source_content_type":"text/x-rst","patch_set":10,"id":"1a4dcd0f_f7e0092b","line":11,"in_reply_to":"1a4dcd0f_e3e4efe0","updated":"2015-08-07 03:22:36.000000000","message":"Done","commit_id":"1f21efa73a66c75d10e238433ca4ebd13272bbf2"},{"author":{"_account_id":11682,"name":"Ryan Moats","email":"rmoats@us.ibm.com","username":"regXboi"},"change_message_id":"7317d618be24d39f46dfb7ea039a23e1a3347e6c","unresolved":false,"context_lines":[{"line_number":10,"context_line":""},{"line_number":11,"context_line":"https://bugs.launchpad.net/neutron/+bug/1468366"},{"line_number":12,"context_line":""},{"line_number":13,"context_line":"We would like to implement a packet logging API for neutron resources"},{"line_number":14,"context_line":"in order to make the trouble shooting process easier for operators"},{"line_number":15,"context_line":"(or Cloud admins, developers etc)."},{"line_number":16,"context_line":""}],"source_content_type":"text/x-rst","patch_set":10,"id":"1a4dcd0f_3f2344bf","line":13,"updated":"2015-08-04 13:44:55.000000000","message":"I\u0027m still uncomfortable with saying \"resources\" in the document, because I don\u0027t quite understand what packet logging for a CIDR block (subnet) means.","commit_id":"1f21efa73a66c75d10e238433ca4ebd13272bbf2"},{"author":{"_account_id":13702,"name":"yushiro","username":"yushiro","inactive":true},"change_message_id":"7e652d2cf73456557fee8fa2cb7e46bd161ebac0","unresolved":false,"context_lines":[{"line_number":10,"context_line":""},{"line_number":11,"context_line":"https://bugs.launchpad.net/neutron/+bug/1468366"},{"line_number":12,"context_line":""},{"line_number":13,"context_line":"We would like to implement a packet logging API for neutron resources"},{"line_number":14,"context_line":"in order to make the trouble shooting process easier for operators"},{"line_number":15,"context_line":"(or Cloud admins, developers etc)."},{"line_number":16,"context_line":""}],"source_content_type":"text/x-rst","patch_set":10,"id":"1a4dcd0f_181e38bb","line":13,"in_reply_to":"1a4dcd0f_3f2344bf","updated":"2015-08-06 08:32:22.000000000","message":"I\u0027ll change it. Thank you.","commit_id":"1f21efa73a66c75d10e238433ca4ebd13272bbf2"},{"author":{"_account_id":1131,"name":"Brian Haley","email":"haleyb.dev@gmail.com","username":"brian-haley"},"change_message_id":"64fddded5b83a69523ed89790735c1754e50e469","unresolved":false,"context_lines":[{"line_number":28,"context_line":""},{"line_number":29,"context_line":"2. Tenant-Users need logs to make sure their Security-Group and Firewall works as expected,"},{"line_number":30,"context_line":"   and to assess what kinds of packets went through their security-group/firewall"},{"line_number":31,"context_line":"   or were dropped."},{"line_number":32,"context_line":""},{"line_number":33,"context_line":"    * In the future, the API can be expanded to satisfy the needs to"},{"line_number":34,"context_line":"      Tenant-Users. This would involve additional filtering which would"}],"source_content_type":"text/x-rst","patch_set":10,"id":"1a4dcd0f_200d20e8","line":31,"updated":"2015-08-05 15:11:54.000000000","message":"Having a tenant be able to log SG things, which with iptables is done in the kernel, is an interesting data point as it opens a potential DOS vector, so I\u0027m glad you\u0027re not enabling that by default here.","commit_id":"1f21efa73a66c75d10e238433ca4ebd13272bbf2"},{"author":{"_account_id":13702,"name":"yushiro","username":"yushiro","inactive":true},"change_message_id":"7e652d2cf73456557fee8fa2cb7e46bd161ebac0","unresolved":false,"context_lines":[{"line_number":28,"context_line":""},{"line_number":29,"context_line":"2. Tenant-Users need logs to make sure their Security-Group and Firewall works as expected,"},{"line_number":30,"context_line":"   and to assess what kinds of packets went through their security-group/firewall"},{"line_number":31,"context_line":"   or were dropped."},{"line_number":32,"context_line":""},{"line_number":33,"context_line":"    * In the future, the API can be expanded to satisfy the needs to"},{"line_number":34,"context_line":"      Tenant-Users. This would involve additional filtering which would"}],"source_content_type":"text/x-rst","patch_set":10,"id":"1a4dcd0f_b885c4cf","line":31,"in_reply_to":"1a4dcd0f_200d20e8","updated":"2015-08-06 08:32:22.000000000","message":"You\u0027re right.  In current implementation, only admin can control this API.","commit_id":"1f21efa73a66c75d10e238433ca4ebd13272bbf2"},{"author":{"_account_id":1131,"name":"Brian Haley","email":"haleyb.dev@gmail.com","username":"brian-haley"},"change_message_id":"64fddded5b83a69523ed89790735c1754e50e469","unresolved":false,"context_lines":[{"line_number":63,"context_line":":dir:"},{"line_number":64,"context_line":"    Direction(ingress/i, egress/o)"},{"line_number":65,"context_line":":uuid:"},{"line_number":66,"context_line":"    Security-group\u0027s UUID or Firewall\u0027s UUID"},{"line_number":67,"context_line":":act:"},{"line_number":68,"context_line":"    Action(ACCEPT/A, Otherwise/D) [Only for Firewall resource]"},{"line_number":69,"context_line":":IN:"}],"source_content_type":"text/x-rst","patch_set":10,"id":"1a4dcd0f_45b39ee9","line":66,"updated":"2015-08-05 15:11:54.000000000","message":"I see only a partial UUID below, is that all that\u0027s possible?","commit_id":"1f21efa73a66c75d10e238433ca4ebd13272bbf2"},{"author":{"_account_id":13702,"name":"yushiro","username":"yushiro","inactive":true},"change_message_id":"7e652d2cf73456557fee8fa2cb7e46bd161ebac0","unresolved":false,"context_lines":[{"line_number":63,"context_line":":dir:"},{"line_number":64,"context_line":"    Direction(ingress/i, egress/o)"},{"line_number":65,"context_line":":uuid:"},{"line_number":66,"context_line":"    Security-group\u0027s UUID or Firewall\u0027s UUID"},{"line_number":67,"context_line":":act:"},{"line_number":68,"context_line":"    Action(ACCEPT/A, Otherwise/D) [Only for Firewall resource]"},{"line_number":69,"context_line":":IN:"}],"source_content_type":"text/x-rst","patch_set":10,"id":"1a4dcd0f_78af3c2a","line":66,"in_reply_to":"1a4dcd0f_45b39ee9","updated":"2015-08-06 08:32:22.000000000","message":"No. In current implementation, We only use the first 13 characters of UUID to insert to --log-prefix.  I think it is enough for identifying/checking later.","commit_id":"1f21efa73a66c75d10e238433ca4ebd13272bbf2"},{"author":{"_account_id":1131,"name":"Brian Haley","email":"haleyb.dev@gmail.com","username":"brian-haley"},"change_message_id":"b9153358019015d8f1d94058994354e5b7ebae3c","unresolved":false,"context_lines":[{"line_number":63,"context_line":":dir:"},{"line_number":64,"context_line":"    Direction(ingress/i, egress/o)"},{"line_number":65,"context_line":":uuid:"},{"line_number":66,"context_line":"    Security-group\u0027s UUID or Firewall\u0027s UUID"},{"line_number":67,"context_line":":act:"},{"line_number":68,"context_line":"    Action(ACCEPT/A, Otherwise/D) [Only for Firewall resource]"},{"line_number":69,"context_line":":IN:"}],"source_content_type":"text/x-rst","patch_set":10,"id":"1a4dcd0f_cc0760c8","line":66,"in_reply_to":"1a4dcd0f_78af3c2a","updated":"2015-08-07 16:45:15.000000000","message":"I would put as much of the uuid as possible, or possibly even the tenant\u0027s uuid?  If an admin is using this they will want to know who is triggering the events, and a tenant can remove a SG.","commit_id":"1f21efa73a66c75d10e238433ca4ebd13272bbf2"},{"author":{"_account_id":13702,"name":"yushiro","username":"yushiro","inactive":true},"change_message_id":"b4548e97aefae9c9a40c55ddb5ad0707b8fd045c","unresolved":false,"context_lines":[{"line_number":63,"context_line":":dir:"},{"line_number":64,"context_line":"    Direction(ingress/i, egress/o)"},{"line_number":65,"context_line":":uuid:"},{"line_number":66,"context_line":"    Security-group\u0027s UUID or Firewall\u0027s UUID"},{"line_number":67,"context_line":":act:"},{"line_number":68,"context_line":"    Action(ACCEPT/A, Otherwise/D) [Only for Firewall resource]"},{"line_number":69,"context_line":":IN:"}],"source_content_type":"text/x-rst","patch_set":10,"id":"1a4dcd0f_2bb5607d","line":66,"in_reply_to":"1a4dcd0f_cc0760c8","updated":"2015-08-10 02:51:24.000000000","message":"Yes. For FWaaS, it is OK to put maximum number of uuid because maximum characters to put into -nflog-prefix is 64.\nBut for SG, the number of maximum of -log-prefix is only 29. Beside put uuid we need to put other characters for identifying/checking later.\nSo it maybe we can put up to 18 characters for uuid in SG cases.","commit_id":"1f21efa73a66c75d10e238433ca4ebd13272bbf2"},{"author":{"_account_id":1131,"name":"Brian Haley","email":"haleyb.dev@gmail.com","username":"brian-haley"},"change_message_id":"64fddded5b83a69523ed89790735c1754e50e469","unresolved":false,"context_lines":[{"line_number":65,"context_line":":uuid:"},{"line_number":66,"context_line":"    Security-group\u0027s UUID or Firewall\u0027s UUID"},{"line_number":67,"context_line":":act:"},{"line_number":68,"context_line":"    Action(ACCEPT/A, Otherwise/D) [Only for Firewall resource]"},{"line_number":69,"context_line":":IN:"},{"line_number":70,"context_line":"    Input device"},{"line_number":71,"context_line":":OUT:"}],"source_content_type":"text/x-rst","patch_set":10,"id":"1a4dcd0f_a574e235","line":68,"updated":"2015-08-05 15:11:54.000000000","message":"This doesn\u0027t seem used, I\u0027m assuming it was for Accept/Drop a packet ?","commit_id":"1f21efa73a66c75d10e238433ca4ebd13272bbf2"},{"author":{"_account_id":1131,"name":"Brian Haley","email":"haleyb.dev@gmail.com","username":"brian-haley"},"change_message_id":"b9153358019015d8f1d94058994354e5b7ebae3c","unresolved":false,"context_lines":[{"line_number":65,"context_line":":uuid:"},{"line_number":66,"context_line":"    Security-group\u0027s UUID or Firewall\u0027s UUID"},{"line_number":67,"context_line":":act:"},{"line_number":68,"context_line":"    Action(ACCEPT/A, Otherwise/D) [Only for Firewall resource]"},{"line_number":69,"context_line":":IN:"},{"line_number":70,"context_line":"    Input device"},{"line_number":71,"context_line":":OUT:"}],"source_content_type":"text/x-rst","patch_set":10,"id":"1a4dcd0f_ecd81c55","line":68,"in_reply_to":"1a4dcd0f_3801b406","updated":"2015-08-07 16:45:15.000000000","message":"I guess I didn\u0027t see it used in your logging example below - where does A or D get printed?","commit_id":"1f21efa73a66c75d10e238433ca4ebd13272bbf2"},{"author":{"_account_id":13702,"name":"yushiro","username":"yushiro","inactive":true},"change_message_id":"7e652d2cf73456557fee8fa2cb7e46bd161ebac0","unresolved":false,"context_lines":[{"line_number":65,"context_line":":uuid:"},{"line_number":66,"context_line":"    Security-group\u0027s UUID or Firewall\u0027s UUID"},{"line_number":67,"context_line":":act:"},{"line_number":68,"context_line":"    Action(ACCEPT/A, Otherwise/D) [Only for Firewall resource]"},{"line_number":69,"context_line":":IN:"},{"line_number":70,"context_line":"    Input device"},{"line_number":71,"context_line":":OUT:"}],"source_content_type":"text/x-rst","patch_set":10,"id":"1a4dcd0f_3801b406","line":68,"in_reply_to":"1a4dcd0f_a574e235","updated":"2015-08-06 08:32:22.000000000","message":"Actually, It was for Accept/Deny a packet.  I\u0027ll update this description.","commit_id":"1f21efa73a66c75d10e238433ca4ebd13272bbf2"},{"author":{"_account_id":13702,"name":"yushiro","username":"yushiro","inactive":true},"change_message_id":"b4548e97aefae9c9a40c55ddb5ad0707b8fd045c","unresolved":false,"context_lines":[{"line_number":65,"context_line":":uuid:"},{"line_number":66,"context_line":"    Security-group\u0027s UUID or Firewall\u0027s UUID"},{"line_number":67,"context_line":":act:"},{"line_number":68,"context_line":"    Action(ACCEPT/A, Otherwise/D) [Only for Firewall resource]"},{"line_number":69,"context_line":":IN:"},{"line_number":70,"context_line":"    Input device"},{"line_number":71,"context_line":":OUT:"}],"source_content_type":"text/x-rst","patch_set":10,"id":"1a4dcd0f_0bad0431","line":68,"in_reply_to":"1a4dcd0f_ecd81c55","updated":"2015-08-10 02:51:24.000000000","message":"Yes. The example below is just for SG case. I will update other example for FWaaS in next revision.","commit_id":"1f21efa73a66c75d10e238433ca4ebd13272bbf2"},{"author":{"_account_id":1131,"name":"Brian Haley","email":"haleyb.dev@gmail.com","username":"brian-haley"},"change_message_id":"64fddded5b83a69523ed89790735c1754e50e469","unresolved":false,"context_lines":[{"line_number":187,"context_line":"+--------------------+------------------------------------+-----------+"},{"line_number":188,"context_line":"|Object              |URI                                 |Type       |"},{"line_number":189,"context_line":"+\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d+\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d+\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d+"},{"line_number":190,"context_line":"|packet-logger       |/packet-loggers                     |POST       |"},{"line_number":191,"context_line":"+--------------------+------------------------------------+-----------+"},{"line_number":192,"context_line":"|packet-logger       |/packet-loggers                     |GET        |"},{"line_number":193,"context_line":"+--------------------+------------------------------------+-----------+"}],"source_content_type":"text/x-rst","patch_set":10,"id":"1a4dcd0f_052596bf","line":190,"updated":"2015-08-05 15:11:54.000000000","message":"So after looking at https://review.openstack.org/#/c/132134/ and seeing one of Kevin\u0027s comments:\n\n\"No, please don\u0027t do it as a generic extra features API. I want to see an API specific to logging that we could potentially extend to other objects. Logging isn\u0027t only relevant to security groups.\"\n\nIt seems to me like there should be a /logging/ parent with children like \"sg_rules\" or something.  That way other items can be added later.","commit_id":"1f21efa73a66c75d10e238433ca4ebd13272bbf2"},{"author":{"_account_id":13702,"name":"yushiro","username":"yushiro","inactive":true},"change_message_id":"7e652d2cf73456557fee8fa2cb7e46bd161ebac0","unresolved":false,"context_lines":[{"line_number":187,"context_line":"+--------------------+------------------------------------+-----------+"},{"line_number":188,"context_line":"|Object              |URI                                 |Type       |"},{"line_number":189,"context_line":"+\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d+\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d+\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d+"},{"line_number":190,"context_line":"|packet-logger       |/packet-loggers                     |POST       |"},{"line_number":191,"context_line":"+--------------------+------------------------------------+-----------+"},{"line_number":192,"context_line":"|packet-logger       |/packet-loggers                     |GET        |"},{"line_number":193,"context_line":"+--------------------+------------------------------------+-----------+"}],"source_content_type":"text/x-rst","patch_set":10,"id":"1a4dcd0f_aed33ed4","line":190,"in_reply_to":"1a4dcd0f_052596bf","updated":"2015-08-06 08:32:22.000000000","message":"In current proposal, other items can also be added by specifying in --service_type attribute later.\nI described in my mind as follows about your opinion:\nIs it same as your thinking?\n\n* POST   /logging/sg_rules\n* GET    /logging/sg_rules\n* GET    /logging/sg_rules/{logging-id}\n* DELETE /logging/sg_rules/{logging-id}\n* POST   /logging/fw_rules\n* GET    /logging/fw_rules\n* GET    /logging/fw_rules/{logging-id}\n* DELETE /logging/fw_rules/{logging-id}\n\nlog_level_supported \u003d [\u0027info\u0027, \u0027warn\u0027, \u0027error\u0027, \u0027debug\u0027, \u0027notice\u0027]\nRESOURCE_ATTRIBUTE_MAP \u003d {\n    \u0027sg_rules\u0027: {\n        \u0027id\u0027: {\u0027allow_post\u0027: False, \u0027allow_put\u0027: False,\n               \u0027validate\u0027: {\u0027type:uuid\u0027: None},\n               \u0027is_visible\u0027: True,\n               \u0027primary_key\u0027: True},\n        \u0027sg_ids\u0027: {\u0027allow_post\u0027: True, \u0027allow_put\u0027: False,\n                   \u0027validate\u0027: {\u0027type:uuid_list\u0027: None},\n                   \u0027convert_to\u0027: attr.convert_none_to_empty_list,\n                   \u0027default\u0027: None, \u0027is_visible\u0027: True},\n        \u0027tenant_id\u0027: {\u0027allow_post\u0027: True, \u0027allow_put\u0027: False,\n                      \u0027required_by_policy\u0027: True,\n                      \u0027is_visible\u0027: True},\n        \u0027log_level\u0027: {\u0027allow_post\u0027: True, \u0027allow_put\u0027: False,\n                      \u0027is_visible\u0027: True, \u0027default\u0027: \u0027info\u0027,\n                      \u0027validate\u0027: {\u0027type:values\u0027: log_level_supported}},\n        \u0027destination\u0027: {\u0027allow_post\u0027: True, \u0027allow_put\u0027: False,\n                      \u0027is_visible\u0027: True,\n                      \u0027default\u0027: \u0027localhost:/var/log/neutron\u0027},\n    },\n    \u0027fw_rules\u0027: {\n        \u0027id\u0027: {\u0027allow_post\u0027: False, \u0027allow_put\u0027: False,\n               \u0027validate\u0027: {\u0027type:uuid\u0027: None},\n               \u0027is_visible\u0027: True,\n               \u0027primary_key\u0027: True},\n        \u0027fw_ids\u0027: {\u0027allow_post\u0027: True, \u0027allow_put\u0027: False,\n                   \u0027validate\u0027: {\u0027type:uuid_list\u0027: None},\n                   \u0027convert_to\u0027: attr.convert_none_to_empty_list,\n                   \u0027default\u0027: None, \u0027is_visible\u0027: True},\n        \u0027tenant_id\u0027: {\u0027allow_post\u0027: True, \u0027allow_put\u0027: False,\n                      \u0027required_by_policy\u0027: True,\n                      \u0027is_visible\u0027: True},\n        \u0027destination\u0027: {\u0027allow_post\u0027: True, \u0027allow_put\u0027: False,\n                      \u0027is_visible\u0027: True,\n                      \u0027default\u0027: \u0027localhost:/var/log/neutron\u0027},\n    },\n}","commit_id":"1f21efa73a66c75d10e238433ca4ebd13272bbf2"},{"author":{"_account_id":13702,"name":"yushiro","username":"yushiro","inactive":true},"change_message_id":"b4548e97aefae9c9a40c55ddb5ad0707b8fd045c","unresolved":false,"context_lines":[{"line_number":187,"context_line":"+--------------------+------------------------------------+-----------+"},{"line_number":188,"context_line":"|Object              |URI                                 |Type       |"},{"line_number":189,"context_line":"+\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d+\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d+\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d+"},{"line_number":190,"context_line":"|packet-logger       |/packet-loggers                     |POST       |"},{"line_number":191,"context_line":"+--------------------+------------------------------------+-----------+"},{"line_number":192,"context_line":"|packet-logger       |/packet-loggers                     |GET        |"},{"line_number":193,"context_line":"+--------------------+------------------------------------+-----------+"}],"source_content_type":"text/x-rst","patch_set":10,"id":"1a4dcd0f_cba63c53","line":190,"in_reply_to":"1a4dcd0f_ac9a1460","updated":"2015-08-10 02:51:24.000000000","message":"Yes. Thanks for your confirmation. I will update it.","commit_id":"1f21efa73a66c75d10e238433ca4ebd13272bbf2"},{"author":{"_account_id":1131,"name":"Brian Haley","email":"haleyb.dev@gmail.com","username":"brian-haley"},"change_message_id":"b9153358019015d8f1d94058994354e5b7ebae3c","unresolved":false,"context_lines":[{"line_number":187,"context_line":"+--------------------+------------------------------------+-----------+"},{"line_number":188,"context_line":"|Object              |URI                                 |Type       |"},{"line_number":189,"context_line":"+\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d+\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d+\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d+"},{"line_number":190,"context_line":"|packet-logger       |/packet-loggers                     |POST       |"},{"line_number":191,"context_line":"+--------------------+------------------------------------+-----------+"},{"line_number":192,"context_line":"|packet-logger       |/packet-loggers                     |GET        |"},{"line_number":193,"context_line":"+--------------------+------------------------------------+-----------+"}],"source_content_type":"text/x-rst","patch_set":10,"id":"1a4dcd0f_ac9a1460","line":190,"in_reply_to":"1a4dcd0f_aed33ed4","updated":"2015-08-07 16:45:15.000000000","message":"I think we are talking about the same thing, moving this to /logging/sg_rules, etc.","commit_id":"1f21efa73a66c75d10e238433ca4ebd13272bbf2"}],"specs/mitaka/logging-API-for-security-group-rules.rst":[{"author":{"_account_id":748,"name":"Armando Migliaccio","email":"armamig@gmail.com","username":"armando-migliaccio"},"change_message_id":"1e3fcf9ef1493d3e3dbffb28dd68f352c2ce47bc","unresolved":false,"context_lines":[{"line_number":19,"context_line":"Problem Description"},{"line_number":20,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":21,"context_line":""},{"line_number":22,"context_line":"Logging is currently a missing feature in security-group and firewall. This"},{"line_number":23,"context_line":"feature is necessary for **Operators** (including cloud admin, developer) to"},{"line_number":24,"context_line":"trouble shooting easier. And the tenants need to make sure their"},{"line_number":25,"context_line":"security-group and firewall works as expected, and to assess what kinds of"}],"source_content_type":"text/x-rst","patch_set":26,"id":"da85f559_a6c0652b","line":22,"updated":"2015-11-10 17:54:56.000000000","message":"firewall is a left-over from previous revisions.","commit_id":"f369ab062f9407c38acbcb9207ce70d2e4519175"},{"author":{"_account_id":13702,"name":"yushiro","username":"yushiro","inactive":true},"change_message_id":"5e17be8af49863dffc70485bd059bfd81de25b53","unresolved":false,"context_lines":[{"line_number":19,"context_line":"Problem Description"},{"line_number":20,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":21,"context_line":""},{"line_number":22,"context_line":"Logging is currently a missing feature in security-group and firewall. This"},{"line_number":23,"context_line":"feature is necessary for **Operators** (including cloud admin, developer) to"},{"line_number":24,"context_line":"trouble shooting easier. And the tenants need to make sure their"},{"line_number":25,"context_line":"security-group and firewall works as expected, and to assess what kinds of"}],"source_content_type":"text/x-rst","patch_set":26,"id":"da85f559_f6cc888a","line":22,"in_reply_to":"da85f559_a6c0652b","updated":"2015-11-12 07:28:27.000000000","message":"Thank you.   We\u0027ll remove it.","commit_id":"f369ab062f9407c38acbcb9207ce70d2e4519175"},{"author":{"_account_id":748,"name":"Armando Migliaccio","email":"armamig@gmail.com","username":"armando-migliaccio"},"change_message_id":"1e3fcf9ef1493d3e3dbffb28dd68f352c2ce47bc","unresolved":false,"context_lines":[{"line_number":21,"context_line":""},{"line_number":22,"context_line":"Logging is currently a missing feature in security-group and firewall. This"},{"line_number":23,"context_line":"feature is necessary for **Operators** (including cloud admin, developer) to"},{"line_number":24,"context_line":"trouble shooting easier. And the tenants need to make sure their"},{"line_number":25,"context_line":"security-group and firewall works as expected, and to assess what kinds of"},{"line_number":26,"context_line":"events/packets went through their security-group/firewall or were dropped."},{"line_number":27,"context_line":""}],"source_content_type":"text/x-rst","patch_set":26,"id":"da85f559_66e11dd0","line":24,"updated":"2015-11-10 17:54:56.000000000","message":"trouble shooting -\u003e troubleshoot","commit_id":"f369ab062f9407c38acbcb9207ce70d2e4519175"},{"author":{"_account_id":13702,"name":"yushiro","username":"yushiro","inactive":true},"change_message_id":"5e17be8af49863dffc70485bd059bfd81de25b53","unresolved":false,"context_lines":[{"line_number":21,"context_line":""},{"line_number":22,"context_line":"Logging is currently a missing feature in security-group and firewall. This"},{"line_number":23,"context_line":"feature is necessary for **Operators** (including cloud admin, developer) to"},{"line_number":24,"context_line":"trouble shooting easier. And the tenants need to make sure their"},{"line_number":25,"context_line":"security-group and firewall works as expected, and to assess what kinds of"},{"line_number":26,"context_line":"events/packets went through their security-group/firewall or were dropped."},{"line_number":27,"context_line":""}],"source_content_type":"text/x-rst","patch_set":26,"id":"da85f559_96c73c63","line":24,"in_reply_to":"da85f559_66e11dd0","updated":"2015-11-12 07:28:27.000000000","message":"Done","commit_id":"f369ab062f9407c38acbcb9207ce70d2e4519175"},{"author":{"_account_id":748,"name":"Armando Migliaccio","email":"armamig@gmail.com","username":"armando-migliaccio"},"change_message_id":"1e3fcf9ef1493d3e3dbffb28dd68f352c2ce47bc","unresolved":false,"context_lines":[{"line_number":23,"context_line":"feature is necessary for **Operators** (including cloud admin, developer) to"},{"line_number":24,"context_line":"trouble shooting easier. And the tenants need to make sure their"},{"line_number":25,"context_line":"security-group and firewall works as expected, and to assess what kinds of"},{"line_number":26,"context_line":"events/packets went through their security-group/firewall or were dropped."},{"line_number":27,"context_line":""},{"line_number":28,"context_line":""},{"line_number":29,"context_line":"Proposed Change"}],"source_content_type":"text/x-rst","patch_set":26,"id":"da85f559_c6d24900","line":26,"updated":"2015-11-10 17:54:56.000000000","message":"this should be about secgroups only.","commit_id":"f369ab062f9407c38acbcb9207ce70d2e4519175"},{"author":{"_account_id":13702,"name":"yushiro","username":"yushiro","inactive":true},"change_message_id":"5e17be8af49863dffc70485bd059bfd81de25b53","unresolved":false,"context_lines":[{"line_number":23,"context_line":"feature is necessary for **Operators** (including cloud admin, developer) to"},{"line_number":24,"context_line":"trouble shooting easier. And the tenants need to make sure their"},{"line_number":25,"context_line":"security-group and firewall works as expected, and to assess what kinds of"},{"line_number":26,"context_line":"events/packets went through their security-group/firewall or were dropped."},{"line_number":27,"context_line":""},{"line_number":28,"context_line":""},{"line_number":29,"context_line":"Proposed Change"}],"source_content_type":"text/x-rst","patch_set":26,"id":"da85f559_f6932859","line":26,"in_reply_to":"da85f559_c6d24900","updated":"2015-11-12 07:28:27.000000000","message":"Done","commit_id":"f369ab062f9407c38acbcb9207ce70d2e4519175"},{"author":{"_account_id":748,"name":"Armando Migliaccio","email":"armamig@gmail.com","username":"armando-migliaccio"},"change_message_id":"1e3fcf9ef1493d3e3dbffb28dd68f352c2ce47bc","unresolved":false,"context_lines":[{"line_number":50,"context_line":"  use case demand."},{"line_number":51,"context_line":""},{"line_number":52,"context_line":"* Logging data format is out of scope of this spec. It will be discussed"},{"line_number":53,"context_line":"  in the latter half (see `Future work beyond this spec`_ section)."},{"line_number":54,"context_line":""},{"line_number":55,"context_line":"Data Model Impact"},{"line_number":56,"context_line":"-----------------"}],"source_content_type":"text/x-rst","patch_set":26,"id":"da85f559_c15d5216","line":53,"updated":"2015-11-10 17:54:56.000000000","message":"After reading this paragraph, I feel like we could still try and make clear what the objective of this spec really is.\n\nThis should be as simple as:\n\nToday when traffic doesn\u0027t flow the way it is supposed to (as prescribed by security groups rules), learning what happened can be achieved by painstakingly browsing distributed logs.\n\nTo improve the situation, we\u0027d do the following:\n\n - Capture security events when they occur; ideally we\u0027d funnel events to a central location;\n - Expose a way to the user to consume this events, ideally remotely via a well defined API.\n\nSo the objective of this spec is to:\n\n - Define format and way to collect secgroup related events.\n - Define format and way to access these events.","commit_id":"f369ab062f9407c38acbcb9207ce70d2e4519175"},{"author":{"_account_id":13702,"name":"yushiro","username":"yushiro","inactive":true},"change_message_id":"5e17be8af49863dffc70485bd059bfd81de25b53","unresolved":false,"context_lines":[{"line_number":50,"context_line":"  use case demand."},{"line_number":51,"context_line":""},{"line_number":52,"context_line":"* Logging data format is out of scope of this spec. It will be discussed"},{"line_number":53,"context_line":"  in the latter half (see `Future work beyond this spec`_ section)."},{"line_number":54,"context_line":""},{"line_number":55,"context_line":"Data Model Impact"},{"line_number":56,"context_line":"-----------------"}],"source_content_type":"text/x-rst","patch_set":26,"id":"da85f559_7695f830","line":53,"in_reply_to":"da85f559_c15d5216","updated":"2015-11-12 07:28:27.000000000","message":"Many thanks.  We\u0027ll follow your suggestion. :)","commit_id":"f369ab062f9407c38acbcb9207ce70d2e4519175"},{"author":{"_account_id":748,"name":"Armando Migliaccio","email":"armamig@gmail.com","username":"armando-migliaccio"},"change_message_id":"1e3fcf9ef1493d3e3dbffb28dd68f352c2ce47bc","unresolved":false,"context_lines":[{"line_number":129,"context_line":"+----------------+------+-------+-------+-----------+--------------------------+"},{"line_number":130,"context_line":""},{"line_number":131,"context_line":""},{"line_number":132,"context_line":"Future work beyond this spec"},{"line_number":133,"context_line":"----------------------------"},{"line_number":134,"context_line":""},{"line_number":135,"context_line":"Following contents will be discussed in the next:"}],"source_content_type":"text/x-rst","patch_set":26,"id":"da85f559_e6fe6d37","line":132,"updated":"2015-11-10 17:54:56.000000000","message":"Please remove this \u0027future work\u0027 section, as there\u0027s no commitment this will ever happen.","commit_id":"f369ab062f9407c38acbcb9207ce70d2e4519175"},{"author":{"_account_id":13702,"name":"yushiro","username":"yushiro","inactive":true},"change_message_id":"5e17be8af49863dffc70485bd059bfd81de25b53","unresolved":false,"context_lines":[{"line_number":129,"context_line":"+----------------+------+-------+-------+-----------+--------------------------+"},{"line_number":130,"context_line":""},{"line_number":131,"context_line":""},{"line_number":132,"context_line":"Future work beyond this spec"},{"line_number":133,"context_line":"----------------------------"},{"line_number":134,"context_line":""},{"line_number":135,"context_line":"Following contents will be discussed in the next:"}],"source_content_type":"text/x-rst","patch_set":26,"id":"da85f559_f6a1e894","line":132,"in_reply_to":"da85f559_e6fe6d37","updated":"2015-11-12 07:28:27.000000000","message":"Done","commit_id":"f369ab062f9407c38acbcb9207ce70d2e4519175"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"58b1985e58d246f34888b579649b5f31d808a9cb","unresolved":false,"context_lines":[{"line_number":280,"context_line":"+-----------------+------------------------------------------------+-------+"},{"line_number":281,"context_line":"|rsyslog          |/logging/{log-resource-id}/rsyslogs             |GET    |"},{"line_number":282,"context_line":"+-----------------+------------------------------------------------+-------+"},{"line_number":283,"context_line":"|rsyslog          |/logging/{log-resource-id}rsyslogs/{rsyslog-id} |DELETE |"},{"line_number":284,"context_line":"+-----------------+------------------------------------------------+-------+"},{"line_number":285,"context_line":""},{"line_number":286,"context_line":""}],"source_content_type":"text/x-rst","patch_set":26,"id":"da85f559_373725b2","line":283,"updated":"2015-11-09 02:37:53.000000000","message":"It should be as follow: \n/logging/{log-resource-id}/rsyslogs/{rsyslog-id}","commit_id":"f369ab062f9407c38acbcb9207ce70d2e4519175"},{"author":{"_account_id":13702,"name":"yushiro","username":"yushiro","inactive":true},"change_message_id":"5e17be8af49863dffc70485bd059bfd81de25b53","unresolved":false,"context_lines":[{"line_number":280,"context_line":"+-----------------+------------------------------------------------+-------+"},{"line_number":281,"context_line":"|rsyslog          |/logging/{log-resource-id}/rsyslogs             |GET    |"},{"line_number":282,"context_line":"+-----------------+------------------------------------------------+-------+"},{"line_number":283,"context_line":"|rsyslog          |/logging/{log-resource-id}rsyslogs/{rsyslog-id} |DELETE |"},{"line_number":284,"context_line":"+-----------------+------------------------------------------------+-------+"},{"line_number":285,"context_line":""},{"line_number":286,"context_line":""}],"source_content_type":"text/x-rst","patch_set":26,"id":"da85f559_16826cc8","line":283,"in_reply_to":"da85f559_373725b2","updated":"2015-11-12 07:28:27.000000000","message":"wow ;)  Done.","commit_id":"f369ab062f9407c38acbcb9207ce70d2e4519175"},{"author":{"_account_id":6598,"name":"Berezovsky Irena","email":"irenab.dev@gmail.com","username":"irenab"},"change_message_id":"485eded8fb100100bf233a766ac8d2818febc28d","unresolved":false,"context_lines":[{"line_number":453,"context_line":"Other End User Impact"},{"line_number":454,"context_line":"---------------------"},{"line_number":455,"context_line":""},{"line_number":456,"context_line":"Additional methods will be added to python-neutronclient to create, uptade,"},{"line_number":457,"context_line":"list, get, and delete logging resource. Dedicated CLI command"},{"line_number":458,"context_line":"will be added to create each logging driver type."},{"line_number":459,"context_line":""}],"source_content_type":"text/x-rst","patch_set":26,"id":"da85f559_f0437e40","line":456,"updated":"2015-11-10 19:39:27.000000000","message":"typo: update","commit_id":"f369ab062f9407c38acbcb9207ce70d2e4519175"},{"author":{"_account_id":13702,"name":"yushiro","username":"yushiro","inactive":true},"change_message_id":"5e17be8af49863dffc70485bd059bfd81de25b53","unresolved":false,"context_lines":[{"line_number":453,"context_line":"Other End User Impact"},{"line_number":454,"context_line":"---------------------"},{"line_number":455,"context_line":""},{"line_number":456,"context_line":"Additional methods will be added to python-neutronclient to create, uptade,"},{"line_number":457,"context_line":"list, get, and delete logging resource. Dedicated CLI command"},{"line_number":458,"context_line":"will be added to create each logging driver type."},{"line_number":459,"context_line":""}],"source_content_type":"text/x-rst","patch_set":26,"id":"da85f559_d670640d","line":456,"in_reply_to":"da85f559_f0437e40","updated":"2015-11-12 07:28:27.000000000","message":"Done","commit_id":"f369ab062f9407c38acbcb9207ce70d2e4519175"},{"author":{"_account_id":17776,"name":"Reedip","email":"reedip.banerjee@gmail.com","username":"Reedip"},"change_message_id":"a8321e33eefec0e1065c3fb7e88f7244a99c6ae1","unresolved":false,"context_lines":[{"line_number":20,"context_line":""},{"line_number":21,"context_line":"Logging is currently a missing feature in security-groups. This feature is"},{"line_number":22,"context_line":"necessary for **Operators** (including cloud admin, developer) to"},{"line_number":23,"context_line":"troubleshoot easier. And the tenants need to make sure their security-groups"},{"line_number":24,"context_line":"works as expected, and to assess what kinds of events/packets went through"},{"line_number":25,"context_line":"their security-groups or were dropped."},{"line_number":26,"context_line":""}],"source_content_type":"text/x-rst","patch_set":27,"id":"da85f559_ffe0a1fc","line":23,"updated":"2015-11-13 02:51:30.000000000","message":"nit:troubleshoot easier -\u003e troubleshoot any issues easily","commit_id":"98af4c82b181f465d18f9a04a3bff130c4e5a62d"},{"author":{"_account_id":13702,"name":"yushiro","username":"yushiro","inactive":true},"change_message_id":"9539971e97f240e3d6c973ec8b67931a99a2a4f2","unresolved":false,"context_lines":[{"line_number":20,"context_line":""},{"line_number":21,"context_line":"Logging is currently a missing feature in security-groups. This feature is"},{"line_number":22,"context_line":"necessary for **Operators** (including cloud admin, developer) to"},{"line_number":23,"context_line":"troubleshoot easier. And the tenants need to make sure their security-groups"},{"line_number":24,"context_line":"works as expected, and to assess what kinds of events/packets went through"},{"line_number":25,"context_line":"their security-groups or were dropped."},{"line_number":26,"context_line":""}],"source_content_type":"text/x-rst","patch_set":27,"id":"da85f559_ad92e1f4","line":23,"in_reply_to":"da85f559_ffe0a1fc","updated":"2015-11-13 13:43:24.000000000","message":"Done","commit_id":"98af4c82b181f465d18f9a04a3bff130c4e5a62d"},{"author":{"_account_id":17776,"name":"Reedip","email":"reedip.banerjee@gmail.com","username":"Reedip"},"change_message_id":"a8321e33eefec0e1065c3fb7e88f7244a99c6ae1","unresolved":false,"context_lines":[{"line_number":21,"context_line":"Logging is currently a missing feature in security-groups. This feature is"},{"line_number":22,"context_line":"necessary for **Operators** (including cloud admin, developer) to"},{"line_number":23,"context_line":"troubleshoot easier. And the tenants need to make sure their security-groups"},{"line_number":24,"context_line":"works as expected, and to assess what kinds of events/packets went through"},{"line_number":25,"context_line":"their security-groups or were dropped."},{"line_number":26,"context_line":""},{"line_number":27,"context_line":""}],"source_content_type":"text/x-rst","patch_set":27,"id":"da85f559_bfca196d","line":24,"updated":"2015-11-13 02:51:30.000000000","message":"works -\u003e work ( as security-groups has been made plural)","commit_id":"98af4c82b181f465d18f9a04a3bff130c4e5a62d"},{"author":{"_account_id":13702,"name":"yushiro","username":"yushiro","inactive":true},"change_message_id":"9539971e97f240e3d6c973ec8b67931a99a2a4f2","unresolved":false,"context_lines":[{"line_number":21,"context_line":"Logging is currently a missing feature in security-groups. This feature is"},{"line_number":22,"context_line":"necessary for **Operators** (including cloud admin, developer) to"},{"line_number":23,"context_line":"troubleshoot easier. And the tenants need to make sure their security-groups"},{"line_number":24,"context_line":"works as expected, and to assess what kinds of events/packets went through"},{"line_number":25,"context_line":"their security-groups or were dropped."},{"line_number":26,"context_line":""},{"line_number":27,"context_line":""}],"source_content_type":"text/x-rst","patch_set":27,"id":"da85f559_cd8f25cb","line":24,"in_reply_to":"da85f559_bfca196d","updated":"2015-11-13 13:43:24.000000000","message":"Done","commit_id":"98af4c82b181f465d18f9a04a3bff130c4e5a62d"},{"author":{"_account_id":17776,"name":"Reedip","email":"reedip.banerjee@gmail.com","username":"Reedip"},"change_message_id":"a8321e33eefec0e1065c3fb7e88f7244a99c6ae1","unresolved":false,"context_lines":[{"line_number":40,"context_line":""},{"line_number":41,"context_line":"So the objective of this spec is to:"},{"line_number":42,"context_line":""},{"line_number":43,"context_line":"* **Define format and way to collect security groups related events**."},{"line_number":44,"context_line":"* **Define format and way to access these events**."},{"line_number":45,"context_line":""},{"line_number":46,"context_line":""}],"source_content_type":"text/x-rst","patch_set":27,"id":"da85f559_1f87a513","line":43,"updated":"2015-11-13 02:51:30.000000000","message":"nit way -\u003eways","commit_id":"98af4c82b181f465d18f9a04a3bff130c4e5a62d"},{"author":{"_account_id":13702,"name":"yushiro","username":"yushiro","inactive":true},"change_message_id":"9539971e97f240e3d6c973ec8b67931a99a2a4f2","unresolved":false,"context_lines":[{"line_number":40,"context_line":""},{"line_number":41,"context_line":"So the objective of this spec is to:"},{"line_number":42,"context_line":""},{"line_number":43,"context_line":"* **Define format and way to collect security groups related events**."},{"line_number":44,"context_line":"* **Define format and way to access these events**."},{"line_number":45,"context_line":""},{"line_number":46,"context_line":""}],"source_content_type":"text/x-rst","patch_set":27,"id":"da85f559_6dbb9976","line":43,"in_reply_to":"da85f559_1f87a513","updated":"2015-11-13 13:43:24.000000000","message":"Done","commit_id":"98af4c82b181f465d18f9a04a3bff130c4e5a62d"},{"author":{"_account_id":17776,"name":"Reedip","email":"reedip.banerjee@gmail.com","username":"Reedip"},"change_message_id":"a8321e33eefec0e1065c3fb7e88f7244a99c6ae1","unresolved":false,"context_lines":[{"line_number":389,"context_line":""},{"line_number":390,"context_line":"For logging resource::"},{"line_number":391,"context_line":""},{"line_number":392,"context_line":"    neutron logging-create --name \u003clog-resource-name\u003e"},{"line_number":393,"context_line":"                           --resource-type \u003clog-resource-type\u003e"},{"line_number":394,"context_line":"                           [--description logging-resource-description]"},{"line_number":395,"context_line":"    neutron logging-list"}],"source_content_type":"text/x-rst","patch_set":27,"id":"da85f559_bff45987","line":392,"updated":"2015-11-13 02:51:30.000000000","message":"tenant id has been mentioned as RW in Log Resource Model(Line#58), but it is not updated by the CLI as given below.\nIf so, then I think that the tenant ID can be made as RO ( or do you think that the LogResource Object can be transferable between different tenants  ?)","commit_id":"98af4c82b181f465d18f9a04a3bff130c4e5a62d"},{"author":{"_account_id":13702,"name":"yushiro","username":"yushiro","inactive":true},"change_message_id":"9539971e97f240e3d6c973ec8b67931a99a2a4f2","unresolved":false,"context_lines":[{"line_number":389,"context_line":""},{"line_number":390,"context_line":"For logging resource::"},{"line_number":391,"context_line":""},{"line_number":392,"context_line":"    neutron logging-create --name \u003clog-resource-name\u003e"},{"line_number":393,"context_line":"                           --resource-type \u003clog-resource-type\u003e"},{"line_number":394,"context_line":"                           [--description logging-resource-description]"},{"line_number":395,"context_line":"    neutron logging-list"}],"source_content_type":"text/x-rst","patch_set":27,"id":"da85f559_4dba5570","line":392,"in_reply_to":"da85f559_bff45987","updated":"2015-11-13 13:43:24.000000000","message":"Thanks for your reviews, We\u0027ll update Line#58: RW-\u003eRO.","commit_id":"98af4c82b181f465d18f9a04a3bff130c4e5a62d"},{"author":{"_account_id":17776,"name":"Reedip","email":"reedip.banerjee@gmail.com","username":"Reedip"},"change_message_id":"a8321e33eefec0e1065c3fb7e88f7244a99c6ae1","unresolved":false,"context_lines":[{"line_number":420,"context_line":""},{"line_number":421,"context_line":"    neutron security-group-rule-update \u003csg-rule-id\u003e --logging \u003clog-resource-id-or-name\u003e"},{"line_number":422,"context_line":""},{"line_number":423,"context_line":"For dettach sg-rule from logging resource::"},{"line_number":424,"context_line":""},{"line_number":425,"context_line":"    neutron security-group-rule-update \u003csg-rule-id\u003e --no-logging"},{"line_number":426,"context_line":""}],"source_content_type":"text/x-rst","patch_set":27,"id":"da85f559_9fd075f9","line":423,"updated":"2015-11-13 02:51:30.000000000","message":"Nit : dettach -\u003edetach","commit_id":"98af4c82b181f465d18f9a04a3bff130c4e5a62d"},{"author":{"_account_id":13702,"name":"yushiro","username":"yushiro","inactive":true},"change_message_id":"9539971e97f240e3d6c973ec8b67931a99a2a4f2","unresolved":false,"context_lines":[{"line_number":420,"context_line":""},{"line_number":421,"context_line":"    neutron security-group-rule-update \u003csg-rule-id\u003e --logging \u003clog-resource-id-or-name\u003e"},{"line_number":422,"context_line":""},{"line_number":423,"context_line":"For dettach sg-rule from logging resource::"},{"line_number":424,"context_line":""},{"line_number":425,"context_line":"    neutron security-group-rule-update \u003csg-rule-id\u003e --no-logging"},{"line_number":426,"context_line":""}],"source_content_type":"text/x-rst","patch_set":27,"id":"da85f559_edaf8929","line":423,"in_reply_to":"da85f559_9fd075f9","updated":"2015-11-13 13:43:24.000000000","message":"Done","commit_id":"98af4c82b181f465d18f9a04a3bff130c4e5a62d"},{"author":{"_account_id":841,"name":"Akihiro Motoki","email":"amotoki@gmail.com","username":"amotoki"},"change_message_id":"ba6fec33d65375d3c021ae70a6d6403a347720b5","unresolved":false,"context_lines":[{"line_number":22,"context_line":"necessary for **Operators** (including cloud admin, developer) to"},{"line_number":23,"context_line":"troubleshoot any issues easily. And the tenants need to make sure their"},{"line_number":24,"context_line":"security-groups work as expected, and to assess what kinds of events/packets"},{"line_number":25,"context_line":"went through their security-groups or were dropped."},{"line_number":26,"context_line":""},{"line_number":27,"context_line":""},{"line_number":28,"context_line":"Proposed Change"}],"source_content_type":"text/x-rst","patch_set":28,"id":"da85f559_9d0b5d7d","line":25,"updated":"2015-11-15 08:18:20.000000000","message":"Let me clarify. Is the proposed API exposed to regular users?\nIs it a part of the scope of this proposal?\n\nI am asking it because we need more considerations including security  if we expose the API to regular users.\n\nIn the first sentence, \"operators\" is emphasized but the second sentense seems to talk about regular users.","commit_id":"4cd75dcbef4bb0e3bc39e8adcc2ea3839ada5945"},{"author":{"_account_id":13702,"name":"yushiro","username":"yushiro","inactive":true},"change_message_id":"db990b6be31a67541032d0ba19a88324c985377c","unresolved":false,"context_lines":[{"line_number":22,"context_line":"necessary for **Operators** (including cloud admin, developer) to"},{"line_number":23,"context_line":"troubleshoot any issues easily. And the tenants need to make sure their"},{"line_number":24,"context_line":"security-groups work as expected, and to assess what kinds of events/packets"},{"line_number":25,"context_line":"went through their security-groups or were dropped."},{"line_number":26,"context_line":""},{"line_number":27,"context_line":""},{"line_number":28,"context_line":"Proposed Change"}],"source_content_type":"text/x-rst","patch_set":28,"id":"ba8a016a_9b4dbe74","line":25,"in_reply_to":"da85f559_9d0b5d7d","updated":"2015-11-17 08:59:42.000000000","message":"\u003eIs the proposed API exposed to regular users? Is it a part of the scope of this proposal?\nAs We mentioned in L#13,#14 that the scope of this proposal is to propose an API exposed to Operators.  I\u0027ll remove 2nd sentense.\n\n\u003e In the first sentence, \"operators\" is emphasized but the second sentense seems to talk about regular users.\nYes. You\u0027re right.","commit_id":"4cd75dcbef4bb0e3bc39e8adcc2ea3839ada5945"},{"author":{"_account_id":6524,"name":"Henry Gessau","email":"HenryG@gessau.net","username":"gessau"},"change_message_id":"68d9816906c57465d9806411fdf04425473c85e8","unresolved":false,"context_lines":[{"line_number":22,"context_line":"necessary for **Operators** (including cloud admin, developer) to"},{"line_number":23,"context_line":"troubleshoot any issues easily. And the tenants need to make sure their"},{"line_number":24,"context_line":"security-groups work as expected, and to assess what kinds of events/packets"},{"line_number":25,"context_line":"went through their security-groups or were dropped."},{"line_number":26,"context_line":""},{"line_number":27,"context_line":""},{"line_number":28,"context_line":"Proposed Change"}],"source_content_type":"text/x-rst","patch_set":28,"id":"da85f559_a69bae65","line":25,"in_reply_to":"da85f559_9d0b5d7d","updated":"2015-11-15 14:00:33.000000000","message":"Also, if I understand correctly, this feature involves copying data from some (it is not clear which) system logs and returning that data via the API. If the API is exposed to regular users we must consider the operational security implications. Can we be sure that hypervisor log data does not contain exploitable information?","commit_id":"4cd75dcbef4bb0e3bc39e8adcc2ea3839ada5945"},{"author":{"_account_id":13702,"name":"yushiro","username":"yushiro","inactive":true},"change_message_id":"db990b6be31a67541032d0ba19a88324c985377c","unresolved":false,"context_lines":[{"line_number":22,"context_line":"necessary for **Operators** (including cloud admin, developer) to"},{"line_number":23,"context_line":"troubleshoot any issues easily. And the tenants need to make sure their"},{"line_number":24,"context_line":"security-groups work as expected, and to assess what kinds of events/packets"},{"line_number":25,"context_line":"went through their security-groups or were dropped."},{"line_number":26,"context_line":""},{"line_number":27,"context_line":""},{"line_number":28,"context_line":"Proposed Change"}],"source_content_type":"text/x-rst","patch_set":28,"id":"ba8a016a_bb520212","line":25,"in_reply_to":"da85f559_a69bae65","updated":"2015-11-17 08:59:42.000000000","message":"Thank you, Henry.  This is out of the scope of this spec.  We\u0027ll consider to expose API for regular users in next step.","commit_id":"4cd75dcbef4bb0e3bc39e8adcc2ea3839ada5945"},{"author":{"_account_id":841,"name":"Akihiro Motoki","email":"amotoki@gmail.com","username":"amotoki"},"change_message_id":"ba6fec33d65375d3c021ae70a6d6403a347720b5","unresolved":false,"context_lines":[{"line_number":36,"context_line":"* Capture security events when they occur, ideally we\u0027d funnel events to"},{"line_number":37,"context_line":"  a central location."},{"line_number":38,"context_line":"* Expose a way to the user to consume this events, ideally remotely via a"},{"line_number":39,"context_line":"  well defined API."},{"line_number":40,"context_line":""},{"line_number":41,"context_line":"So the objective of this spec is to:"},{"line_number":42,"context_line":""}],"source_content_type":"text/x-rst","patch_set":28,"id":"da85f559_3ded91b7","line":39,"updated":"2015-11-15 08:18:20.000000000","message":"Is the second point a scope of this proposal?","commit_id":"4cd75dcbef4bb0e3bc39e8adcc2ea3839ada5945"},{"author":{"_account_id":13702,"name":"yushiro","username":"yushiro","inactive":true},"change_message_id":"db990b6be31a67541032d0ba19a88324c985377c","unresolved":false,"context_lines":[{"line_number":36,"context_line":"* Capture security events when they occur, ideally we\u0027d funnel events to"},{"line_number":37,"context_line":"  a central location."},{"line_number":38,"context_line":"* Expose a way to the user to consume this events, ideally remotely via a"},{"line_number":39,"context_line":"  well defined API."},{"line_number":40,"context_line":""},{"line_number":41,"context_line":"So the objective of this spec is to:"},{"line_number":42,"context_line":""}],"source_content_type":"text/x-rst","patch_set":28,"id":"ba8a016a_db4b4658","line":39,"in_reply_to":"da85f559_3ded91b7","updated":"2015-11-17 08:59:42.000000000","message":"The second point a scope of this proposal is for Operators. We will update (s/user/operator) in next revision.","commit_id":"4cd75dcbef4bb0e3bc39e8adcc2ea3839ada5945"},{"author":{"_account_id":4656,"name":"Sean M. Collins","email":"sean@coreitpro.com","username":"scollins"},"change_message_id":"2503645aa161f5c00639b395ba378e4926bba5f6","unresolved":false,"context_lines":[{"line_number":103,"context_line":"+-----------------+-------+------+-------+-----------+-------------------------+"},{"line_number":104,"context_line":"|log_level        |string |RW    |N/A    |enum       |Log levels               |"},{"line_number":105,"context_line":"+-----------------+-------+------+-------+-----------+-------------------------+"},{"line_number":106,"context_line":""},{"line_number":107,"context_line":""},{"line_number":108,"context_line":"The SecurityGroupRuleLogging model has the following attributes:"},{"line_number":109,"context_line":""}],"source_content_type":"text/x-rst","patch_set":28,"id":"da85f559_4fceb75b","line":106,"updated":"2015-11-13 17:10:01.000000000","message":"This looks good. Once you start coding, take a look at the following doc from SQLAlchemy, since it makes this very easy.\n\nhttp://docs.sqlalchemy.org/en/rel_1_0/orm/extensions/declarative/inheritance.html#joined-table-inheritance","commit_id":"4cd75dcbef4bb0e3bc39e8adcc2ea3839ada5945"},{"author":{"_account_id":13702,"name":"yushiro","username":"yushiro","inactive":true},"change_message_id":"db990b6be31a67541032d0ba19a88324c985377c","unresolved":false,"context_lines":[{"line_number":103,"context_line":"+-----------------+-------+------+-------+-----------+-------------------------+"},{"line_number":104,"context_line":"|log_level        |string |RW    |N/A    |enum       |Log levels               |"},{"line_number":105,"context_line":"+-----------------+-------+------+-------+-----------+-------------------------+"},{"line_number":106,"context_line":""},{"line_number":107,"context_line":""},{"line_number":108,"context_line":"The SecurityGroupRuleLogging model has the following attributes:"},{"line_number":109,"context_line":""}],"source_content_type":"text/x-rst","patch_set":28,"id":"ba8a016a_7bb01af5","line":106,"in_reply_to":"da85f559_4fceb75b","updated":"2015-11-17 08:59:42.000000000","message":"Thank you very much. :)","commit_id":"4cd75dcbef4bb0e3bc39e8adcc2ea3839ada5945"},{"author":{"_account_id":4656,"name":"Sean M. Collins","email":"sean@coreitpro.com","username":"scollins"},"change_message_id":"2503645aa161f5c00639b395ba378e4926bba5f6","unresolved":false,"context_lines":[{"line_number":180,"context_line":"                             })"},{"line_number":181,"context_line":"        }"},{"line_number":182,"context_line":"    }"},{"line_number":183,"context_line":"    EXTENDED_ATTRIBUTES_2_0 \u003d {"},{"line_number":184,"context_line":"            \u0027security_group_rules\u0027: {"},{"line_number":185,"context_line":"                \u0027log_resource_id\u0027: {"},{"line_number":186,"context_line":"                    \u0027allow_post\u0027: True, \u0027allow_put\u0027: True,"}],"source_content_type":"text/x-rst","patch_set":28,"id":"da85f559_efda0b17","line":183,"updated":"2015-11-13 17:10:01.000000000","message":"No, do not change the Security Group API in any way. If you want to log a security group rule, you need to keep that association within your own API endpoint. I thought that was the point of the SecurityGroupLogging model?","commit_id":"4cd75dcbef4bb0e3bc39e8adcc2ea3839ada5945"},{"author":{"_account_id":13702,"name":"yushiro","username":"yushiro","inactive":true},"change_message_id":"db990b6be31a67541032d0ba19a88324c985377c","unresolved":false,"context_lines":[{"line_number":180,"context_line":"                             })"},{"line_number":181,"context_line":"        }"},{"line_number":182,"context_line":"    }"},{"line_number":183,"context_line":"    EXTENDED_ATTRIBUTES_2_0 \u003d {"},{"line_number":184,"context_line":"            \u0027security_group_rules\u0027: {"},{"line_number":185,"context_line":"                \u0027log_resource_id\u0027: {"},{"line_number":186,"context_line":"                    \u0027allow_post\u0027: True, \u0027allow_put\u0027: True,"}],"source_content_type":"text/x-rst","patch_set":28,"id":"ba8a016a_9bb61edb","line":183,"in_reply_to":"da85f559_efda0b17","updated":"2015-11-17 08:59:42.000000000","message":"We\u0027ll update specs follow your comments.","commit_id":"4cd75dcbef4bb0e3bc39e8adcc2ea3839ada5945"},{"author":{"_account_id":841,"name":"Akihiro Motoki","email":"amotoki@gmail.com","username":"amotoki"},"change_message_id":"ba6fec33d65375d3c021ae70a6d6403a347720b5","unresolved":false,"context_lines":[{"line_number":210,"context_line":"+-----------------+-------------------------------------------------+-------+"},{"line_number":211,"context_line":"|rsyslog          |/logging/{log-resource-id}/rsyslogs              |GET    |"},{"line_number":212,"context_line":"+-----------------+-------------------------------------------------+-------+"},{"line_number":213,"context_line":"|rsyslog          |/logging/{log-resource-id}/rsyslogs/{rsyslog-id} |DELETE |"},{"line_number":214,"context_line":"+-----------------+-------------------------------------------------+-------+"},{"line_number":215,"context_line":""},{"line_number":216,"context_line":""}],"source_content_type":"text/x-rst","patch_set":28,"id":"da85f559_1d20cdf6","line":213,"updated":"2015-11-15 08:18:20.000000000","message":"I cannot understand why we need to define implementation-specific URL path in the API. The API path should be implementation neutral.\n\nIn my understanding, rsyslog related configuration is a thing configured through a configuration file because it is determined by a deployment. Could you elaborate more about why we need to configure rsyslog log driver via the API?","commit_id":"4cd75dcbef4bb0e3bc39e8adcc2ea3839ada5945"},{"author":{"_account_id":13702,"name":"yushiro","username":"yushiro","inactive":true},"change_message_id":"a853eed065ceec59536bfbe21ca52a59c15cf517","unresolved":false,"context_lines":[{"line_number":210,"context_line":"+-----------------+-------------------------------------------------+-------+"},{"line_number":211,"context_line":"|rsyslog          |/logging/{log-resource-id}/rsyslogs              |GET    |"},{"line_number":212,"context_line":"+-----------------+-------------------------------------------------+-------+"},{"line_number":213,"context_line":"|rsyslog          |/logging/{log-resource-id}/rsyslogs/{rsyslog-id} |DELETE |"},{"line_number":214,"context_line":"+-----------------+-------------------------------------------------+-------+"},{"line_number":215,"context_line":""},{"line_number":216,"context_line":""}],"source_content_type":"text/x-rst","patch_set":28,"id":"ba8a016a_387698a4","line":213,"in_reply_to":"ba8a016a_08eadf0f","updated":"2015-11-19 11:34:57.000000000","message":"Thanks for your suggestion,  Akihiro.  I\u0027ve discussed with An-san and we\u0027ve decided to agree with your following suggestion:\n\n* /logging/security-groups/{id}\n\nI\u0027ll change security-groups to secuirty-group-logs but I\u0027m not sure.  Would you please give some feedback?","commit_id":"4cd75dcbef4bb0e3bc39e8adcc2ea3839ada5945"},{"author":{"_account_id":841,"name":"Akihiro Motoki","email":"amotoki@gmail.com","username":"amotoki"},"change_message_id":"8d22c09ff676b8e3b141b7c7793b52b867704f77","unresolved":false,"context_lines":[{"line_number":210,"context_line":"+-----------------+-------------------------------------------------+-------+"},{"line_number":211,"context_line":"|rsyslog          |/logging/{log-resource-id}/rsyslogs              |GET    |"},{"line_number":212,"context_line":"+-----------------+-------------------------------------------------+-------+"},{"line_number":213,"context_line":"|rsyslog          |/logging/{log-resource-id}/rsyslogs/{rsyslog-id} |DELETE |"},{"line_number":214,"context_line":"+-----------------+-------------------------------------------------+-------+"},{"line_number":215,"context_line":""},{"line_number":216,"context_line":""}],"source_content_type":"text/x-rst","patch_set":28,"id":"ba8a016a_08eadf0f","line":213,"in_reply_to":"ba8a016a_6fecd4c7","updated":"2015-11-17 09:59:26.000000000","message":"\"/v2.0/logging/{id}/targets\" may be redundant.\n\nI try to list possible options for more productive discussion.\n\n/logging/security-groups/{id}\n\n- The idea is to have a type-specific path in the second level. In this approach, we can define a strict schema in API.\n- If we want to add more types, the path would be /logging/\u003cnew-type\u003e/{id}.\n\n/logging/{id}\n\n- this resource takes \u0027type\u0027 and \u0027filters\u0027 as I mentioned in the above comment.\n- In this case, the schema of API body varies across target types and we cannot define a strict API schema. This is a demerit of this approach.\n- If you want to add more types like \u0027firewall\u0027, you can define a new type. Some driver mechanism would be nice.","commit_id":"4cd75dcbef4bb0e3bc39e8adcc2ea3839ada5945"},{"author":{"_account_id":841,"name":"Akihiro Motoki","email":"amotoki@gmail.com","username":"amotoki"},"change_message_id":"aead58c29f04d0f10bea33a9356dc165dcdbec47","unresolved":false,"context_lines":[{"line_number":210,"context_line":"+-----------------+-------------------------------------------------+-------+"},{"line_number":211,"context_line":"|rsyslog          |/logging/{log-resource-id}/rsyslogs              |GET    |"},{"line_number":212,"context_line":"+-----------------+-------------------------------------------------+-------+"},{"line_number":213,"context_line":"|rsyslog          |/logging/{log-resource-id}/rsyslogs/{rsyslog-id} |DELETE |"},{"line_number":214,"context_line":"+-----------------+-------------------------------------------------+-------+"},{"line_number":215,"context_line":""},{"line_number":216,"context_line":""}],"source_content_type":"text/x-rst","patch_set":28,"id":"ba8a016a_6fecd4c7","line":213,"in_reply_to":"ba8a016a_b4a0cff5","updated":"2015-11-17 09:27:26.000000000","message":"I haven\u0027t fully understood your proposal.\nWe need more specific body to discuss the detail.\n\nI have another idea to use \"/v2.0/logging/{id}/targets\"\nwhich is generic than yours, and the body would be:\n\n  {\u0027target\u0027:\n    {\u0027type\u0027: \u0027security-group\u0027,\n     \u0027filter\u0027: {\n        // All parameters are optional(?) or\n        // some parameters can be mandatory.\n        // I am not sure at now.\n        \u0027security_group_id\u0027: \u003csg-id\u003e,\n        \u0027security_group_rule_id\u0027: \u003csg-rule-id\u003e,\n        \u0027port_id\u0027: \u003cport-id\u003e\n     }\n  }\n\nIt is very rough sketch of what in my mind.\nI don\u0027t want to stick my idea. Any comment is appreciated.","commit_id":"4cd75dcbef4bb0e3bc39e8adcc2ea3839ada5945"},{"author":{"_account_id":13702,"name":"yushiro","username":"yushiro","inactive":true},"change_message_id":"db990b6be31a67541032d0ba19a88324c985377c","unresolved":false,"context_lines":[{"line_number":210,"context_line":"+-----------------+-------------------------------------------------+-------+"},{"line_number":211,"context_line":"|rsyslog          |/logging/{log-resource-id}/rsyslogs              |GET    |"},{"line_number":212,"context_line":"+-----------------+-------------------------------------------------+-------+"},{"line_number":213,"context_line":"|rsyslog          |/logging/{log-resource-id}/rsyslogs/{rsyslog-id} |DELETE |"},{"line_number":214,"context_line":"+-----------------+-------------------------------------------------+-------+"},{"line_number":215,"context_line":""},{"line_number":216,"context_line":""}],"source_content_type":"text/x-rst","patch_set":28,"id":"ba8a016a_b4a0cff5","line":213,"in_reply_to":"da85f559_1d20cdf6","updated":"2015-11-17 08:59:42.000000000","message":"OK.  Please follow the current idea.  Would you give me some feedback?\n\n* POST   /v2.0/logging/log-resources\n* GET    /v2.0/logging/log-resources\n* GET    /v2.0/logging/log-resources/{log-resource-id}\n* PUT    /v2.0/logging/log-resources/{log-resource-id}\n* DELETE /v2.0/logging/log-resources/{log-resource-id}\n\n* GET    /v2.0/logging/log-driver-types\n\n* POST   /v2.0/logging/{log-resource-id}/security-groups\n* GET    /v2.0/logging/{log-resource-id}/security-groups\n* GET    /v2.0/logging/{log-resource-id}/security-groups/{secgroup-log-id}\n* DELETE /v2.0/logging/{log-resource-id}/security-groups/{secgroup-log-id}\n\n/v2.0/logging/{log-resource-id}/security-groups\n\nWe can specify port_id as well as security-group-id as logging target","commit_id":"4cd75dcbef4bb0e3bc39e8adcc2ea3839ada5945"},{"author":{"_account_id":841,"name":"Akihiro Motoki","email":"amotoki@gmail.com","username":"amotoki"},"change_message_id":"aead58c29f04d0f10bea33a9356dc165dcdbec47","unresolved":false,"context_lines":[{"line_number":215,"context_line":""},{"line_number":216,"context_line":""},{"line_number":217,"context_line":"Use case of LogResource configuration"},{"line_number":218,"context_line":"-------------------------------------"},{"line_number":219,"context_line":""},{"line_number":220,"context_line":"Create log-resource logging request::"},{"line_number":221,"context_line":""}],"source_content_type":"text/x-rst","patch_set":28,"id":"ba8a016a_cf770001","line":218,"updated":"2015-11-17 09:27:26.000000000","message":"I think it is easy for reviewers to understand your proposal\nif you move this section before the DB and API model.","commit_id":"4cd75dcbef4bb0e3bc39e8adcc2ea3839ada5945"},{"author":{"_account_id":13702,"name":"yushiro","username":"yushiro","inactive":true},"change_message_id":"a853eed065ceec59536bfbe21ca52a59c15cf517","unresolved":false,"context_lines":[{"line_number":215,"context_line":""},{"line_number":216,"context_line":""},{"line_number":217,"context_line":"Use case of LogResource configuration"},{"line_number":218,"context_line":"-------------------------------------"},{"line_number":219,"context_line":""},{"line_number":220,"context_line":"Create log-resource logging request::"},{"line_number":221,"context_line":""}],"source_content_type":"text/x-rst","patch_set":28,"id":"ba8a016a_15159d47","line":218,"in_reply_to":"ba8a016a_cf770001","updated":"2015-11-19 11:34:57.000000000","message":"Done","commit_id":"4cd75dcbef4bb0e3bc39e8adcc2ea3839ada5945"},{"author":{"_account_id":841,"name":"Akihiro Motoki","email":"amotoki@gmail.com","username":"amotoki"},"change_message_id":"ba6fec33d65375d3c021ae70a6d6403a347720b5","unresolved":false,"context_lines":[{"line_number":255,"context_line":""},{"line_number":256,"context_line":"Create logging driver::"},{"line_number":257,"context_line":""},{"line_number":258,"context_line":"        POST /v2.0/logging/46ebaec0-0570-43ac-82f6-60d2b03168c4/rsyslogs"},{"line_number":259,"context_line":"        {"},{"line_number":260,"context_line":"            \"rsyslog\": {"},{"line_number":261,"context_line":"                \"tenant_id\":\"8d4c70a21fed4aeba121a1a429ba0d04\","}],"source_content_type":"text/x-rst","patch_set":28,"id":"da85f559_3d1b51cc","line":258,"updated":"2015-11-15 08:18:20.000000000","message":"Is this an admin API?\n\nInstead of creating a log driver under log resource, how about pass a log driver as an attribute when creating a log resource?\n\n  {\u0027log_resource\u0027:\n      {\u0027name\u0027: \u0027sg-log-rules\u0027,\n       \u0027description\u0027: \u0027....\u0027,\n       \u0027driver\u0027: \u0027rsyslog\u0027}\n  }\n\nI haven\u0027t understood why we need to configure a rsyslog driver per log resource. I think rsyslog configuration is determined by a deployment. Even though there are several possible configurations, it will be determined in advance when neutron is deployed.\n\nI think we can use a similar approach used in Cinder to define volume back-ends.","commit_id":"4cd75dcbef4bb0e3bc39e8adcc2ea3839ada5945"},{"author":{"_account_id":13702,"name":"yushiro","username":"yushiro","inactive":true},"change_message_id":"db990b6be31a67541032d0ba19a88324c985377c","unresolved":false,"context_lines":[{"line_number":255,"context_line":""},{"line_number":256,"context_line":"Create logging driver::"},{"line_number":257,"context_line":""},{"line_number":258,"context_line":"        POST /v2.0/logging/46ebaec0-0570-43ac-82f6-60d2b03168c4/rsyslogs"},{"line_number":259,"context_line":"        {"},{"line_number":260,"context_line":"            \"rsyslog\": {"},{"line_number":261,"context_line":"                \"tenant_id\":\"8d4c70a21fed4aeba121a1a429ba0d04\","}],"source_content_type":"text/x-rst","patch_set":28,"id":"ba8a016a_997946ff","line":258,"in_reply_to":"da85f559_3d1b51cc","updated":"2015-11-17 08:59:42.000000000","message":"Yes. This is an admin API.","commit_id":"4cd75dcbef4bb0e3bc39e8adcc2ea3839ada5945"},{"author":{"_account_id":841,"name":"Akihiro Motoki","email":"amotoki@gmail.com","username":"amotoki"},"change_message_id":"ba6fec33d65375d3c021ae70a6d6403a347720b5","unresolved":false,"context_lines":[{"line_number":278,"context_line":"        }"},{"line_number":279,"context_line":""},{"line_number":280,"context_line":""},{"line_number":281,"context_line":"Attach security group rule to logging resource::"},{"line_number":282,"context_line":""},{"line_number":283,"context_line":"        PUT /v2.0/security-group-rules/e30abd17-fef9-4739-8617-dc26da88e686"},{"line_number":284,"context_line":"        {"}],"source_content_type":"text/x-rst","patch_set":28,"id":"da85f559_ddc6c515","line":281,"updated":"2015-11-15 08:18:20.000000000","message":"I would like to have more flexible way to enable logging for security groups. For example, as an operator or a regular user, I would like to log:\n\n- (1) events of a specific security group applied to a specific neutron port (i.e., instance)\n- (2) events of a specific sg rule applied to a specific neutron port (i.e., instance)\n- (3) events of a specific security group of all ports\n- (4) events of a specific sg rule of all ports\n- (5) all security group related events of a specific neutron port\n- (6) all security group related events in a tenant\n\nMultiple security groups can be applied to a neutron port, so I think (5) is most useful and (1) is the second. (6) might be useful too.\n\nThought?","commit_id":"4cd75dcbef4bb0e3bc39e8adcc2ea3839ada5945"},{"author":{"_account_id":13702,"name":"yushiro","username":"yushiro","inactive":true},"change_message_id":"db990b6be31a67541032d0ba19a88324c985377c","unresolved":false,"context_lines":[{"line_number":278,"context_line":"        }"},{"line_number":279,"context_line":""},{"line_number":280,"context_line":""},{"line_number":281,"context_line":"Attach security group rule to logging resource::"},{"line_number":282,"context_line":""},{"line_number":283,"context_line":"        PUT /v2.0/security-group-rules/e30abd17-fef9-4739-8617-dc26da88e686"},{"line_number":284,"context_line":"        {"}],"source_content_type":"text/x-rst","patch_set":28,"id":"ba8a016a_f97412fe","line":281,"in_reply_to":"da85f559_ddc6c515","updated":"2015-11-17 08:59:42.000000000","message":"Sure. We\u0027ll update.","commit_id":"4cd75dcbef4bb0e3bc39e8adcc2ea3839ada5945"},{"author":{"_account_id":4656,"name":"Sean M. Collins","email":"sean@coreitpro.com","username":"scollins"},"change_message_id":"2503645aa161f5c00639b395ba378e4926bba5f6","unresolved":false,"context_lines":[{"line_number":280,"context_line":""},{"line_number":281,"context_line":"Attach security group rule to logging resource::"},{"line_number":282,"context_line":""},{"line_number":283,"context_line":"        PUT /v2.0/security-group-rules/e30abd17-fef9-4739-8617-dc26da88e686"},{"line_number":284,"context_line":"        {"},{"line_number":285,"context_line":"            \"security_group_rule\": {"},{"line_number":286,"context_line":"                \"log_resource_id\": \"46ebaec0-0570-43ac-82f6-60d2b03168c4\""}],"source_content_type":"text/x-rst","patch_set":28,"id":"da85f559_0fd8af1c","line":283,"updated":"2015-11-13 17:10:01.000000000","message":"No, I do not want us adding new attributes to the security-group API endpoint. Keep this under the /v2.0/logging API endpoint.","commit_id":"4cd75dcbef4bb0e3bc39e8adcc2ea3839ada5945"},{"author":{"_account_id":7787,"name":"Kevin Benton","email":"kevin@benton.pub","username":"blak111"},"change_message_id":"560f24fefdf6b2f7db48d90afbf56919d9de842a","unresolved":false,"context_lines":[{"line_number":280,"context_line":""},{"line_number":281,"context_line":"Attach security group rule to logging resource::"},{"line_number":282,"context_line":""},{"line_number":283,"context_line":"        PUT /v2.0/security-group-rules/e30abd17-fef9-4739-8617-dc26da88e686"},{"line_number":284,"context_line":"        {"},{"line_number":285,"context_line":"            \"security_group_rule\": {"},{"line_number":286,"context_line":"                \"log_resource_id\": \"46ebaec0-0570-43ac-82f6-60d2b03168c4\""}],"source_content_type":"text/x-rst","patch_set":28,"id":"da85f559_497b0a7c","line":283,"in_reply_to":"da85f559_0fd8af1c","updated":"2015-11-13 21:38:33.000000000","message":"+1. Keeping logging a top-level API that handles all things logging keeps things nicely separated.","commit_id":"4cd75dcbef4bb0e3bc39e8adcc2ea3839ada5945"},{"author":{"_account_id":841,"name":"Akihiro Motoki","email":"amotoki@gmail.com","username":"amotoki"},"change_message_id":"ba6fec33d65375d3c021ae70a6d6403a347720b5","unresolved":false,"context_lines":[{"line_number":280,"context_line":""},{"line_number":281,"context_line":"Attach security group rule to logging resource::"},{"line_number":282,"context_line":""},{"line_number":283,"context_line":"        PUT /v2.0/security-group-rules/e30abd17-fef9-4739-8617-dc26da88e686"},{"line_number":284,"context_line":"        {"},{"line_number":285,"context_line":"            \"security_group_rule\": {"},{"line_number":286,"context_line":"                \"log_resource_id\": \"46ebaec0-0570-43ac-82f6-60d2b03168c4\""}],"source_content_type":"text/x-rst","patch_set":28,"id":"da85f559_dd7805fb","line":283,"in_reply_to":"da85f559_497b0a7c","updated":"2015-11-15 08:18:20.000000000","message":"+1. I think it is better to add security-group-rule to a log-resource created above.","commit_id":"4cd75dcbef4bb0e3bc39e8adcc2ea3839ada5945"},{"author":{"_account_id":13702,"name":"yushiro","username":"yushiro","inactive":true},"change_message_id":"db990b6be31a67541032d0ba19a88324c985377c","unresolved":false,"context_lines":[{"line_number":280,"context_line":""},{"line_number":281,"context_line":"Attach security group rule to logging resource::"},{"line_number":282,"context_line":""},{"line_number":283,"context_line":"        PUT /v2.0/security-group-rules/e30abd17-fef9-4739-8617-dc26da88e686"},{"line_number":284,"context_line":"        {"},{"line_number":285,"context_line":"            \"security_group_rule\": {"},{"line_number":286,"context_line":"                \"log_resource_id\": \"46ebaec0-0570-43ac-82f6-60d2b03168c4\""}],"source_content_type":"text/x-rst","patch_set":28,"id":"ba8a016a_595afe84","line":283,"in_reply_to":"da85f559_dd7805fb","updated":"2015-11-17 08:59:42.000000000","message":"@Sean, Kevin and Akihiro,\n\nYes, we\u0027ll update following your comments.","commit_id":"4cd75dcbef4bb0e3bc39e8adcc2ea3839ada5945"},{"author":{"_account_id":841,"name":"Akihiro Motoki","email":"amotoki@gmail.com","username":"amotoki"},"change_message_id":"ba6fec33d65375d3c021ae70a6d6403a347720b5","unresolved":false,"context_lines":[{"line_number":368,"context_line":""},{"line_number":369,"context_line":"Allowing for packet logs and/or traffic logs should exposed additional"},{"line_number":370,"context_line":"threats (e.g. eavesdropping). Therefore, we have to care the policy check"},{"line_number":371,"context_line":"and must not be shared between tenants for logging resource."},{"line_number":372,"context_line":""},{"line_number":373,"context_line":""},{"line_number":374,"context_line":"Notifications Impact"}],"source_content_type":"text/x-rst","patch_set":28,"id":"da85f559_9d34bd4a","line":371,"updated":"2015-11-15 08:18:20.000000000","message":"How does this situation happen? This proposal does not expose a way for tenants to retrieve logs.","commit_id":"4cd75dcbef4bb0e3bc39e8adcc2ea3839ada5945"},{"author":{"_account_id":13702,"name":"yushiro","username":"yushiro","inactive":true},"change_message_id":"db990b6be31a67541032d0ba19a88324c985377c","unresolved":false,"context_lines":[{"line_number":368,"context_line":""},{"line_number":369,"context_line":"Allowing for packet logs and/or traffic logs should exposed additional"},{"line_number":370,"context_line":"threats (e.g. eavesdropping). Therefore, we have to care the policy check"},{"line_number":371,"context_line":"and must not be shared between tenants for logging resource."},{"line_number":372,"context_line":""},{"line_number":373,"context_line":""},{"line_number":374,"context_line":"Notifications Impact"}],"source_content_type":"text/x-rst","patch_set":28,"id":"ba8a016a_1955564f","line":371,"in_reply_to":"da85f559_9d34bd4a","updated":"2015-11-17 08:59:42.000000000","message":"Yes.  So, this paragraph should be removed.","commit_id":"4cd75dcbef4bb0e3bc39e8adcc2ea3839ada5945"},{"author":{"_account_id":841,"name":"Akihiro Motoki","email":"amotoki@gmail.com","username":"amotoki"},"change_message_id":"ba6fec33d65375d3c021ae70a6d6403a347720b5","unresolved":false,"context_lines":[{"line_number":401,"context_line":""},{"line_number":402,"context_line":"List available driver types::"},{"line_number":403,"context_line":""},{"line_number":404,"context_line":"    neutron logging-available-driver-types"},{"line_number":405,"context_line":""},{"line_number":406,"context_line":"For rsyslog logging driver::"},{"line_number":407,"context_line":""}],"source_content_type":"text/x-rst","patch_set":28,"id":"da85f559_bdd3c1d4","line":404,"updated":"2015-11-15 08:18:20.000000000","message":"logging-driver-type-list?","commit_id":"4cd75dcbef4bb0e3bc39e8adcc2ea3839ada5945"},{"author":{"_account_id":13702,"name":"yushiro","username":"yushiro","inactive":true},"change_message_id":"db990b6be31a67541032d0ba19a88324c985377c","unresolved":false,"context_lines":[{"line_number":401,"context_line":""},{"line_number":402,"context_line":"List available driver types::"},{"line_number":403,"context_line":""},{"line_number":404,"context_line":"    neutron logging-available-driver-types"},{"line_number":405,"context_line":""},{"line_number":406,"context_line":"For rsyslog logging driver::"},{"line_number":407,"context_line":""}],"source_content_type":"text/x-rst","patch_set":28,"id":"ba8a016a_79d6e2c6","line":404,"in_reply_to":"da85f559_bdd3c1d4","updated":"2015-11-17 08:59:42.000000000","message":"OK. It\u0027s no problem to use logging-driver-type-list.","commit_id":"4cd75dcbef4bb0e3bc39e8adcc2ea3839ada5945"},{"author":{"_account_id":4656,"name":"Sean M. Collins","email":"sean@coreitpro.com","username":"scollins"},"change_message_id":"64a81ab132822101884e8518b84c484198ae5d57","unresolved":false,"context_lines":[{"line_number":83,"context_line":""},{"line_number":84,"context_line":"Create security group logging::"},{"line_number":85,"context_line":""},{"line_number":86,"context_line":"        POST /v2.0/logging/security-group-logs/46ebaec0-0570-43ac-82f6-60d2b03168c4"},{"line_number":87,"context_line":"        {"},{"line_number":88,"context_line":"            \"security_group_log\": {"},{"line_number":89,"context_line":"                \"port_id\": \"f316e55d-5164-46c7-aee2-46c709983504\","}],"source_content_type":"text/x-rst","patch_set":29,"id":"ba8a016a_07d23328","line":86,"updated":"2015-11-19 17:24:28.000000000","message":"Shouldn\u0027t it be\n\nPOST \n\n/v2.0/logging/security-group-logs/\n\nWith the UUID of the log resource in the POST body?","commit_id":"ea1c4822428e01d116a13ced95478ccc9f10da84"},{"author":{"_account_id":13702,"name":"yushiro","username":"yushiro","inactive":true},"change_message_id":"c262ea5f7ff5dfc40a71a5fd64d8755c8c1c1521","unresolved":false,"context_lines":[{"line_number":83,"context_line":""},{"line_number":84,"context_line":"Create security group logging::"},{"line_number":85,"context_line":""},{"line_number":86,"context_line":"        POST /v2.0/logging/security-group-logs/46ebaec0-0570-43ac-82f6-60d2b03168c4"},{"line_number":87,"context_line":"        {"},{"line_number":88,"context_line":"            \"security_group_log\": {"},{"line_number":89,"context_line":"                \"port_id\": \"f316e55d-5164-46c7-aee2-46c709983504\","}],"source_content_type":"text/x-rst","patch_set":29,"id":"ba8a016a_9a5c1f4c","line":86,"in_reply_to":"ba8a016a_07d23328","updated":"2015-11-20 04:11:12.000000000","message":"Yes. You\u0027re right.  I\u0027ll change it.","commit_id":"ea1c4822428e01d116a13ced95478ccc9f10da84"},{"author":{"_account_id":4656,"name":"Sean M. Collins","email":"sean@coreitpro.com","username":"scollins"},"change_message_id":"05958870c8e77f76dec2b18477d34a7de507f121","unresolved":false,"context_lines":[{"line_number":307,"context_line":"Security Impact"},{"line_number":308,"context_line":"---------------"},{"line_number":309,"context_line":""},{"line_number":310,"context_line":"None"},{"line_number":311,"context_line":""},{"line_number":312,"context_line":"Notifications Impact"},{"line_number":313,"context_line":"--------------------"}],"source_content_type":"text/x-rst","patch_set":30,"id":"ba8a016a_fdb41e83","line":310,"updated":"2015-11-20 18:57:40.000000000","message":"If this API is going to be operator only - please discuss that the REST API will only be accessible to users who have the admin privilege","commit_id":"2170243693142640ad603463371692cab929ae54"},{"author":{"_account_id":13702,"name":"yushiro","username":"yushiro","inactive":true},"change_message_id":"1d5392570c169601fc05fe9dfb812334a38cf408","unresolved":false,"context_lines":[{"line_number":307,"context_line":"Security Impact"},{"line_number":308,"context_line":"---------------"},{"line_number":309,"context_line":""},{"line_number":310,"context_line":"None"},{"line_number":311,"context_line":""},{"line_number":312,"context_line":"Notifications Impact"},{"line_number":313,"context_line":"--------------------"}],"source_content_type":"text/x-rst","patch_set":30,"id":"9a8ffd7b_8326c066","line":310,"in_reply_to":"9a8ffd7b_c122a4b9","updated":"2015-11-25 04:31:18.000000000","message":"Thank you.  I\u0027ve just updated the spec.  Please confirm it.","commit_id":"2170243693142640ad603463371692cab929ae54"},{"author":{"_account_id":4656,"name":"Sean M. Collins","email":"sean@coreitpro.com","username":"scollins"},"change_message_id":"5f2909ee9b05804e2b754ee9ee13037f6447dec7","unresolved":false,"context_lines":[{"line_number":307,"context_line":"Security Impact"},{"line_number":308,"context_line":"---------------"},{"line_number":309,"context_line":""},{"line_number":310,"context_line":"None"},{"line_number":311,"context_line":""},{"line_number":312,"context_line":"Notifications Impact"},{"line_number":313,"context_line":"--------------------"}],"source_content_type":"text/x-rst","patch_set":30,"id":"9a8ffd7b_c122a4b9","line":310,"in_reply_to":"ba8a016a_09c3818a","updated":"2015-11-24 15:25:28.000000000","message":"OK - that sounds sufficient. Let\u0027s update this one last time - I\u0027m ready to approve after this minor addition.","commit_id":"2170243693142640ad603463371692cab929ae54"},{"author":{"_account_id":13702,"name":"yushiro","username":"yushiro","inactive":true},"change_message_id":"9bd38e1e9809d8ba50ac8544a8e9948b2b41091e","unresolved":false,"context_lines":[{"line_number":307,"context_line":"Security Impact"},{"line_number":308,"context_line":"---------------"},{"line_number":309,"context_line":""},{"line_number":310,"context_line":"None"},{"line_number":311,"context_line":""},{"line_number":312,"context_line":"Notifications Impact"},{"line_number":313,"context_line":"--------------------"}],"source_content_type":"text/x-rst","patch_set":30,"id":"ba8a016a_09c3818a","line":310,"in_reply_to":"ba8a016a_7f88cd22","updated":"2015-11-24 08:56:46.000000000","message":"I mean that I\u0027m going to use \"/etc/policy.json\" and control with \"admin_only\" for logging API.","commit_id":"2170243693142640ad603463371692cab929ae54"},{"author":{"_account_id":13702,"name":"yushiro","username":"yushiro","inactive":true},"change_message_id":"024ddd1d3f5084c2039f9a32e6b3e71027cd9f8f","unresolved":false,"context_lines":[{"line_number":307,"context_line":"Security Impact"},{"line_number":308,"context_line":"---------------"},{"line_number":309,"context_line":""},{"line_number":310,"context_line":"None"},{"line_number":311,"context_line":""},{"line_number":312,"context_line":"Notifications Impact"},{"line_number":313,"context_line":"--------------------"}],"source_content_type":"text/x-rst","patch_set":30,"id":"ba8a016a_7f88cd22","line":310,"in_reply_to":"ba8a016a_fdb41e83","updated":"2015-11-23 23:44:30.000000000","message":"Sure.  My understanding is that this API will only be able to use the users who have the admin privilege.\n\nI\u0027m sorry I\u0027m confusing \"operators\" and \"admin privilege\".","commit_id":"2170243693142640ad603463371692cab929ae54"},{"author":{"_account_id":748,"name":"Armando Migliaccio","email":"armamig@gmail.com","username":"armando-migliaccio"},"change_message_id":"0e8fbed1503ebfe41b06f45562de534bc4881242","unresolved":false,"context_lines":[{"line_number":48,"context_line":""},{"line_number":49,"context_line":"List available logging driver types::"},{"line_number":50,"context_line":""},{"line_number":51,"context_line":"        GET /v2.0/logging/log-driver-types"},{"line_number":52,"context_line":""},{"line_number":53,"context_line":"        Response:"},{"line_number":54,"context_line":"        {"}],"source_content_type":"text/x-rst","patch_set":31,"id":"9a8ffd7b_0cd41445","line":51,"updated":"2015-11-25 17:48:59.000000000","message":"why do you want to expose the underlying collection mechanisms if the way to expose events to the users is abstracted out? Did I miss some piece of the conversation?","commit_id":"5263b99db23afd12f22cf8335aa6340d37fbe37a"},{"author":{"_account_id":841,"name":"Akihiro Motoki","email":"amotoki@gmail.com","username":"amotoki"},"change_message_id":"660e2d023e3e95dc4373dcd437369d538fa5aae7","unresolved":false,"context_lines":[{"line_number":48,"context_line":""},{"line_number":49,"context_line":"List available logging driver types::"},{"line_number":50,"context_line":""},{"line_number":51,"context_line":"        GET /v2.0/logging/log-driver-types"},{"line_number":52,"context_line":""},{"line_number":53,"context_line":"        Response:"},{"line_number":54,"context_line":"        {"}],"source_content_type":"text/x-rst","patch_set":31,"id":"9a8ffd7b_166f312c","line":51,"in_reply_to":"9a8ffd7b_0cd41445","updated":"2015-11-26 03:05:58.000000000","message":"In my understanding, this is an API for admin/operators.\nBasically I am a fun of exposing available information which can be specified in the API. On the other hand, based on a discussion on https://bugs.launchpad.net/neutron/+bug/1416179, exposing this kind of information is overspec.","commit_id":"5263b99db23afd12f22cf8335aa6340d37fbe37a"},{"author":{"_account_id":748,"name":"Armando Migliaccio","email":"armamig@gmail.com","username":"armando-migliaccio"},"change_message_id":"c5589610f798c0dfd4c74d5aa7b9dd317f181305","unresolved":false,"context_lines":[{"line_number":48,"context_line":""},{"line_number":49,"context_line":"List available logging driver types::"},{"line_number":50,"context_line":""},{"line_number":51,"context_line":"        GET /v2.0/logging/log-driver-types"},{"line_number":52,"context_line":""},{"line_number":53,"context_line":"        Response:"},{"line_number":54,"context_line":"        {"}],"source_content_type":"text/x-rst","patch_set":31,"id":"9a8ffd7b_de477b49","line":51,"in_reply_to":"9a8ffd7b_166f312c","updated":"2015-11-26 03:42:22.000000000","message":"it probably is :)","commit_id":"5263b99db23afd12f22cf8335aa6340d37fbe37a"},{"author":{"_account_id":13702,"name":"yushiro","username":"yushiro","inactive":true},"change_message_id":"60bf59cf2be3f28134321a881e3d863cbfdb79a1","unresolved":false,"context_lines":[{"line_number":48,"context_line":""},{"line_number":49,"context_line":"List available logging driver types::"},{"line_number":50,"context_line":""},{"line_number":51,"context_line":"        GET /v2.0/logging/log-driver-types"},{"line_number":52,"context_line":""},{"line_number":53,"context_line":"        Response:"},{"line_number":54,"context_line":"        {"}],"source_content_type":"text/x-rst","patch_set":31,"id":"9a8ffd7b_a7b11903","line":51,"in_reply_to":"9a8ffd7b_de477b49","updated":"2015-11-27 14:37:09.000000000","message":"@Armando and Akihiro: \n\nI will remove this as your expected. It\u0027s hard-coded.\nThe list of available log-driver-types is specified in configuration, which as available to admin/operator.","commit_id":"5263b99db23afd12f22cf8335aa6340d37fbe37a"},{"author":{"_account_id":841,"name":"Akihiro Motoki","email":"amotoki@gmail.com","username":"amotoki"},"change_message_id":"660e2d023e3e95dc4373dcd437369d538fa5aae7","unresolved":false,"context_lines":[{"line_number":61,"context_line":""},{"line_number":62,"context_line":"Create log-resource logging request::"},{"line_number":63,"context_line":""},{"line_number":64,"context_line":"        POST /v2.0/logging/log-resources"},{"line_number":65,"context_line":"        {"},{"line_number":66,"context_line":"            \"log_resource\": {"},{"line_number":67,"context_line":"                \"name\": \"sg-log\","}],"source_content_type":"text/x-rst","patch_set":31,"id":"9a8ffd7b_d8c0f32c","line":64,"updated":"2015-11-26 03:05:58.000000000","message":"logging-resource?\n\nIt contains a logging configuration. It is not a log.\nMore input from native speakers would be appreciated.","commit_id":"5263b99db23afd12f22cf8335aa6340d37fbe37a"},{"author":{"_account_id":13702,"name":"yushiro","username":"yushiro","inactive":true},"change_message_id":"60bf59cf2be3f28134321a881e3d863cbfdb79a1","unresolved":false,"context_lines":[{"line_number":61,"context_line":""},{"line_number":62,"context_line":"Create log-resource logging request::"},{"line_number":63,"context_line":""},{"line_number":64,"context_line":"        POST /v2.0/logging/log-resources"},{"line_number":65,"context_line":"        {"},{"line_number":66,"context_line":"            \"log_resource\": {"},{"line_number":67,"context_line":"                \"name\": \"sg-log\","}],"source_content_type":"text/x-rst","patch_set":31,"id":"9a8ffd7b_87cdf586","line":64,"in_reply_to":"9a8ffd7b_d8c0f32c","updated":"2015-11-27 14:37:09.000000000","message":"Yes. So we may keep this name till next revision if no input for this.\n\n* logging-resources","commit_id":"5263b99db23afd12f22cf8335aa6340d37fbe37a"},{"author":{"_account_id":841,"name":"Akihiro Motoki","email":"amotoki@gmail.com","username":"amotoki"},"change_message_id":"660e2d023e3e95dc4373dcd437369d538fa5aae7","unresolved":false,"context_lines":[{"line_number":113,"context_line":""},{"line_number":114,"context_line":"        Response:"},{"line_number":115,"context_line":"        {"},{"line_number":116,"context_line":"            \"log_resource\": {"},{"line_number":117,"context_line":"                \"id\": \"46ebaec0-0570-43ac-82f6-60d2b03168c4\","},{"line_number":118,"context_line":"                \"tenant_id\": \"8d4c70a21fed4aeba121a1a429ba0d04\","},{"line_number":119,"context_line":"                \"name\": \"sg-log\","}],"source_content_type":"text/x-rst","patch_set":31,"id":"9a8ffd7b_58a3a34f","line":116,"updated":"2015-11-26 03:05:58.000000000","message":"log_resource object is intended to be a generic container.\nAt now we only support security group logging, but how about adding read-only \"log_type\" field (\"log_type\": \"security_group\")?\nBy doing so, API consumers expects what field is available. Otherwise, API consumers need to check if a specific field (in this case security_group_log) exists or not.","commit_id":"5263b99db23afd12f22cf8335aa6340d37fbe37a"},{"author":{"_account_id":13702,"name":"yushiro","username":"yushiro","inactive":true},"change_message_id":"60bf59cf2be3f28134321a881e3d863cbfdb79a1","unresolved":false,"context_lines":[{"line_number":113,"context_line":""},{"line_number":114,"context_line":"        Response:"},{"line_number":115,"context_line":"        {"},{"line_number":116,"context_line":"            \"log_resource\": {"},{"line_number":117,"context_line":"                \"id\": \"46ebaec0-0570-43ac-82f6-60d2b03168c4\","},{"line_number":118,"context_line":"                \"tenant_id\": \"8d4c70a21fed4aeba121a1a429ba0d04\","},{"line_number":119,"context_line":"                \"name\": \"sg-log\","}],"source_content_type":"text/x-rst","patch_set":31,"id":"9a8ffd7b_67a571a0","line":116,"in_reply_to":"9a8ffd7b_58a3a34f","updated":"2015-11-27 14:37:09.000000000","message":"Sure. I think it\u0027s reasonable.","commit_id":"5263b99db23afd12f22cf8335aa6340d37fbe37a"},{"author":{"_account_id":841,"name":"Akihiro Motoki","email":"amotoki@gmail.com","username":"amotoki"},"change_message_id":"660e2d023e3e95dc4373dcd437369d538fa5aae7","unresolved":false,"context_lines":[{"line_number":119,"context_line":"                \"name\": \"sg-log\","},{"line_number":120,"context_line":"                \"description\": \"Log for security group\","},{"line_number":121,"context_line":"                \"log_driver\": \"rsyslog\","},{"line_number":122,"context_line":"                \"security_group_log\": {"},{"line_number":123,"context_line":"                    \"id\": \"5f126d84-551a-4dcf-bb01-0e9c0df0c793\","},{"line_number":124,"context_line":"                    \"tenant_id\": \"8d4c70a21fed4aeba121a1a429ba0d04\","},{"line_number":125,"context_line":"                    \"log_resource_id\": \"46ebaec0-0570-43ac-82f6-60d2b03168c4\","}],"source_content_type":"text/x-rst","patch_set":31,"id":"9a8ffd7b_585e4377","line":122,"updated":"2015-11-26 03:05:58.000000000","message":"I think we can attach multiple security-group-log to one log-resource. If so, it this field should be security_group_logs and the type should be a list of dict.","commit_id":"5263b99db23afd12f22cf8335aa6340d37fbe37a"},{"author":{"_account_id":13702,"name":"yushiro","username":"yushiro","inactive":true},"change_message_id":"60bf59cf2be3f28134321a881e3d863cbfdb79a1","unresolved":false,"context_lines":[{"line_number":119,"context_line":"                \"name\": \"sg-log\","},{"line_number":120,"context_line":"                \"description\": \"Log for security group\","},{"line_number":121,"context_line":"                \"log_driver\": \"rsyslog\","},{"line_number":122,"context_line":"                \"security_group_log\": {"},{"line_number":123,"context_line":"                    \"id\": \"5f126d84-551a-4dcf-bb01-0e9c0df0c793\","},{"line_number":124,"context_line":"                    \"tenant_id\": \"8d4c70a21fed4aeba121a1a429ba0d04\","},{"line_number":125,"context_line":"                    \"log_resource_id\": \"46ebaec0-0570-43ac-82f6-60d2b03168c4\","}],"source_content_type":"text/x-rst","patch_set":31,"id":"9a8ffd7b_82ef16e8","line":122,"in_reply_to":"9a8ffd7b_585e4377","updated":"2015-11-27 14:37:09.000000000","message":"Yes.  I\u0027ll change it.","commit_id":"5263b99db23afd12f22cf8335aa6340d37fbe37a"},{"author":{"_account_id":748,"name":"Armando Migliaccio","email":"armamig@gmail.com","username":"armando-migliaccio"},"change_message_id":"0e8fbed1503ebfe41b06f45562de534bc4881242","unresolved":false,"context_lines":[{"line_number":155,"context_line":"            {"},{"line_number":156,"context_line":"             ..."},{"line_number":157,"context_line":"            }]"},{"line_number":158,"context_line":"        }"},{"line_number":159,"context_line":""},{"line_number":160,"context_line":""},{"line_number":161,"context_line":"Data Model Impact"}],"source_content_type":"text/x-rst","patch_set":31,"id":"9a8ffd7b_4cba1c0c","line":158,"updated":"2015-11-25 17:48:59.000000000","message":"What about the API call that allow the admin to learn about the events? I am missing something.","commit_id":"5263b99db23afd12f22cf8335aa6340d37fbe37a"},{"author":{"_account_id":13702,"name":"yushiro","username":"yushiro","inactive":true},"change_message_id":"60bf59cf2be3f28134321a881e3d863cbfdb79a1","unresolved":false,"context_lines":[{"line_number":155,"context_line":"            {"},{"line_number":156,"context_line":"             ..."},{"line_number":157,"context_line":"            }]"},{"line_number":158,"context_line":"        }"},{"line_number":159,"context_line":""},{"line_number":160,"context_line":""},{"line_number":161,"context_line":"Data Model Impact"}],"source_content_type":"text/x-rst","patch_set":31,"id":"9a8ffd7b_c260be03","line":158,"in_reply_to":"9a8ffd7b_4cba1c0c","updated":"2015-11-27 14:37:09.000000000","message":"I\u0027m not sure I understand your question/expectation deeply.\n\nYou mean we should append \"event\" attribute into the \"security_group_log\" resource? Please teach me if my understanding is wrong.","commit_id":"5263b99db23afd12f22cf8335aa6340d37fbe37a"},{"author":{"_account_id":841,"name":"Akihiro Motoki","email":"amotoki@gmail.com","username":"amotoki"},"change_message_id":"660e2d023e3e95dc4373dcd437369d538fa5aae7","unresolved":false,"context_lines":[{"line_number":274,"context_line":"                             \u0027security_group_rule_id\u0027: {"},{"line_number":275,"context_line":"                                \u0027allow_post\u0027: True, \u0027allow_put\u0027: False,"},{"line_number":276,"context_line":"                                \u0027is_visible\u0027: True, \u0027default\u0027: None,"},{"line_number":277,"context_line":"                                \u0027validate\u0027: {\u0027type:uuid_or_none\u0027: None}},"},{"line_number":278,"context_line":"                          })"},{"line_number":279,"context_line":"        },"},{"line_number":280,"context_line":"    }"}],"source_content_type":"text/x-rst","patch_set":31,"id":"9a8ffd7b_d8a6b352","line":277,"updated":"2015-11-26 03:05:58.000000000","message":"API schema is well described, but I don\u0027t see any description on the expected API behavior.\n\nIn addition, could you describe the relationship of these three fields?\nCan all these three fields be None? Or is there any constraint?","commit_id":"5263b99db23afd12f22cf8335aa6340d37fbe37a"},{"author":{"_account_id":13702,"name":"yushiro","username":"yushiro","inactive":true},"change_message_id":"60bf59cf2be3f28134321a881e3d863cbfdb79a1","unresolved":false,"context_lines":[{"line_number":274,"context_line":"                             \u0027security_group_rule_id\u0027: {"},{"line_number":275,"context_line":"                                \u0027allow_post\u0027: True, \u0027allow_put\u0027: False,"},{"line_number":276,"context_line":"                                \u0027is_visible\u0027: True, \u0027default\u0027: None,"},{"line_number":277,"context_line":"                                \u0027validate\u0027: {\u0027type:uuid_or_none\u0027: None}},"},{"line_number":278,"context_line":"                          })"},{"line_number":279,"context_line":"        },"},{"line_number":280,"context_line":"    }"}],"source_content_type":"text/x-rst","patch_set":31,"id":"9a8ffd7b_167fe766","line":277,"in_reply_to":"9a8ffd7b_d8a6b352","updated":"2015-11-27 14:37:09.000000000","message":"Yes. I will follow your comment and will updated in next revision related to this.","commit_id":"5263b99db23afd12f22cf8335aa6340d37fbe37a"},{"author":{"_account_id":841,"name":"Akihiro Motoki","email":"amotoki@gmail.com","username":"amotoki"},"change_message_id":"660e2d023e3e95dc4373dcd437369d538fa5aae7","unresolved":false,"context_lines":[{"line_number":306,"context_line":""},{"line_number":307,"context_line":""},{"line_number":308,"context_line":"Security Impact"},{"line_number":309,"context_line":"---------------"},{"line_number":310,"context_line":""},{"line_number":311,"context_line":"None"},{"line_number":312,"context_line":"(This REST API will only be accessible to **admin_only** that controlled"}],"source_content_type":"text/x-rst","patch_set":31,"id":"9a8ffd7b_b8072f1b","line":309,"updated":"2015-11-26 03:05:58.000000000","message":"The volume of log highly depends on user traffic. It affects performance and it is a potential security impact (a kind of DoS). it is worth mentioned.","commit_id":"5263b99db23afd12f22cf8335aa6340d37fbe37a"},{"author":{"_account_id":13702,"name":"yushiro","username":"yushiro","inactive":true},"change_message_id":"60bf59cf2be3f28134321a881e3d863cbfdb79a1","unresolved":false,"context_lines":[{"line_number":306,"context_line":""},{"line_number":307,"context_line":""},{"line_number":308,"context_line":"Security Impact"},{"line_number":309,"context_line":"---------------"},{"line_number":310,"context_line":""},{"line_number":311,"context_line":"None"},{"line_number":312,"context_line":"(This REST API will only be accessible to **admin_only** that controlled"}],"source_content_type":"text/x-rst","patch_set":31,"id":"9a8ffd7b_f6c7c395","line":309,"in_reply_to":"9a8ffd7b_b8072f1b","updated":"2015-11-27 14:37:09.000000000","message":"Yes. I will append such item to this section.","commit_id":"5263b99db23afd12f22cf8335aa6340d37fbe37a"},{"author":{"_account_id":4656,"name":"Sean M. Collins","email":"sean@coreitpro.com","username":"scollins"},"change_message_id":"a17456b06dec36949bcf43ac983f9cef51d19686","unresolved":false,"context_lines":[{"line_number":308,"context_line":"Security Impact"},{"line_number":309,"context_line":"---------------"},{"line_number":310,"context_line":""},{"line_number":311,"context_line":"None"},{"line_number":312,"context_line":"(This REST API will only be accessible to **admin_only** that controlled"},{"line_number":313,"context_line":"by policy.json.)"},{"line_number":314,"context_line":""}],"source_content_type":"text/x-rst","patch_set":31,"id":"9a8ffd7b_5b2bb494","line":311,"updated":"2015-11-25 17:09:46.000000000","message":"So - there *is* security impact, since you\u0027re locking this down.","commit_id":"5263b99db23afd12f22cf8335aa6340d37fbe37a"},{"author":{"_account_id":13702,"name":"yushiro","username":"yushiro","inactive":true},"change_message_id":"60bf59cf2be3f28134321a881e3d863cbfdb79a1","unresolved":false,"context_lines":[{"line_number":308,"context_line":"Security Impact"},{"line_number":309,"context_line":"---------------"},{"line_number":310,"context_line":""},{"line_number":311,"context_line":"None"},{"line_number":312,"context_line":"(This REST API will only be accessible to **admin_only** that controlled"},{"line_number":313,"context_line":"by policy.json.)"},{"line_number":314,"context_line":""}],"source_content_type":"text/x-rst","patch_set":31,"id":"9a8ffd7b_56332fab","line":311,"in_reply_to":"9a8ffd7b_5b2bb494","updated":"2015-11-27 14:37:09.000000000","message":"Oh...  Sorry. I will update it.","commit_id":"5263b99db23afd12f22cf8335aa6340d37fbe37a"},{"author":{"_account_id":748,"name":"Armando Migliaccio","email":"armamig@gmail.com","username":"armando-migliaccio"},"change_message_id":"0e8fbed1503ebfe41b06f45562de534bc4881242","unresolved":false,"context_lines":[{"line_number":316,"context_line":"Notifications Impact"},{"line_number":317,"context_line":"--------------------"},{"line_number":318,"context_line":""},{"line_number":319,"context_line":"The sg-agent will subscribe LogResource to know \"logging\" event update"},{"line_number":320,"context_line":"(create/delete). When the sg-agent received a \"logging\" event, it will check"},{"line_number":321,"context_line":"to update back-end or ignore. In the update case: sg-agent calls back server"},{"line_number":322,"context_line":"to get detail information of sg-rule and LogResource."}],"source_content_type":"text/x-rst","patch_set":31,"id":"9a8ffd7b_5102b50c","line":319,"updated":"2015-11-25 17:48:59.000000000","message":"this is the first time you introduce this entity. What is it? You should explain how you intend to design and provide an implementation for this API or is this captured elsewhere?","commit_id":"5263b99db23afd12f22cf8335aa6340d37fbe37a"},{"author":{"_account_id":4656,"name":"Sean M. Collins","email":"sean@coreitpro.com","username":"scollins"},"change_message_id":"d78eff3756c82630f0acdf887c34dc48beb74529","unresolved":false,"context_lines":[{"line_number":316,"context_line":"Notifications Impact"},{"line_number":317,"context_line":"--------------------"},{"line_number":318,"context_line":""},{"line_number":319,"context_line":"The sg-agent will subscribe LogResource to know \"logging\" event update"},{"line_number":320,"context_line":"(create/delete). When the sg-agent received a \"logging\" event, it will check"},{"line_number":321,"context_line":"to update back-end or ignore. In the update case: sg-agent calls back server"},{"line_number":322,"context_line":"to get detail information of sg-rule and LogResource."}],"source_content_type":"text/x-rst","patch_set":31,"id":"9a8ffd7b_df8142c4","line":319,"in_reply_to":"9a8ffd7b_16e047f9","updated":"2015-11-30 00:30:17.000000000","message":"There is no security group agent. There *is* an RPC mixin that certain agents inherit from in order to implement security groups.\n\nMaking changes to the security group RPC class is a no-no. It would need to be an L2 agent extension.","commit_id":"5263b99db23afd12f22cf8335aa6340d37fbe37a"},{"author":{"_account_id":841,"name":"Akihiro Motoki","email":"amotoki@gmail.com","username":"amotoki"},"change_message_id":"660e2d023e3e95dc4373dcd437369d538fa5aae7","unresolved":false,"context_lines":[{"line_number":316,"context_line":"Notifications Impact"},{"line_number":317,"context_line":"--------------------"},{"line_number":318,"context_line":""},{"line_number":319,"context_line":"The sg-agent will subscribe LogResource to know \"logging\" event update"},{"line_number":320,"context_line":"(create/delete). When the sg-agent received a \"logging\" event, it will check"},{"line_number":321,"context_line":"to update back-end or ignore. In the update case: sg-agent calls back server"},{"line_number":322,"context_line":"to get detail information of sg-rule and LogResource."}],"source_content_type":"text/x-rst","patch_set":31,"id":"9a8ffd7b_58488387","line":319,"in_reply_to":"9a8ffd7b_5102b50c","updated":"2015-11-26 03:05:58.000000000","message":"I feel the same. What is \"sg-agent\"?","commit_id":"5263b99db23afd12f22cf8335aa6340d37fbe37a"},{"author":{"_account_id":13702,"name":"yushiro","username":"yushiro","inactive":true},"change_message_id":"60bf59cf2be3f28134321a881e3d863cbfdb79a1","unresolved":false,"context_lines":[{"line_number":316,"context_line":"Notifications Impact"},{"line_number":317,"context_line":"--------------------"},{"line_number":318,"context_line":""},{"line_number":319,"context_line":"The sg-agent will subscribe LogResource to know \"logging\" event update"},{"line_number":320,"context_line":"(create/delete). When the sg-agent received a \"logging\" event, it will check"},{"line_number":321,"context_line":"to update back-end or ignore. In the update case: sg-agent calls back server"},{"line_number":322,"context_line":"to get detail information of sg-rule and LogResource."}],"source_content_type":"text/x-rst","patch_set":31,"id":"9a8ffd7b_16e047f9","line":319,"in_reply_to":"9a8ffd7b_58488387","updated":"2015-11-27 14:37:09.000000000","message":"@Armando and Akihiro: \n\nSg-agent is the security group agent. We are going to provide a logging agent that can control notification events for each driver(Rsyslog, splunk, ...).  Logging agent may be implemented as a L2 agent extension.\nSecurity group agent need to know \"logging\" events to update backend (iptables driver or other drivers) or ignore.\n\nWould you please confirm it? and give me some advices for this.\n\nHere is our WIP for sg-agent:\nhttps://review.openstack.org/#/c/204481/10/neutron/agent/securitygroups_rpc.py","commit_id":"5263b99db23afd12f22cf8335aa6340d37fbe37a"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"2f9aa42db495bbc74bad0bb1d0b957a9e8d727a4","unresolved":false,"context_lines":[{"line_number":316,"context_line":"Notifications Impact"},{"line_number":317,"context_line":"--------------------"},{"line_number":318,"context_line":""},{"line_number":319,"context_line":"The sg-agent will subscribe LogResource to know \"logging\" event update"},{"line_number":320,"context_line":"(create/delete). When the sg-agent received a \"logging\" event, it will check"},{"line_number":321,"context_line":"to update back-end or ignore. In the update case: sg-agent calls back server"},{"line_number":322,"context_line":"to get detail information of sg-rule and LogResource."}],"source_content_type":"text/x-rst","patch_set":31,"id":"9a8ffd7b_a8c8c155","line":319,"in_reply_to":"9a8ffd7b_df8142c4","updated":"2015-11-30 09:08:28.000000000","message":"@sean: \nThanks for correct me. I\u0027ll provide logging agent as a L2 agent extension.\nLogging agent extension will control notification events(update/delete) to update\nback-end or ignore. In the update case: logging agent will callback to server via ResourcesPullRpcApi interface to get detail\ninformation of LoggingResource and security group resource. In additional, I will also introduce\nIptablesSGLoggingDriver for security group as first implementation.\n\nWould you please confirm it? And give me some advices if possible.","commit_id":"5263b99db23afd12f22cf8335aa6340d37fbe37a"},{"author":{"_account_id":841,"name":"Akihiro Motoki","email":"amotoki@gmail.com","username":"amotoki"},"change_message_id":"660e2d023e3e95dc4373dcd437369d538fa5aae7","unresolved":false,"context_lines":[{"line_number":323,"context_line":""},{"line_number":324,"context_line":""},{"line_number":325,"context_line":"Other End User Impact"},{"line_number":326,"context_line":"---------------------"},{"line_number":327,"context_line":""},{"line_number":328,"context_line":"Additional methods will be added to python-neutronclient to create, update,"},{"line_number":329,"context_line":"list, get, and delete logging resource. Dedicated CLI command to list"}],"source_content_type":"text/x-rst","patch_set":31,"id":"9a8ffd7b_98358bf8","line":326,"updated":"2015-11-26 03:05:58.000000000","message":"I think there is no end user impact because this API is exposed only to operators.","commit_id":"5263b99db23afd12f22cf8335aa6340d37fbe37a"},{"author":{"_account_id":13702,"name":"yushiro","username":"yushiro","inactive":true},"change_message_id":"60bf59cf2be3f28134321a881e3d863cbfdb79a1","unresolved":false,"context_lines":[{"line_number":323,"context_line":""},{"line_number":324,"context_line":""},{"line_number":325,"context_line":"Other End User Impact"},{"line_number":326,"context_line":"---------------------"},{"line_number":327,"context_line":""},{"line_number":328,"context_line":"Additional methods will be added to python-neutronclient to create, update,"},{"line_number":329,"context_line":"list, get, and delete logging resource. Dedicated CLI command to list"}],"source_content_type":"text/x-rst","patch_set":31,"id":"9a8ffd7b_169cc75b","line":326,"in_reply_to":"9a8ffd7b_98358bf8","updated":"2015-11-27 14:37:09.000000000","message":"Yes, you\u0027re right. We will change \"Other End User Impact\" to \"Operators CLI impact\" section.","commit_id":"5263b99db23afd12f22cf8335aa6340d37fbe37a"},{"author":{"_account_id":748,"name":"Armando Migliaccio","email":"armamig@gmail.com","username":"armando-migliaccio"},"change_message_id":"0e8fbed1503ebfe41b06f45562de534bc4881242","unresolved":false,"context_lines":[{"line_number":421,"context_line":"  * Database model \u0026 database migrations"},{"line_number":422,"context_line":"  * Iptables based reference implementation"},{"line_number":423,"context_line":"  * Python-neutronclient support"},{"line_number":424,"context_line":"  * Horizon support"},{"line_number":425,"context_line":""},{"line_number":426,"context_line":""},{"line_number":427,"context_line":"Dependencies"}],"source_content_type":"text/x-rst","patch_set":31,"id":"9a8ffd7b_2c6318de","line":424,"updated":"2015-11-25 17:48:59.000000000","message":"Do we want Horizon support tracked here? I wouldn\u0027t think so.","commit_id":"5263b99db23afd12f22cf8335aa6340d37fbe37a"},{"author":{"_account_id":13702,"name":"yushiro","username":"yushiro","inactive":true},"change_message_id":"60bf59cf2be3f28134321a881e3d863cbfdb79a1","unresolved":false,"context_lines":[{"line_number":421,"context_line":"  * Database model \u0026 database migrations"},{"line_number":422,"context_line":"  * Iptables based reference implementation"},{"line_number":423,"context_line":"  * Python-neutronclient support"},{"line_number":424,"context_line":"  * Horizon support"},{"line_number":425,"context_line":""},{"line_number":426,"context_line":""},{"line_number":427,"context_line":"Dependencies"}],"source_content_type":"text/x-rst","patch_set":31,"id":"9a8ffd7b_36f0eb66","line":424,"in_reply_to":"9a8ffd7b_2c6318de","updated":"2015-11-27 14:37:09.000000000","message":"OK.  This item will be removed in next revision.","commit_id":"5263b99db23afd12f22cf8335aa6340d37fbe37a"},{"author":{"_account_id":9423,"name":"Roey Chen","email":"roeyc@vmware.com","username":"roeyc"},"change_message_id":"9d19fb079429e5bd9b6fcd1f869e5e6b9d804384","unresolved":false,"context_lines":[{"line_number":31,"context_line":"painstakingly browsing distributed logs. To improve the situation, we\u0027d do"},{"line_number":32,"context_line":"the following:"},{"line_number":33,"context_line":""},{"line_number":34,"context_line":"* Capture security events when they occur, ideally we\u0027d funnel events to"},{"line_number":35,"context_line":"  a central location."},{"line_number":36,"context_line":"* Expose a way to the operator (**admin_only**) to consume this events, ideally"},{"line_number":37,"context_line":"  remotely via a well defined API."}],"source_content_type":"text/x-rst","patch_set":33,"id":"9a8ffd7b_6a9a7f70","line":34,"updated":"2015-12-01 13:03:59.000000000","message":"s/funnel/tunnel","commit_id":"98d3b65cc67a7358564f9f6872219dd810c6336b"},{"author":{"_account_id":17776,"name":"Reedip","email":"reedip.banerjee@gmail.com","username":"Reedip"},"change_message_id":"7451f09ee55d00311c6e6ace2678625c5c4e61a0","unresolved":false,"context_lines":[{"line_number":31,"context_line":"painstakingly browsing distributed logs. To improve the situation, we\u0027d do"},{"line_number":32,"context_line":"the following:"},{"line_number":33,"context_line":""},{"line_number":34,"context_line":"* Capture security events when they occur, ideally we\u0027d funnel events to"},{"line_number":35,"context_line":"  a central location."},{"line_number":36,"context_line":"* Expose a way to the operator (**admin_only**) to consume this events, ideally"},{"line_number":37,"context_line":"  remotely via a well defined API."}],"source_content_type":"text/x-rst","patch_set":33,"id":"9a8ffd7b_dbb46d36","line":34,"in_reply_to":"9a8ffd7b_6a9a7f70","updated":"2015-12-02 07:36:57.000000000","message":"@Roey, I guess Funnel also suits ... basically they would like to redirect the logs .So funnel suits here.","commit_id":"98d3b65cc67a7358564f9f6872219dd810c6336b"},{"author":{"_account_id":13702,"name":"yushiro","username":"yushiro","inactive":true},"change_message_id":"6634005c1ecf4f95014ba78673cecd26b0d4464a","unresolved":false,"context_lines":[{"line_number":31,"context_line":"painstakingly browsing distributed logs. To improve the situation, we\u0027d do"},{"line_number":32,"context_line":"the following:"},{"line_number":33,"context_line":""},{"line_number":34,"context_line":"* Capture security events when they occur, ideally we\u0027d funnel events to"},{"line_number":35,"context_line":"  a central location."},{"line_number":36,"context_line":"* Expose a way to the operator (**admin_only**) to consume this events, ideally"},{"line_number":37,"context_line":"  remotely via a well defined API."}],"source_content_type":"text/x-rst","patch_set":33,"id":"7a740942_8dbb56c4","line":34,"in_reply_to":"9a8ffd7b_dbb46d36","updated":"2015-12-04 09:59:51.000000000","message":"@Roey: I\u0027d like collect security events log from nodes to central logging server.  So I think \"funnel\" is suitable.","commit_id":"98d3b65cc67a7358564f9f6872219dd810c6336b"},{"author":{"_account_id":17776,"name":"Reedip","email":"reedip.banerjee@gmail.com","username":"Reedip"},"change_message_id":"7451f09ee55d00311c6e6ace2678625c5c4e61a0","unresolved":false,"context_lines":[{"line_number":33,"context_line":""},{"line_number":34,"context_line":"* Capture security events when they occur, ideally we\u0027d funnel events to"},{"line_number":35,"context_line":"  a central location."},{"line_number":36,"context_line":"* Expose a way to the operator (**admin_only**) to consume this events, ideally"},{"line_number":37,"context_line":"  remotely via a well defined API."},{"line_number":38,"context_line":""},{"line_number":39,"context_line":""}],"source_content_type":"text/x-rst","patch_set":33,"id":"9a8ffd7b_5b7f1d66","line":36,"updated":"2015-12-02 07:36:57.000000000","message":"nit :this -\u003e these","commit_id":"98d3b65cc67a7358564f9f6872219dd810c6336b"},{"author":{"_account_id":13702,"name":"yushiro","username":"yushiro","inactive":true},"change_message_id":"6634005c1ecf4f95014ba78673cecd26b0d4464a","unresolved":false,"context_lines":[{"line_number":33,"context_line":""},{"line_number":34,"context_line":"* Capture security events when they occur, ideally we\u0027d funnel events to"},{"line_number":35,"context_line":"  a central location."},{"line_number":36,"context_line":"* Expose a way to the operator (**admin_only**) to consume this events, ideally"},{"line_number":37,"context_line":"  remotely via a well defined API."},{"line_number":38,"context_line":""},{"line_number":39,"context_line":""}],"source_content_type":"text/x-rst","patch_set":33,"id":"7a740942_4db56ecb","line":36,"in_reply_to":"9a8ffd7b_5b7f1d66","updated":"2015-12-04 09:59:51.000000000","message":"Done","commit_id":"98d3b65cc67a7358564f9f6872219dd810c6336b"},{"author":{"_account_id":17776,"name":"Reedip","email":"reedip.banerjee@gmail.com","username":"Reedip"},"change_message_id":"7451f09ee55d00311c6e6ace2678625c5c4e61a0","unresolved":false,"context_lines":[{"line_number":54,"context_line":"                \"name\": \"sg-log\","},{"line_number":55,"context_line":"                \"description\": \"Log for security group\","},{"line_number":56,"context_line":"                \"log_driver\": \"rsyslog\","},{"line_number":57,"context_line":"                \"log_type\": \"security_group\""},{"line_number":58,"context_line":"             }"},{"line_number":59,"context_line":"        }"},{"line_number":60,"context_line":""}],"source_content_type":"text/x-rst","patch_set":33,"id":"9a8ffd7b_1b919552","line":57,"updated":"2015-12-02 07:36:57.000000000","message":"Is Log_type selectable from a group/set of types?\n\nIf it is a string , which is provided by the user, then I am not sure of the use of Log_type, when we have Log Name and Description.\n\nIMO, I am guessing Log Description and Name would take care of the \nlog_type here.\n\nNote: log_type is mentioned as RO in the API reference given below, so now a bit confused.(L#189)","commit_id":"98d3b65cc67a7358564f9f6872219dd810c6336b"},{"author":{"_account_id":13702,"name":"yushiro","username":"yushiro","inactive":true},"change_message_id":"6634005c1ecf4f95014ba78673cecd26b0d4464a","unresolved":false,"context_lines":[{"line_number":54,"context_line":"                \"name\": \"sg-log\","},{"line_number":55,"context_line":"                \"description\": \"Log for security group\","},{"line_number":56,"context_line":"                \"log_driver\": \"rsyslog\","},{"line_number":57,"context_line":"                \"log_type\": \"security_group\""},{"line_number":58,"context_line":"             }"},{"line_number":59,"context_line":"        }"},{"line_number":60,"context_line":""}],"source_content_type":"text/x-rst","patch_set":33,"id":"7a740942_8331e5a4","line":57,"in_reply_to":"9a8ffd7b_1b919552","updated":"2015-12-04 09:59:51.000000000","message":"We\u0027ll update log_type as a RW(No update) field.","commit_id":"98d3b65cc67a7358564f9f6872219dd810c6336b"},{"author":{"_account_id":9423,"name":"Roey Chen","email":"roeyc@vmware.com","username":"roeyc"},"change_message_id":"9d19fb079429e5bd9b6fcd1f869e5e6b9d804384","unresolved":false,"context_lines":[{"line_number":160,"context_line":"    (2) Events of a specific security group applied to a specific"},{"line_number":161,"context_line":"        neutron port."},{"line_number":162,"context_line":"    (3) Events of a specific security group rule applied to a specific"},{"line_number":163,"context_line":"        neutron port."},{"line_number":164,"context_line":""},{"line_number":165,"context_line":"In addition, after LoggingResource is configured, events log data will"},{"line_number":166,"context_line":"be transferred to central logging server."}],"source_content_type":"text/x-rst","patch_set":33,"id":"9a8ffd7b_2a8b1720","line":163,"updated":"2015-12-01 13:03:59.000000000","message":"(4/5) Events of a specific security-group/-rule applied to all ports (associated with this sg), for example, one can create a security-group-log but without specifying port-id, which means that events should be emitted for any port which is associated with the sg.","commit_id":"98d3b65cc67a7358564f9f6872219dd810c6336b"},{"author":{"_account_id":13702,"name":"yushiro","username":"yushiro","inactive":true},"change_message_id":"6634005c1ecf4f95014ba78673cecd26b0d4464a","unresolved":false,"context_lines":[{"line_number":160,"context_line":"    (2) Events of a specific security group applied to a specific"},{"line_number":161,"context_line":"        neutron port."},{"line_number":162,"context_line":"    (3) Events of a specific security group rule applied to a specific"},{"line_number":163,"context_line":"        neutron port."},{"line_number":164,"context_line":""},{"line_number":165,"context_line":"In addition, after LoggingResource is configured, events log data will"},{"line_number":166,"context_line":"be transferred to central logging server."}],"source_content_type":"text/x-rst","patch_set":33,"id":"7a740942_43e21d05","line":163,"in_reply_to":"9a8ffd7b_2a8b1720","updated":"2015-12-04 09:59:51.000000000","message":"Hi Roey!!  Thanks for your suggestion, it\u0027s clearly. We\u0027ll update as below:\n\n        (1) Events of a specific security group applied to a specific neutron port (i.e., instance)\n        (2) Events of a specific sg rule applied to a specific neutron port (i.e., instance)\n        (3) Events of a specific security group of all ports\n        (4) Events of a specific sg rule of all ports\n        (5) All security group related events of a specific neutron port\n        (6) All security group related events in a tenant","commit_id":"98d3b65cc67a7358564f9f6872219dd810c6336b"},{"author":{"_account_id":17776,"name":"Reedip","email":"reedip.banerjee@gmail.com","username":"Reedip"},"change_message_id":"7451f09ee55d00311c6e6ace2678625c5c4e61a0","unresolved":false,"context_lines":[{"line_number":163,"context_line":"        neutron port."},{"line_number":164,"context_line":""},{"line_number":165,"context_line":"In addition, after LoggingResource is configured, events log data will"},{"line_number":166,"context_line":"be transferred to central logging server."},{"line_number":167,"context_line":""},{"line_number":168,"context_line":""},{"line_number":169,"context_line":"Data Model Impact"}],"source_content_type":"text/x-rst","patch_set":33,"id":"9a8ffd7b_fedb5feb","line":166,"updated":"2015-12-02 07:36:57.000000000","message":"This data will be transferred instantaneously ( i.e. per record basis ) , or would it be a batch process?","commit_id":"98d3b65cc67a7358564f9f6872219dd810c6336b"},{"author":{"_account_id":13702,"name":"yushiro","username":"yushiro","inactive":true},"change_message_id":"6634005c1ecf4f95014ba78673cecd26b0d4464a","unresolved":false,"context_lines":[{"line_number":163,"context_line":"        neutron port."},{"line_number":164,"context_line":""},{"line_number":165,"context_line":"In addition, after LoggingResource is configured, events log data will"},{"line_number":166,"context_line":"be transferred to central logging server."},{"line_number":167,"context_line":""},{"line_number":168,"context_line":""},{"line_number":169,"context_line":"Data Model Impact"}],"source_content_type":"text/x-rst","patch_set":33,"id":"7a740942_e3d1c9fc","line":166,"in_reply_to":"9a8ffd7b_fedb5feb","updated":"2015-12-04 09:59:51.000000000","message":"This feature depends on back-end(log_driver).  We\u0027ll consider it during implementation for back-end driver.","commit_id":"98d3b65cc67a7358564f9f6872219dd810c6336b"},{"author":{"_account_id":9423,"name":"Roey Chen","email":"roeyc@vmware.com","username":"roeyc"},"change_message_id":"9d19fb079429e5bd9b6fcd1f869e5e6b9d804384","unresolved":false,"context_lines":[{"line_number":174,"context_line":"+------------+-------+-------+----------+-----------+----------------------------+"},{"line_number":175,"context_line":"|Attribute   |Type   |Access |Default   |Validation/|Description                 |"},{"line_number":176,"context_line":"|Name        |       |       |Value     |Conversion |                            |"},{"line_number":177,"context_line":"+\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d+\u003d\u003d\u003d\u003d\u003d\u003d\u003d+\u003d\u003d\u003d\u003d\u003d\u003d\u003d+\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d+\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d+\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d+"},{"line_number":178,"context_line":"|id          |uuid   |RO     |generated |uuid       |Identity                    |"},{"line_number":179,"context_line":"+------------+-------+-------+----------+-----------+----------------------------+"},{"line_number":180,"context_line":"|tenant_id   |uuid   |RO     |N/A       |uuid       |Id of tenant that created   |"}],"source_content_type":"text/x-rst","patch_set":33,"id":"9a8ffd7b_ea9bcf64","line":177,"updated":"2015-12-01 13:03:59.000000000","message":"Should we consider additional attribute, for example \"enabled\", which will indicate whether this logging resource is active or not. When active, log is emitted based on the configuration of this logging resource, when disabled, it will not emit any log.\nThis might be useful if one wants to define a logging resource but use it only at certain times (on demand), without creating and configuring one each time.\nDoes that make any sense?","commit_id":"98d3b65cc67a7358564f9f6872219dd810c6336b"},{"author":{"_account_id":13702,"name":"yushiro","username":"yushiro","inactive":true},"change_message_id":"6634005c1ecf4f95014ba78673cecd26b0d4464a","unresolved":false,"context_lines":[{"line_number":174,"context_line":"+------------+-------+-------+----------+-----------+----------------------------+"},{"line_number":175,"context_line":"|Attribute   |Type   |Access |Default   |Validation/|Description                 |"},{"line_number":176,"context_line":"|Name        |       |       |Value     |Conversion |                            |"},{"line_number":177,"context_line":"+\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d+\u003d\u003d\u003d\u003d\u003d\u003d\u003d+\u003d\u003d\u003d\u003d\u003d\u003d\u003d+\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d+\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d+\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d+"},{"line_number":178,"context_line":"|id          |uuid   |RO     |generated |uuid       |Identity                    |"},{"line_number":179,"context_line":"+------------+-------+-------+----------+-----------+----------------------------+"},{"line_number":180,"context_line":"|tenant_id   |uuid   |RO     |N/A       |uuid       |Id of tenant that created   |"}],"source_content_type":"text/x-rst","patch_set":33,"id":"7a740942_837ec5e2","line":177,"in_reply_to":"9a8ffd7b_7e952fe2","updated":"2015-12-04 09:59:51.000000000","message":"@Roey and @Reedip: I think this option is convenient. We\u0027ll insert it.","commit_id":"98d3b65cc67a7358564f9f6872219dd810c6336b"},{"author":{"_account_id":17776,"name":"Reedip","email":"reedip.banerjee@gmail.com","username":"Reedip"},"change_message_id":"7451f09ee55d00311c6e6ace2678625c5c4e61a0","unresolved":false,"context_lines":[{"line_number":174,"context_line":"+------------+-------+-------+----------+-----------+----------------------------+"},{"line_number":175,"context_line":"|Attribute   |Type   |Access |Default   |Validation/|Description                 |"},{"line_number":176,"context_line":"|Name        |       |       |Value     |Conversion |                            |"},{"line_number":177,"context_line":"+\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d+\u003d\u003d\u003d\u003d\u003d\u003d\u003d+\u003d\u003d\u003d\u003d\u003d\u003d\u003d+\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d+\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d+\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d+"},{"line_number":178,"context_line":"|id          |uuid   |RO     |generated |uuid       |Identity                    |"},{"line_number":179,"context_line":"+------------+-------+-------+----------+-----------+----------------------------+"},{"line_number":180,"context_line":"|tenant_id   |uuid   |RO     |N/A       |uuid       |Id of tenant that created   |"}],"source_content_type":"text/x-rst","patch_set":33,"id":"9a8ffd7b_7e952fe2","line":177,"in_reply_to":"9a8ffd7b_ea9bcf64","updated":"2015-12-02 07:36:57.000000000","message":"+1 , makes a lot of sense.","commit_id":"98d3b65cc67a7358564f9f6872219dd810c6336b"},{"author":{"_account_id":17776,"name":"Reedip","email":"reedip.banerjee@gmail.com","username":"Reedip"},"change_message_id":"7451f09ee55d00311c6e6ace2678625c5c4e61a0","unresolved":false,"context_lines":[{"line_number":186,"context_line":"+------------+-------+-------+----------+-----------+----------------------------+"},{"line_number":187,"context_line":"|log_driver  |string |RO     |N/A       |enum       |Log driver type             |"},{"line_number":188,"context_line":"+------------+-------+-------+----------+-----------+----------------------------+"},{"line_number":189,"context_line":"|log_type    |string |RO     |N/A       |enum       |Type of resource log        |"},{"line_number":190,"context_line":"+------------+-------+-------+----------+-----------+----------------------------+"},{"line_number":191,"context_line":""},{"line_number":192,"context_line":""}],"source_content_type":"text/x-rst","patch_set":33,"id":"9a8ffd7b_e9ddeb70","line":189,"updated":"2015-12-02 07:36:57.000000000","message":"Ok, RO means this item is not updated , isnt it?\nAnd in the Logging Request API Call made in Line #57, you are passing log_driver and log_type.\n\nIf Log_driver and log_type are to generated only during CREATE, andthey are system generated , then RO is OK.\nIf they are only generated during CREATE and they are passed by User, then maybe you can write it as RW(No Update)\nIf they are generated during Create and also updatable, you can use RW.\n\nSomething similar is used in LBaaS\nhttps://specs.openstack.org/openstack/neutron-specs/specs/kilo/lbaas-api-and-objmodel-improvement.html\n\n( See the CSV table for /lbaas/listeners)\n\nYou can use similar verification for the API attributes defined below.","commit_id":"98d3b65cc67a7358564f9f6872219dd810c6336b"},{"author":{"_account_id":13702,"name":"yushiro","username":"yushiro","inactive":true},"change_message_id":"6634005c1ecf4f95014ba78673cecd26b0d4464a","unresolved":false,"context_lines":[{"line_number":186,"context_line":"+------------+-------+-------+----------+-----------+----------------------------+"},{"line_number":187,"context_line":"|log_driver  |string |RO     |N/A       |enum       |Log driver type             |"},{"line_number":188,"context_line":"+------------+-------+-------+----------+-----------+----------------------------+"},{"line_number":189,"context_line":"|log_type    |string |RO     |N/A       |enum       |Type of resource log        |"},{"line_number":190,"context_line":"+------------+-------+-------+----------+-----------+----------------------------+"},{"line_number":191,"context_line":""},{"line_number":192,"context_line":""}],"source_content_type":"text/x-rst","patch_set":33,"id":"7a740942_c374cdfe","line":189,"in_reply_to":"9a8ffd7b_e9ddeb70","updated":"2015-12-04 09:59:51.000000000","message":"Thank for your comment. I\u0027ll update  s/RO/RW(No update) for more clearly.","commit_id":"98d3b65cc67a7358564f9f6872219dd810c6336b"},{"author":{"_account_id":9423,"name":"Roey Chen","email":"roeyc@vmware.com","username":"roeyc"},"change_message_id":"9d19fb079429e5bd9b6fcd1f869e5e6b9d804384","unresolved":false,"context_lines":[{"line_number":192,"context_line":""},{"line_number":193,"context_line":"The Logging object, which composes LogResource, has the following"},{"line_number":194,"context_line":"attributes:"},{"line_number":195,"context_line":""},{"line_number":196,"context_line":"+-------------------+------+------+---------+-----------+-------------------------+"},{"line_number":197,"context_line":"|Attribute          |Type  |Access|Default  |Validation/|Description              |"},{"line_number":198,"context_line":"|Name               |      |      |Value    |Conversion |                         |"}],"source_content_type":"text/x-rst","patch_set":33,"id":"9a8ffd7b_aa9e2752","line":195,"updated":"2015-12-01 13:03:59.000000000","message":"What role does this object/table aim to serve?\nIsn\u0027t all this information is already stored in LoggingResource?","commit_id":"98d3b65cc67a7358564f9f6872219dd810c6336b"},{"author":{"_account_id":13702,"name":"yushiro","username":"yushiro","inactive":true},"change_message_id":"6634005c1ecf4f95014ba78673cecd26b0d4464a","unresolved":false,"context_lines":[{"line_number":192,"context_line":""},{"line_number":193,"context_line":"The Logging object, which composes LogResource, has the following"},{"line_number":194,"context_line":"attributes:"},{"line_number":195,"context_line":""},{"line_number":196,"context_line":"+-------------------+------+------+---------+-----------+-------------------------+"},{"line_number":197,"context_line":"|Attribute          |Type  |Access|Default  |Validation/|Description              |"},{"line_number":198,"context_line":"|Name               |      |      |Value    |Conversion |                         |"}],"source_content_type":"text/x-rst","patch_set":33,"id":"7a740942_03d975f3","line":195,"in_reply_to":"9a8ffd7b_aa9e2752","updated":"2015-12-04 09:59:51.000000000","message":"This object aim to define a abstract object, that contain common fields. It\u0027s used for defining a inheritable class(SecurityGroupLogging in this case).","commit_id":"98d3b65cc67a7358564f9f6872219dd810c6336b"},{"author":{"_account_id":17776,"name":"Reedip","email":"reedip.banerjee@gmail.com","username":"Reedip"},"change_message_id":"7451f09ee55d00311c6e6ace2678625c5c4e61a0","unresolved":false,"context_lines":[{"line_number":212,"context_line":"|Attribute             |Type   |Access|Default|Validation/|Description            |"},{"line_number":213,"context_line":"|Name                  |       |      |Value  |Conversion |                       |"},{"line_number":214,"context_line":"+\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d+\u003d\u003d\u003d\u003d\u003d\u003d\u003d+\u003d\u003d\u003d\u003d\u003d\u003d+\u003d\u003d\u003d\u003d\u003d\u003d\u003d+\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d+\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d+"},{"line_number":215,"context_line":"|logging_id            |uuid   |RO    |N/A    |uuid       |Logging we extend      |"},{"line_number":216,"context_line":"+----------------------+-------+------+-------+-----------+-----------------------+"},{"line_number":217,"context_line":"|tenant_id             |uuid   |RO    |N/A    |uuid       |Tenant creates logging |"},{"line_number":218,"context_line":"+----------------------+-------+------+-------+-----------+-----------------------+"}],"source_content_type":"text/x-rst","patch_set":33,"id":"9a8ffd7b_9e66d327","line":215,"updated":"2015-12-02 07:36:57.000000000","message":"no \"id\" attribute here?","commit_id":"98d3b65cc67a7358564f9f6872219dd810c6336b"},{"author":{"_account_id":13702,"name":"yushiro","username":"yushiro","inactive":true},"change_message_id":"6634005c1ecf4f95014ba78673cecd26b0d4464a","unresolved":false,"context_lines":[{"line_number":212,"context_line":"|Attribute             |Type   |Access|Default|Validation/|Description            |"},{"line_number":213,"context_line":"|Name                  |       |      |Value  |Conversion |                       |"},{"line_number":214,"context_line":"+\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d+\u003d\u003d\u003d\u003d\u003d\u003d\u003d+\u003d\u003d\u003d\u003d\u003d\u003d+\u003d\u003d\u003d\u003d\u003d\u003d\u003d+\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d+\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d+"},{"line_number":215,"context_line":"|logging_id            |uuid   |RO    |N/A    |uuid       |Logging we extend      |"},{"line_number":216,"context_line":"+----------------------+-------+------+-------+-----------+-----------------------+"},{"line_number":217,"context_line":"|tenant_id             |uuid   |RO    |N/A    |uuid       |Tenant creates logging |"},{"line_number":218,"context_line":"+----------------------+-------+------+-------+-----------+-----------------------+"}],"source_content_type":"text/x-rst","patch_set":33,"id":"7a740942_239fd104","line":215,"in_reply_to":"9a8ffd7b_9e66d327","updated":"2015-12-04 09:59:51.000000000","message":"Actually, this attribute (logging_id) is \"id\" attribute. This is the way abstract to describe relation inheritance SecurityGroupLogging with Logging.","commit_id":"98d3b65cc67a7358564f9f6872219dd810c6336b"},{"author":{"_account_id":17776,"name":"Reedip","email":"reedip.banerjee@gmail.com","username":"Reedip"},"change_message_id":"7451f09ee55d00311c6e6ace2678625c5c4e61a0","unresolved":false,"context_lines":[{"line_number":319,"context_line":"Security Impact"},{"line_number":320,"context_line":"---------------"},{"line_number":321,"context_line":""},{"line_number":322,"context_line":"This REST API will only be accessible to **admin_only** that controlled by"},{"line_number":323,"context_line":"policy.json."},{"line_number":324,"context_line":""},{"line_number":325,"context_line":"The volume of log highly depends on user traffic. It affects performance and"}],"source_content_type":"text/x-rst","patch_set":33,"id":"9a8ffd7b_49cd17b6","line":322,"updated":"2015-12-02 07:36:57.000000000","message":"that controlled -\u003e which is controlled","commit_id":"98d3b65cc67a7358564f9f6872219dd810c6336b"},{"author":{"_account_id":13702,"name":"yushiro","username":"yushiro","inactive":true},"change_message_id":"6634005c1ecf4f95014ba78673cecd26b0d4464a","unresolved":false,"context_lines":[{"line_number":319,"context_line":"Security Impact"},{"line_number":320,"context_line":"---------------"},{"line_number":321,"context_line":""},{"line_number":322,"context_line":"This REST API will only be accessible to **admin_only** that controlled by"},{"line_number":323,"context_line":"policy.json."},{"line_number":324,"context_line":""},{"line_number":325,"context_line":"The volume of log highly depends on user traffic. It affects performance and"}],"source_content_type":"text/x-rst","patch_set":33,"id":"7a740942_43bbfd72","line":322,"in_reply_to":"9a8ffd7b_49cd17b6","updated":"2015-12-04 09:59:51.000000000","message":"Done","commit_id":"98d3b65cc67a7358564f9f6872219dd810c6336b"},{"author":{"_account_id":17776,"name":"Reedip","email":"reedip.banerjee@gmail.com","username":"Reedip"},"change_message_id":"7451f09ee55d00311c6e6ace2678625c5c4e61a0","unresolved":false,"context_lines":[{"line_number":323,"context_line":"policy.json."},{"line_number":324,"context_line":""},{"line_number":325,"context_line":"The volume of log highly depends on user traffic. It affects performance and"},{"line_number":326,"context_line":"it is a potential security impact (a kind of DoS)."},{"line_number":327,"context_line":""},{"line_number":328,"context_line":""},{"line_number":329,"context_line":"Notifications Impact"}],"source_content_type":"text/x-rst","patch_set":33,"id":"9a8ffd7b_c9ed87b8","line":326,"updated":"2015-12-02 07:36:57.000000000","message":"Logging performance can be improved by a logic, similar to the one followed by syslog.\nSyslog  has a buffer where it stores the last message. During a Timeout ( I am not sure of the exact value of the timeout), if the same message is repeated, then it is written as a single entry.\n( You can search for \"syslog Last Message repeated XXX times\")\n\nI am not saying to exactly follow the same behaviour, but keeping this logic in mind, and with some fine-tuning, maybe you can add a \"time\" attribute  in the Logging Object.\n\nThe \"time\" attribute can be used by the user to specify after how long would he/she like the the logs to be collected and sent to the server.\n\nIf the value of the \"time\" attribute is Zero, it means that the logs generated by syslog would be immediately transferred onto the central server.\nIf the value !\u003d 0, then all the logs can read in that time can be combined as a Batch and forwarded in a single API call.\nThe \"time\" attribute can be less than a maximum value ( 60 seconds ).\n\nThis is just a suggestion to improve the performance and avoid DoS.","commit_id":"98d3b65cc67a7358564f9f6872219dd810c6336b"},{"author":{"_account_id":13702,"name":"yushiro","username":"yushiro","inactive":true},"change_message_id":"6634005c1ecf4f95014ba78673cecd26b0d4464a","unresolved":false,"context_lines":[{"line_number":323,"context_line":"policy.json."},{"line_number":324,"context_line":""},{"line_number":325,"context_line":"The volume of log highly depends on user traffic. It affects performance and"},{"line_number":326,"context_line":"it is a potential security impact (a kind of DoS)."},{"line_number":327,"context_line":""},{"line_number":328,"context_line":""},{"line_number":329,"context_line":"Notifications Impact"}],"source_content_type":"text/x-rst","patch_set":33,"id":"7a740942_5ebaf6e2","line":326,"in_reply_to":"9a8ffd7b_c9ed87b8","updated":"2015-12-04 09:59:51.000000000","message":"Thanks for your comment. However, as above replied L#166 this feature depends on back-end. Therefore, I think the \"time\" attribute should not be added to Logging Object. It\u0027s can be considered in the config of rsyslog.","commit_id":"98d3b65cc67a7358564f9f6872219dd810c6336b"},{"author":{"_account_id":4656,"name":"Sean M. Collins","email":"sean@coreitpro.com","username":"scollins"},"change_message_id":"6e5438ab488a29da19de70a62c72be82ab3d41bf","unresolved":false,"context_lines":[{"line_number":258,"context_line":"+----------------------+-------+-------+-------+-----------+-----------------------+"},{"line_number":259,"context_line":"|tenant_id             |uuid   |RO     |N/A    |uuid       |Tenant creates logging |"},{"line_number":260,"context_line":"+----------------------+-------+-------+-------+-----------+-----------------------+"},{"line_number":261,"context_line":"|event                 |string |RW     |N/A    |string     |Event log description  |"},{"line_number":262,"context_line":"+----------------------+-------+-------+-------+-----------+-----------------------+"},{"line_number":263,"context_line":"|security_group_id     |uuid   |RW(No  |N/A    |uuid       |Security-groups UUID   |"},{"line_number":264,"context_line":"|                      |       |update)|       |           |is enabled logging     |"}],"source_content_type":"text/x-rst","patch_set":35,"id":"5a710552_ed2fa5f4","line":261,"updated":"2015-12-14 17:28:05.000000000","message":"I would suggest changing event to description - since when I first saw it I thought it meant something else.","commit_id":"83c36991aa1d5f410114f70346203d7f349d6f82"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"cba3b5ad76982f9a131292b6ce72333f81c91f87","unresolved":false,"context_lines":[{"line_number":258,"context_line":"+----------------------+-------+-------+-------+-----------+-----------------------+"},{"line_number":259,"context_line":"|tenant_id             |uuid   |RO     |N/A    |uuid       |Tenant creates logging |"},{"line_number":260,"context_line":"+----------------------+-------+-------+-------+-----------+-----------------------+"},{"line_number":261,"context_line":"|event                 |string |RW     |N/A    |string     |Event log description  |"},{"line_number":262,"context_line":"+----------------------+-------+-------+-------+-----------+-----------------------+"},{"line_number":263,"context_line":"|security_group_id     |uuid   |RW(No  |N/A    |uuid       |Security-groups UUID   |"},{"line_number":264,"context_line":"|                      |       |update)|       |           |is enabled logging     |"}],"source_content_type":"text/x-rst","patch_set":35,"id":"5a710552_907704d4","line":261,"in_reply_to":"5a710552_ed2fa5f4","updated":"2015-12-15 02:34:01.000000000","message":"Thanks for your time. I will follow your suggestion.","commit_id":"83c36991aa1d5f410114f70346203d7f349d6f82"},{"author":{"_account_id":748,"name":"Armando Migliaccio","email":"armamig@gmail.com","username":"armando-migliaccio"},"change_message_id":"136e2d811405e5dc4a3fbce9813ac829d7ce6517","unresolved":false,"context_lines":[{"line_number":42,"context_line":"* **Define format and ways to collect security groups related events**."},{"line_number":43,"context_line":"* **Define format and ways to access these events**."},{"line_number":44,"context_line":""},{"line_number":45,"context_line":""},{"line_number":46,"context_line":"Use case of LoggingResource configuration"},{"line_number":47,"context_line":"-----------------------------------------"},{"line_number":48,"context_line":""}],"source_content_type":"text/x-rst","patch_set":37,"id":"3a7e1126_d0e9ca1b","line":45,"updated":"2015-12-17 18:35:53.000000000","message":"So far the objective is clear, but I also recall that this text is what I proposed a while back. From here to the next section I a see a major disconnect: why would a user create a logging resource and associate it to a security group (let alone a single port)? Does it mean that the events related to the security groups won\u0027t be collected until then?","commit_id":"77530fca571154fdb49c32c4bb62e90e7b6cf27e"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"5138c9dd715ad825e754739463ea63641bf385bd","unresolved":false,"context_lines":[{"line_number":42,"context_line":"* **Define format and ways to collect security groups related events**."},{"line_number":43,"context_line":"* **Define format and ways to access these events**."},{"line_number":44,"context_line":""},{"line_number":45,"context_line":""},{"line_number":46,"context_line":"Use case of LoggingResource configuration"},{"line_number":47,"context_line":"-----------------------------------------"},{"line_number":48,"context_line":""}],"source_content_type":"text/x-rst","patch_set":37,"id":"7af24918_138b2220","line":45,"in_reply_to":"3a7e1126_d0e9ca1b","updated":"2016-03-04 10:42:34.000000000","message":"\u003e why would a user create a logging resource and associate it to a security group (let alone a single port)?\n\nLet\u0027s me explain current our design:\n1) The logging_resource is created to manage security_group_logs resource and perform collecting events related to security group rules for a certain tenant or a project.\n\nThe events related security group rules includes:\n    (a) security group rule id indicates which rule event is applied.\n    (b) INGRESS/EGRESS indicates direction of traffic.\n    (c) neutron port id indicates which VM that\u0027s event applied .\n\nThese events are specified by security_group_logs as below:\n    \"security_group_logs\": {\n        \"sg_rule_events\": \u003cINGRESS/EGRESS or security_group_rule_id\u003e\n        \"security_group_id\": \u003csg_id\u003e\n        \"port_id\": \u003cport_id\u003e\n     }\n\nThe security_group_log specifies use cases for operator demand as below:\n    (a) All security group rules applied to specific neutron port.\n    (b) All security group rules with direction is INGRESS/EGRESS to \n        specific neutron port.\n    (c) All security group rules applied to all neutron port.\n    (d) All security group rules of specific security group applied to\n        specific neutron port.\n    (e) Specific security group rule of specific security group.\n    (f) Specific security group rule applied to specific neutron port.\n    (g) All security group rules applied in a tenant.\n         ...\n\nAssociating the security_group_log to a logging_resource by specifies logging_resource_id attribute when create it. Operator can attach multi security_group_log to a logging_resource.\n\n2) The \"enabled\" attribute in logging_resource indicates whether a logging_resource is active or not. When enabled, log is emitted based on the configuration of this logging resource. Otherwise (when disabled),\nit will not emit any log.\n\nThe events related to security group rules will be collected to file or syslog or other channel, that depends on logger back-end implementation.\n\nWhen operator has traffic problem, gathering all information related security groups is necessary. We\u0027d like\noperator creates logging_resource to manage and collect all events related to security group rules for certain tenant. So, these are reason \"why would a user create logging_resource and associate it to a/multi security group\".\n\n\u003e Does it mean that the events related to the security groups won\u0027t be collected until then?\n\nAs explained above, the events related to the security groups won\u0027t be collected until they is associated to a logging_resource. These events will be collected when logging_resource is enabled as section 2.","commit_id":"77530fca571154fdb49c32c4bb62e90e7b6cf27e"},{"author":{"_account_id":748,"name":"Armando Migliaccio","email":"armamig@gmail.com","username":"armando-migliaccio"},"change_message_id":"136e2d811405e5dc4a3fbce9813ac829d7ce6517","unresolved":false,"context_lines":[{"line_number":184,"context_line":"                    \"security_group_rule_id\": None"},{"line_number":185,"context_line":"                }]"},{"line_number":186,"context_line":"            }"},{"line_number":187,"context_line":"        }"},{"line_number":188,"context_line":""},{"line_number":189,"context_line":""},{"line_number":190,"context_line":"Expected API behavior"}],"source_content_type":"text/x-rst","patch_set":37,"id":"3a7e1126_d08f8a21","line":187,"updated":"2015-12-17 18:35:53.000000000","message":"What am I doing with these REST operations? I still miss the point of the workflow for this feature. The way I see the workflow to be is:\n\na) A user boots a number of VM\u0027s, the VM\u0027s traffic is restricted according to certain security group rules\nb) The user has traffic problems\n\nAt this point the user can go and request a list of events associated to a specific security group (affecting multiple ports) or a single port.\n\nHow is the user meant to consume these events? I am still unclear.","commit_id":"77530fca571154fdb49c32c4bb62e90e7b6cf27e"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"5138c9dd715ad825e754739463ea63641bf385bd","unresolved":false,"context_lines":[{"line_number":184,"context_line":"                    \"security_group_rule_id\": None"},{"line_number":185,"context_line":"                }]"},{"line_number":186,"context_line":"            }"},{"line_number":187,"context_line":"        }"},{"line_number":188,"context_line":""},{"line_number":189,"context_line":""},{"line_number":190,"context_line":"Expected API behavior"}],"source_content_type":"text/x-rst","patch_set":37,"id":"7af24918_fe311da3","line":187,"in_reply_to":"3a7e1126_d08f8a21","updated":"2016-03-04 10:42:34.000000000","message":"\u003eWhat am I doing with these REST operations?\n\n1) The operator creates a logging_resource to manage and collect events \n   related security group rules of a tenant to file or syslog/rsyslog for \n   their demand.\n\n2) The operator can consume these events by access log-file or syslog \n   directly (under compute host).\n3) In here, we are missing some information on this specs. Accessing events \n   related security group rules via REST API/CLI this is out of scope of\n   this specs. \n\nIn addition, we\u0027d like show you an example (workflow) for more clear about\nmy idea as below:\n    a) An operator boots a number of VM\u0027s, the VM\u0027s traffic is restricted\n       according to certain security group rules.\n    b) operator creates a logging_resource container to manage events\n       related security group rules want to log.\n    c) operator defines events related to security group rules\n       (security_group_log resource) want to log.\n    d) When operator has traffic problems. At this point, the operator can\n       access log-file or syslog to gather information about events related \n       security group rules that are specified on step-c for\n       troubleshooting process.","commit_id":"77530fca571154fdb49c32c4bb62e90e7b6cf27e"},{"author":{"_account_id":748,"name":"Armando Migliaccio","email":"armamig@gmail.com","username":"armando-migliaccio"},"change_message_id":"136e2d811405e5dc4a3fbce9813ac829d7ce6517","unresolved":false,"context_lines":[{"line_number":201,"context_line":"    (6) Events of a specific sg rule of all ports."},{"line_number":202,"context_line":""},{"line_number":203,"context_line":"In addition, after LoggingResource is configured, events log data will"},{"line_number":204,"context_line":"be transferred to central logging server."},{"line_number":205,"context_line":""},{"line_number":206,"context_line":""},{"line_number":207,"context_line":"Data Model Impact"}],"source_content_type":"text/x-rst","patch_set":37,"id":"3a7e1126_90e7c2e3","line":204,"updated":"2015-12-17 18:35:53.000000000","message":"What\u0027s the point of driving this through the API if the user has to have access to a logging server? If this whole effort is to configure remote logging, driving this via REST is a huge overkill.","commit_id":"77530fca571154fdb49c32c4bb62e90e7b6cf27e"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"5138c9dd715ad825e754739463ea63641bf385bd","unresolved":false,"context_lines":[{"line_number":201,"context_line":"    (6) Events of a specific sg rule of all ports."},{"line_number":202,"context_line":""},{"line_number":203,"context_line":"In addition, after LoggingResource is configured, events log data will"},{"line_number":204,"context_line":"be transferred to central logging server."},{"line_number":205,"context_line":""},{"line_number":206,"context_line":""},{"line_number":207,"context_line":"Data Model Impact"}],"source_content_type":"text/x-rst","patch_set":37,"id":"7af24918_9916334a","line":204,"in_reply_to":"3a7e1126_90e7c2e3","updated":"2016-03-04 10:42:34.000000000","message":"In first place, I think collecting logged-data to central logging server will help operator to be able to track\nand consume logged-data more easier. This is reason for \"Why we add feature configure remote logging\".\n\nBut this is *NOT* our target. Our target is trying to propose a way to capture events related security group rules when they occurred. It is necessary for troubleshooting process. As you said: User has to have access to logging server, otherwise we can easily configure remote logging by hand. So It\u0027s a huge overkill, we will remove this piece out of specs.\n\nThanks for your comments.","commit_id":"77530fca571154fdb49c32c4bb62e90e7b6cf27e"},{"author":{"_account_id":748,"name":"Armando Migliaccio","email":"armamig@gmail.com","username":"armando-migliaccio"},"change_message_id":"136e2d811405e5dc4a3fbce9813ac829d7ce6517","unresolved":false,"context_lines":[{"line_number":404,"context_line":""},{"line_number":405,"context_line":"    neutron logging-security-group-list"},{"line_number":406,"context_line":"    neutron logging-security-group-show \u003csecurity-group-log-id\u003e"},{"line_number":407,"context_line":"    neutron logging-security-group-delete \u003csecurity-group-log-id\u003e"},{"line_number":408,"context_line":""},{"line_number":409,"context_line":""},{"line_number":410,"context_line":"Performance Impact"}],"source_content_type":"text/x-rst","patch_set":37,"id":"3a7e1126_b0d43ebd","line":407,"updated":"2015-12-17 18:35:53.000000000","message":"With these commands I can\u0027t still access the events associated to security groups. All I could do is to programmatically configure a logger, which is something I could do easily out of band.\n\nThis is pretty pointless especially if we consider that, if the services do not emit the right events, logging doesn\u0027t help troubleshooting. I thought the definition of events was one of the objectives of this spec. I am disappointed that after these many iterations I still see no clarity on this matter.","commit_id":"77530fca571154fdb49c32c4bb62e90e7b6cf27e"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"5138c9dd715ad825e754739463ea63641bf385bd","unresolved":false,"context_lines":[{"line_number":404,"context_line":""},{"line_number":405,"context_line":"    neutron logging-security-group-list"},{"line_number":406,"context_line":"    neutron logging-security-group-show \u003csecurity-group-log-id\u003e"},{"line_number":407,"context_line":"    neutron logging-security-group-delete \u003csecurity-group-log-id\u003e"},{"line_number":408,"context_line":""},{"line_number":409,"context_line":""},{"line_number":410,"context_line":"Performance Impact"}],"source_content_type":"text/x-rst","patch_set":37,"id":"7af24918_f9d81755","line":407,"in_reply_to":"3a7e1126_b0d43ebd","updated":"2016-03-04 10:42:34.000000000","message":"\u003eWith these commands I can\u0027t still access the events associated to security groups.\n\nIn here, we have some missing information on specs. The accessing events associated to security groups via REST API or CLI is *NOT* supported by this specs. The operator can access these events by tracking on log-file or syslog on compute host.\n\n\u003e This is pretty pointless especially if we consider that, if the services do not emit the right events, logging doesn\u0027t help troubleshooting. I thought the definition of events was one of the objectives of this spec.\n\nTo troubleshoot a network issue: The operator need to gather all\ninformation related security group, firewall to determine:\n    (a) Where the problem is located on tenant, on security group,\n        on instance, on firewall, ...\n    (b) When events occurred?\n    (c) What are protocols used?\n    ...\n\nFor operators, we suggest they should collect all events related security group rules of a tenant to have enough information for troubleshooting process. So we\u0027d like they create log_resource to manage. Then they can associate events related security group rules by create security_group_log with specific logging_resource_id attribute.\n\nThe events related security group rules includes:\n    (a) security group rule id indicates which rule event is applied.\n    (b) INGRESS/EGRESS indicates direction of traffic.\n    (c) neutron port id indicates which VM that\u0027s event applied .\n\nThese events are specified by security_group_logs as below:\n    \"security_group_logs\": {\n         \"sg_rule_events\": \u003cINGRESS/EGRESS or security_group_rule_id\u003e\n         \"security_group_id\": \u003csg_id\u003e\n         \"port_id\": \u003cport_id\u003e\n    }\n\nIn future, we will support firewall logging feature. Therefore, operator can have a big picture for their problem more clearly.\n\nIn addition, we\u0027d like show you a example about logged-data this service\nwill emit as below:\n    Oct 21 13:10:51 8d4c70a21fed4aeba121a1a429ba0d04 security-group\n    e30abd17-fef9-4739-8617-dc26da88e686 INGRESS f316e55d-51 IN\u003deth0 OUT\u003d\n    MAC\u003d08:00:27:b0:45:7b:08:00:27:f7:cf:64:08:00 SRC\u003d10.164.176.134 DST\u003d10.164.176.230\n    LEN\u003d84 TOS\u003d00 PREC\u003d0x00 TTL\u003d64 ID\u003d33471 PROTO\u003dICMP TYPE\u003d0 CODE\u003d0 ID\u003d11991\n    SEQ\u003d6 MARK\u003d0\n\nBy tracking logged-data, operator can know information about:\n    - timestamp: When the events occur? Oct 21 13:10:51\n    - tenant_id: Who is logging? 8d4c70a21fed4aeba121a1a429ba0d04\n    - resource_log: What\u0027s resource logging? security-group\n    - sg-rule-id: Which rule event is applied? e30abd17-fef9-4739-8617-dc26da88e686\n    - direction: Did traffic in/out VM?: INGRESS\n    - port_id: Where\u0027s VM port traffic incoming/outgoing?: f316e55d-51\n    - sr_ip, dst_ip: Where the traffic come/out from? SRC\u003d10.164.176.134 DST\u003d10.164.176.230\n    - protocol: what\u0027s protocol used? \u003cprotocol\u003e: PROTO\u003dICMP\n    - ...","commit_id":"77530fca571154fdb49c32c4bb62e90e7b6cf27e"},{"author":{"_account_id":748,"name":"Armando Migliaccio","email":"armamig@gmail.com","username":"armando-migliaccio"},"change_message_id":"136e2d811405e5dc4a3fbce9813ac829d7ce6517","unresolved":false,"context_lines":[{"line_number":411,"context_line":"------------------"},{"line_number":412,"context_line":""},{"line_number":413,"context_line":"Current design is to log data directory into logfile, but considering"},{"line_number":414,"context_line":"to log data into memory (e.g. cyclic buffer) to minimize performance overhead."},{"line_number":415,"context_line":""},{"line_number":416,"context_line":""},{"line_number":417,"context_line":"IPv6 Impact"}],"source_content_type":"text/x-rst","patch_set":37,"id":"3a7e1126_90b6e288","line":414,"updated":"2015-12-17 18:35:53.000000000","message":"Logging is a configurable aspect of any openstack service. We can log to file, syslog, and/or rsyslog. I miss the point of this statement. We don\u0027t need a REST API to configure rsyslog if this was the intention of this spec all along.","commit_id":"77530fca571154fdb49c32c4bb62e90e7b6cf27e"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"5138c9dd715ad825e754739463ea63641bf385bd","unresolved":false,"context_lines":[{"line_number":411,"context_line":"------------------"},{"line_number":412,"context_line":""},{"line_number":413,"context_line":"Current design is to log data directory into logfile, but considering"},{"line_number":414,"context_line":"to log data into memory (e.g. cyclic buffer) to minimize performance overhead."},{"line_number":415,"context_line":""},{"line_number":416,"context_line":""},{"line_number":417,"context_line":"IPv6 Impact"}],"source_content_type":"text/x-rst","patch_set":37,"id":"7af24918_59594b8d","line":414,"in_reply_to":"3a7e1126_90b6e288","updated":"2016-03-04 10:42:34.000000000","message":"This specs doesn\u0027t intent a way to configure rsyslog. We are proposing a way to capture events related to security group rules when they occurred. We\u0027d like to update this section as below:\n\"Currently, logged-data will store to file or syslog/rsyslog. So this can be raised a little bit performance overhead.\"","commit_id":"77530fca571154fdb49c32c4bb62e90e7b6cf27e"}],"specs/mitaka/logging-API-for-sg-and-fw-rules.rst":[{"author":{"_account_id":2874,"name":"yong sheng gong","email":"gong.yongsheng@99cloud.net","username":"gongysh"},"change_message_id":"65e47831a4790246169beecf28e2a674b8f232a5","unresolved":false,"context_lines":[{"line_number":56,"context_line":"  * [API] See `REST API Impact`_ section."},{"line_number":57,"context_line":""},{"line_number":58,"context_line":"* The following data are candidates to be logged."},{"line_number":59,"context_line":"  (those data after \u0027IN\u0027 can be obtained from iptables [3])"},{"line_number":60,"context_line":"* As a first implementation of the logging API we support logging of packets"},{"line_number":61,"context_line":"  events for security-group and firewall rules."},{"line_number":62,"context_line":""}],"source_content_type":"text/x-rst","patch_set":22,"id":"9a1a9d01_af486d88","line":59,"updated":"2015-09-28 11:33:52.000000000","message":"why start with 3? can we use [#]_ ?","commit_id":"43e6f8e9a14180ff2b402fadc9853a9f77cbb213"},{"author":{"_account_id":13702,"name":"yushiro","username":"yushiro","inactive":true},"change_message_id":"b2206c3dcdc4e855fe2f8f16412c3bceb0acc479","unresolved":false,"context_lines":[{"line_number":56,"context_line":"  * [API] See `REST API Impact`_ section."},{"line_number":57,"context_line":""},{"line_number":58,"context_line":"* The following data are candidates to be logged."},{"line_number":59,"context_line":"  (those data after \u0027IN\u0027 can be obtained from iptables [3])"},{"line_number":60,"context_line":"* As a first implementation of the logging API we support logging of packets"},{"line_number":61,"context_line":"  events for security-group and firewall rules."},{"line_number":62,"context_line":""}],"source_content_type":"text/x-rst","patch_set":22,"id":"9a1a9d01_326190d3","line":59,"in_reply_to":"9a1a9d01_49e07196","updated":"2015-10-01 09:02:42.000000000","message":"We will use [#]_ .  Thank you.","commit_id":"43e6f8e9a14180ff2b402fadc9853a9f77cbb213"},{"author":{"_account_id":13702,"name":"yushiro","username":"yushiro","inactive":true},"change_message_id":"b2206c3dcdc4e855fe2f8f16412c3bceb0acc479","unresolved":false,"context_lines":[{"line_number":56,"context_line":"  * [API] See `REST API Impact`_ section."},{"line_number":57,"context_line":""},{"line_number":58,"context_line":"* The following data are candidates to be logged."},{"line_number":59,"context_line":"  (those data after \u0027IN\u0027 can be obtained from iptables [3])"},{"line_number":60,"context_line":"* As a first implementation of the logging API we support logging of packets"},{"line_number":61,"context_line":"  events for security-group and firewall rules."},{"line_number":62,"context_line":""}],"source_content_type":"text/x-rst","patch_set":22,"id":"9a1a9d01_d26ff4c1","line":59,"in_reply_to":"9a1a9d01_af486d88","updated":"2015-10-01 09:02:42.000000000","message":"Thanks for your review and suggestions. Please see my comments below.","commit_id":"43e6f8e9a14180ff2b402fadc9853a9f77cbb213"},{"author":{"_account_id":11682,"name":"Ryan Moats","email":"rmoats@us.ibm.com","username":"regXboi"},"change_message_id":"733aa4e66d45229080301842d9e64d2c3e993621","unresolved":false,"context_lines":[{"line_number":56,"context_line":"  * [API] See `REST API Impact`_ section."},{"line_number":57,"context_line":""},{"line_number":58,"context_line":"* The following data are candidates to be logged."},{"line_number":59,"context_line":"  (those data after \u0027IN\u0027 can be obtained from iptables [3])"},{"line_number":60,"context_line":"* As a first implementation of the logging API we support logging of packets"},{"line_number":61,"context_line":"  events for security-group and firewall rules."},{"line_number":62,"context_line":""}],"source_content_type":"text/x-rst","patch_set":22,"id":"9a1a9d01_49e07196","line":59,"in_reply_to":"9a1a9d01_af486d88","updated":"2015-09-29 14:46:09.000000000","message":"That would read better, but would require the specific reference tag to be moved up here to make sure it aligns","commit_id":"43e6f8e9a14180ff2b402fadc9853a9f77cbb213"},{"author":{"_account_id":2874,"name":"yong sheng gong","email":"gong.yongsheng@99cloud.net","username":"gongysh"},"change_message_id":"65e47831a4790246169beecf28e2a674b8f232a5","unresolved":false,"context_lines":[{"line_number":58,"context_line":"* The following data are candidates to be logged."},{"line_number":59,"context_line":"  (those data after \u0027IN\u0027 can be obtained from iptables [3])"},{"line_number":60,"context_line":"* As a first implementation of the logging API we support logging of packets"},{"line_number":61,"context_line":"  events for security-group and firewall rules."},{"line_number":62,"context_line":""},{"line_number":63,"context_line":":dir:"},{"line_number":64,"context_line":"    Direction(ingress/i, egress/o)"}],"source_content_type":"text/x-rst","patch_set":22,"id":"9a1a9d01_6f09f530","line":61,"updated":"2015-09-28 11:33:52.000000000","message":"put this bullet before previous one since it seems to me the following is for previous bullet.","commit_id":"43e6f8e9a14180ff2b402fadc9853a9f77cbb213"},{"author":{"_account_id":13702,"name":"yushiro","username":"yushiro","inactive":true},"change_message_id":"b2206c3dcdc4e855fe2f8f16412c3bceb0acc479","unresolved":false,"context_lines":[{"line_number":58,"context_line":"* The following data are candidates to be logged."},{"line_number":59,"context_line":"  (those data after \u0027IN\u0027 can be obtained from iptables [3])"},{"line_number":60,"context_line":"* As a first implementation of the logging API we support logging of packets"},{"line_number":61,"context_line":"  events for security-group and firewall rules."},{"line_number":62,"context_line":""},{"line_number":63,"context_line":":dir:"},{"line_number":64,"context_line":"    Direction(ingress/i, egress/o)"}],"source_content_type":"text/x-rst","patch_set":22,"id":"9a1a9d01_328f5076","line":61,"in_reply_to":"9a1a9d01_6f09f530","updated":"2015-10-01 09:02:42.000000000","message":"You\u0027re right. We\u0027ll update as your suggestions","commit_id":"43e6f8e9a14180ff2b402fadc9853a9f77cbb213"},{"author":{"_account_id":2874,"name":"yong sheng gong","email":"gong.yongsheng@99cloud.net","username":"gongysh"},"change_message_id":"65e47831a4790246169beecf28e2a674b8f232a5","unresolved":false,"context_lines":[{"line_number":186,"context_line":"---------------"},{"line_number":187,"context_line":"The new resources:"},{"line_number":188,"context_line":""},{"line_number":189,"context_line":"code-block::"},{"line_number":190,"context_line":""},{"line_number":191,"context_line":"    LOGGING_PREFIX \u003d \u0027/logging\u0027"},{"line_number":192,"context_line":"    log_level_supported \u003d [\u0027info\u0027, \u0027warn\u0027, \u0027error\u0027, \u0027debug\u0027, \u0027notice\u0027]"}],"source_content_type":"text/x-rst","patch_set":22,"id":"9a1a9d01_8a59d700","line":189,"updated":"2015-09-28 11:33:52.000000000","message":"since we don\u0027t need code-block. just add \u0027::\u0027 after The new resources.","commit_id":"43e6f8e9a14180ff2b402fadc9853a9f77cbb213"},{"author":{"_account_id":13702,"name":"yushiro","username":"yushiro","inactive":true},"change_message_id":"b2206c3dcdc4e855fe2f8f16412c3bceb0acc479","unresolved":false,"context_lines":[{"line_number":186,"context_line":"---------------"},{"line_number":187,"context_line":"The new resources:"},{"line_number":188,"context_line":""},{"line_number":189,"context_line":"code-block::"},{"line_number":190,"context_line":""},{"line_number":191,"context_line":"    LOGGING_PREFIX \u003d \u0027/logging\u0027"},{"line_number":192,"context_line":"    log_level_supported \u003d [\u0027info\u0027, \u0027warn\u0027, \u0027error\u0027, \u0027debug\u0027, \u0027notice\u0027]"}],"source_content_type":"text/x-rst","patch_set":22,"id":"9a1a9d01_72c70896","line":189,"in_reply_to":"9a1a9d01_8a59d700","updated":"2015-10-01 09:02:42.000000000","message":"Done","commit_id":"43e6f8e9a14180ff2b402fadc9853a9f77cbb213"},{"author":{"_account_id":2874,"name":"yong sheng gong","email":"gong.yongsheng@99cloud.net","username":"gongysh"},"change_message_id":"65e47831a4790246169beecf28e2a674b8f232a5","unresolved":false,"context_lines":[{"line_number":199,"context_line":"                          \u0027required_by_policy\u0027: True, \u0027is_visible\u0027: True},"},{"line_number":200,"context_line":"    }"},{"line_number":201,"context_line":"    RESOURCE_ATTRIBUTE_MAP \u003d {"},{"line_number":202,"context_line":"        \u0027sg_rules\u0027: {"},{"line_number":203,"context_line":"            \u0027id\u0027: {\u0027allow_post\u0027: False, \u0027allow_put\u0027: False,"},{"line_number":204,"context_line":"                   \u0027validate\u0027: {\u0027type:uuid\u0027: None},"},{"line_number":205,"context_line":"                   \u0027is_visible\u0027: True,"}],"source_content_type":"text/x-rst","patch_set":22,"id":"9a1a9d01_6a3c832f","line":202,"updated":"2015-09-28 11:33:52.000000000","message":"sg_log_rules is better","commit_id":"43e6f8e9a14180ff2b402fadc9853a9f77cbb213"},{"author":{"_account_id":13702,"name":"yushiro","username":"yushiro","inactive":true},"change_message_id":"b2206c3dcdc4e855fe2f8f16412c3bceb0acc479","unresolved":false,"context_lines":[{"line_number":199,"context_line":"                          \u0027required_by_policy\u0027: True, \u0027is_visible\u0027: True},"},{"line_number":200,"context_line":"    }"},{"line_number":201,"context_line":"    RESOURCE_ATTRIBUTE_MAP \u003d {"},{"line_number":202,"context_line":"        \u0027sg_rules\u0027: {"},{"line_number":203,"context_line":"            \u0027id\u0027: {\u0027allow_post\u0027: False, \u0027allow_put\u0027: False,"},{"line_number":204,"context_line":"                   \u0027validate\u0027: {\u0027type:uuid\u0027: None},"},{"line_number":205,"context_line":"                   \u0027is_visible\u0027: True,"}],"source_content_type":"text/x-rst","patch_set":22,"id":"9a1a9d01_52b8c410","line":202,"in_reply_to":"9a1a9d01_6a3c832f","updated":"2015-10-01 09:02:42.000000000","message":"Done","commit_id":"43e6f8e9a14180ff2b402fadc9853a9f77cbb213"},{"author":{"_account_id":11682,"name":"Ryan Moats","email":"rmoats@us.ibm.com","username":"regXboi"},"change_message_id":"733aa4e66d45229080301842d9e64d2c3e993621","unresolved":false,"context_lines":[{"line_number":199,"context_line":"                          \u0027required_by_policy\u0027: True, \u0027is_visible\u0027: True},"},{"line_number":200,"context_line":"    }"},{"line_number":201,"context_line":"    RESOURCE_ATTRIBUTE_MAP \u003d {"},{"line_number":202,"context_line":"        \u0027sg_rules\u0027: {"},{"line_number":203,"context_line":"            \u0027id\u0027: {\u0027allow_post\u0027: False, \u0027allow_put\u0027: False,"},{"line_number":204,"context_line":"                   \u0027validate\u0027: {\u0027type:uuid\u0027: None},"},{"line_number":205,"context_line":"                   \u0027is_visible\u0027: True,"}],"source_content_type":"text/x-rst","patch_set":22,"id":"9a1a9d01_e9bdc568","line":202,"in_reply_to":"9a1a9d01_6a3c832f","updated":"2015-09-29 14:46:09.000000000","message":"If this change is going to be made, then for the sake of consistency, the URLs below should also change.","commit_id":"43e6f8e9a14180ff2b402fadc9853a9f77cbb213"},{"author":{"_account_id":13702,"name":"yushiro","username":"yushiro","inactive":true},"change_message_id":"b2206c3dcdc4e855fe2f8f16412c3bceb0acc479","unresolved":false,"context_lines":[{"line_number":199,"context_line":"                          \u0027required_by_policy\u0027: True, \u0027is_visible\u0027: True},"},{"line_number":200,"context_line":"    }"},{"line_number":201,"context_line":"    RESOURCE_ATTRIBUTE_MAP \u003d {"},{"line_number":202,"context_line":"        \u0027sg_rules\u0027: {"},{"line_number":203,"context_line":"            \u0027id\u0027: {\u0027allow_post\u0027: False, \u0027allow_put\u0027: False,"},{"line_number":204,"context_line":"                   \u0027validate\u0027: {\u0027type:uuid\u0027: None},"},{"line_number":205,"context_line":"                   \u0027is_visible\u0027: True,"}],"source_content_type":"text/x-rst","patch_set":22,"id":"9a1a9d01_123d6c8e","line":202,"in_reply_to":"9a1a9d01_e9bdc568","updated":"2015-10-01 09:02:42.000000000","message":"Done","commit_id":"43e6f8e9a14180ff2b402fadc9853a9f77cbb213"},{"author":{"_account_id":4656,"name":"Sean M. Collins","email":"sean@coreitpro.com","username":"scollins"},"change_message_id":"76bf5d1856a255536c8f7364399badcee4399739","unresolved":false,"context_lines":[{"line_number":210,"context_line":"            \u0027tenant_id\u0027: {\u0027allow_post\u0027: True, \u0027allow_put\u0027: False,"},{"line_number":211,"context_line":"                          \u0027required_by_policy\u0027: True,"},{"line_number":212,"context_line":"                          \u0027is_visible\u0027: True},"},{"line_number":213,"context_line":"            \u0027log_drivers\u0027: {\u0027allow_post\u0027: False, \u0027allow_put\u0027: False,"},{"line_number":214,"context_line":"                            \u0027is_visible\u0027: True},"},{"line_number":215,"context_line":"        },"},{"line_number":216,"context_line":"        \u0027fw_rules\u0027: {"}],"source_content_type":"text/x-rst","patch_set":22,"id":"9a1a9d01_1ab6f5f8","line":213,"updated":"2015-09-30 19:32:17.000000000","message":"What is the type for this attribute? It\u0027s also pluraralized, so are multiple drivers logging a rule?","commit_id":"43e6f8e9a14180ff2b402fadc9853a9f77cbb213"},{"author":{"_account_id":13702,"name":"yushiro","username":"yushiro","inactive":true},"change_message_id":"b2206c3dcdc4e855fe2f8f16412c3bceb0acc479","unresolved":false,"context_lines":[{"line_number":210,"context_line":"            \u0027tenant_id\u0027: {\u0027allow_post\u0027: True, \u0027allow_put\u0027: False,"},{"line_number":211,"context_line":"                          \u0027required_by_policy\u0027: True,"},{"line_number":212,"context_line":"                          \u0027is_visible\u0027: True},"},{"line_number":213,"context_line":"            \u0027log_drivers\u0027: {\u0027allow_post\u0027: False, \u0027allow_put\u0027: False,"},{"line_number":214,"context_line":"                            \u0027is_visible\u0027: True},"},{"line_number":215,"context_line":"        },"},{"line_number":216,"context_line":"        \u0027fw_rules\u0027: {"}],"source_content_type":"text/x-rst","patch_set":22,"id":"9a1a9d01_526684bb","line":213,"in_reply_to":"9a1a9d01_1ab6f5f8","updated":"2015-10-01 09:02:42.000000000","message":"\u003eWhat is the type for this attribute?\n Type of attribute is logger object (ex. rsyslog object).\n\n\u003eIt\u0027s also pluraralized, so are multiple drivers logging a rule?\n No. We are proposing to support logger driver per tenant.\n I will change \"log_drivers\" to \"log_driver\"","commit_id":"43e6f8e9a14180ff2b402fadc9853a9f77cbb213"},{"author":{"_account_id":2874,"name":"yong sheng gong","email":"gong.yongsheng@99cloud.net","username":"gongysh"},"change_message_id":"65e47831a4790246169beecf28e2a674b8f232a5","unresolved":false,"context_lines":[{"line_number":213,"context_line":"            \u0027log_drivers\u0027: {\u0027allow_post\u0027: False, \u0027allow_put\u0027: False,"},{"line_number":214,"context_line":"                            \u0027is_visible\u0027: True},"},{"line_number":215,"context_line":"        },"},{"line_number":216,"context_line":"        \u0027fw_rules\u0027: {"},{"line_number":217,"context_line":"            \u0027id\u0027: {\u0027allow_post\u0027: False, \u0027allow_put\u0027: False,"},{"line_number":218,"context_line":"                   \u0027validate\u0027: {\u0027type:uuid\u0027: None},"},{"line_number":219,"context_line":"                   \u0027is_visible\u0027: True,"}],"source_content_type":"text/x-rst","patch_set":22,"id":"9a1a9d01_2a468bbf","line":216,"updated":"2015-09-28 11:33:52.000000000","message":"fw_log_rules is better.","commit_id":"43e6f8e9a14180ff2b402fadc9853a9f77cbb213"},{"author":{"_account_id":13702,"name":"yushiro","username":"yushiro","inactive":true},"change_message_id":"b2206c3dcdc4e855fe2f8f16412c3bceb0acc479","unresolved":false,"context_lines":[{"line_number":213,"context_line":"            \u0027log_drivers\u0027: {\u0027allow_post\u0027: False, \u0027allow_put\u0027: False,"},{"line_number":214,"context_line":"                            \u0027is_visible\u0027: True},"},{"line_number":215,"context_line":"        },"},{"line_number":216,"context_line":"        \u0027fw_rules\u0027: {"},{"line_number":217,"context_line":"            \u0027id\u0027: {\u0027allow_post\u0027: False, \u0027allow_put\u0027: False,"},{"line_number":218,"context_line":"                   \u0027validate\u0027: {\u0027type:uuid\u0027: None},"},{"line_number":219,"context_line":"                   \u0027is_visible\u0027: True,"}],"source_content_type":"text/x-rst","patch_set":22,"id":"9a1a9d01_72fce8b7","line":216,"in_reply_to":"9a1a9d01_2a468bbf","updated":"2015-10-01 09:02:42.000000000","message":"Done","commit_id":"43e6f8e9a14180ff2b402fadc9853a9f77cbb213"},{"author":{"_account_id":11682,"name":"Ryan Moats","email":"rmoats@us.ibm.com","username":"regXboi"},"change_message_id":"733aa4e66d45229080301842d9e64d2c3e993621","unresolved":false,"context_lines":[{"line_number":213,"context_line":"            \u0027log_drivers\u0027: {\u0027allow_post\u0027: False, \u0027allow_put\u0027: False,"},{"line_number":214,"context_line":"                            \u0027is_visible\u0027: True},"},{"line_number":215,"context_line":"        },"},{"line_number":216,"context_line":"        \u0027fw_rules\u0027: {"},{"line_number":217,"context_line":"            \u0027id\u0027: {\u0027allow_post\u0027: False, \u0027allow_put\u0027: False,"},{"line_number":218,"context_line":"                   \u0027validate\u0027: {\u0027type:uuid\u0027: None},"},{"line_number":219,"context_line":"                   \u0027is_visible\u0027: True,"}],"source_content_type":"text/x-rst","patch_set":22,"id":"9a1a9d01_a9b34d99","line":216,"in_reply_to":"9a1a9d01_2a468bbf","updated":"2015-09-29 14:46:09.000000000","message":"ditto my reply comment on L202","commit_id":"43e6f8e9a14180ff2b402fadc9853a9f77cbb213"},{"author":{"_account_id":13702,"name":"yushiro","username":"yushiro","inactive":true},"change_message_id":"b2206c3dcdc4e855fe2f8f16412c3bceb0acc479","unresolved":false,"context_lines":[{"line_number":213,"context_line":"            \u0027log_drivers\u0027: {\u0027allow_post\u0027: False, \u0027allow_put\u0027: False,"},{"line_number":214,"context_line":"                            \u0027is_visible\u0027: True},"},{"line_number":215,"context_line":"        },"},{"line_number":216,"context_line":"        \u0027fw_rules\u0027: {"},{"line_number":217,"context_line":"            \u0027id\u0027: {\u0027allow_post\u0027: False, \u0027allow_put\u0027: False,"},{"line_number":218,"context_line":"                   \u0027validate\u0027: {\u0027type:uuid\u0027: None},"},{"line_number":219,"context_line":"                   \u0027is_visible\u0027: True,"}],"source_content_type":"text/x-rst","patch_set":22,"id":"9a1a9d01_92f73cd2","line":216,"in_reply_to":"9a1a9d01_a9b34d99","updated":"2015-10-01 09:02:42.000000000","message":"Done","commit_id":"43e6f8e9a14180ff2b402fadc9853a9f77cbb213"},{"author":{"_account_id":4656,"name":"Sean M. Collins","email":"sean@coreitpro.com","username":"scollins"},"change_message_id":"76bf5d1856a255536c8f7364399badcee4399739","unresolved":false,"context_lines":[{"line_number":224,"context_line":"            \u0027tenant_id\u0027: {\u0027allow_post\u0027: True, \u0027allow_put\u0027: False,"},{"line_number":225,"context_line":"                          \u0027required_by_policy\u0027: True,"},{"line_number":226,"context_line":"                          \u0027is_visible\u0027: True},"},{"line_number":227,"context_line":"            \u0027log_drivers\u0027: {\u0027allow_post\u0027: False, \u0027allow_put\u0027: False,"},{"line_number":228,"context_line":"                            \u0027is_visible\u0027: True},"},{"line_number":229,"context_line":"        }"},{"line_number":230,"context_line":"        \u0027log_driver_types\u0027: {"}],"source_content_type":"text/x-rst","patch_set":22,"id":"9a1a9d01_fab22105","line":227,"updated":"2015-09-30 19:32:17.000000000","message":"Same comment as L213","commit_id":"43e6f8e9a14180ff2b402fadc9853a9f77cbb213"},{"author":{"_account_id":13702,"name":"yushiro","username":"yushiro","inactive":true},"change_message_id":"b2206c3dcdc4e855fe2f8f16412c3bceb0acc479","unresolved":false,"context_lines":[{"line_number":224,"context_line":"            \u0027tenant_id\u0027: {\u0027allow_post\u0027: True, \u0027allow_put\u0027: False,"},{"line_number":225,"context_line":"                          \u0027required_by_policy\u0027: True,"},{"line_number":226,"context_line":"                          \u0027is_visible\u0027: True},"},{"line_number":227,"context_line":"            \u0027log_drivers\u0027: {\u0027allow_post\u0027: False, \u0027allow_put\u0027: False,"},{"line_number":228,"context_line":"                            \u0027is_visible\u0027: True},"},{"line_number":229,"context_line":"        }"},{"line_number":230,"context_line":"        \u0027log_driver_types\u0027: {"}],"source_content_type":"text/x-rst","patch_set":22,"id":"9a1a9d01_52fd24af","line":227,"in_reply_to":"9a1a9d01_fab22105","updated":"2015-10-01 09:02:42.000000000","message":"Done","commit_id":"43e6f8e9a14180ff2b402fadc9853a9f77cbb213"},{"author":{"_account_id":2874,"name":"yong sheng gong","email":"gong.yongsheng@99cloud.net","username":"gongysh"},"change_message_id":"65e47831a4790246169beecf28e2a674b8f232a5","unresolved":false,"context_lines":[{"line_number":251,"context_line":"                                \u0027validate\u0027: {\u0027type:values\u0027: log_level_supported}},"},{"line_number":252,"context_line":"                             })"},{"line_number":253,"context_line":"        }"},{"line_number":254,"context_line":"    }"},{"line_number":255,"context_line":""},{"line_number":256,"context_line":""},{"line_number":257,"context_line":"+--------------------+-------------------------------------+------------------+"}],"source_content_type":"text/x-rst","patch_set":22,"id":"9a1a9d01_aa9dbb5a","line":254,"updated":"2015-09-28 11:33:52.000000000","message":"add splunk?","commit_id":"43e6f8e9a14180ff2b402fadc9853a9f77cbb213"},{"author":{"_account_id":13702,"name":"yushiro","username":"yushiro","inactive":true},"change_message_id":"b2206c3dcdc4e855fe2f8f16412c3bceb0acc479","unresolved":false,"context_lines":[{"line_number":251,"context_line":"                                \u0027validate\u0027: {\u0027type:values\u0027: log_level_supported}},"},{"line_number":252,"context_line":"                             })"},{"line_number":253,"context_line":"        }"},{"line_number":254,"context_line":"    }"},{"line_number":255,"context_line":""},{"line_number":256,"context_line":""},{"line_number":257,"context_line":"+--------------------+-------------------------------------+------------------+"}],"source_content_type":"text/x-rst","patch_set":22,"id":"9a1a9d01_32199022","line":254,"in_reply_to":"9a1a9d01_aa9dbb5a","updated":"2015-10-01 09:02:42.000000000","message":"For the first implementation, we are considering to support rsyslog logger driver. \nWe will support for splunk logger driver in the further.","commit_id":"43e6f8e9a14180ff2b402fadc9853a9f77cbb213"},{"author":{"_account_id":11682,"name":"Ryan Moats","email":"rmoats@us.ibm.com","username":"regXboi"},"change_message_id":"733aa4e66d45229080301842d9e64d2c3e993621","unresolved":false,"context_lines":[{"line_number":275,"context_line":"+--------------------+-------------------------------------+------------------+"},{"line_number":276,"context_line":"|log-driver-types    |/logging/log-driver-types            |GET               |"},{"line_number":277,"context_line":"+--------------------+-------------------------------------+------------------+"},{"line_number":278,"context_line":"|rsyslog             |/logging/{tenant_id}/rsyslog         |POST              |"},{"line_number":279,"context_line":"+--------------------+-------------------------------------+------------------+"},{"line_number":280,"context_line":"|rsyslog             |/logging/{tenant_id}/rsyslog/        |GET               |"},{"line_number":281,"context_line":"+--------------------+-------------------------------------+------------------+"}],"source_content_type":"text/x-rst","patch_set":22,"id":"9a1a9d01_ec007303","line":278,"updated":"2015-09-29 14:46:09.000000000","message":"As I look at the examples below, there is a duplication of tenant_id information between the URL and the request.  Invoking DRU, one of these should be removed.","commit_id":"43e6f8e9a14180ff2b402fadc9853a9f77cbb213"},{"author":{"_account_id":13702,"name":"yushiro","username":"yushiro","inactive":true},"change_message_id":"b2206c3dcdc4e855fe2f8f16412c3bceb0acc479","unresolved":false,"context_lines":[{"line_number":275,"context_line":"+--------------------+-------------------------------------+------------------+"},{"line_number":276,"context_line":"|log-driver-types    |/logging/log-driver-types            |GET               |"},{"line_number":277,"context_line":"+--------------------+-------------------------------------+------------------+"},{"line_number":278,"context_line":"|rsyslog             |/logging/{tenant_id}/rsyslog         |POST              |"},{"line_number":279,"context_line":"+--------------------+-------------------------------------+------------------+"},{"line_number":280,"context_line":"|rsyslog             |/logging/{tenant_id}/rsyslog/        |GET               |"},{"line_number":281,"context_line":"+--------------------+-------------------------------------+------------------+"}],"source_content_type":"text/x-rst","patch_set":22,"id":"9a1a9d01_92cc1c8a","line":278,"in_reply_to":"9a1a9d01_ec007303","updated":"2015-10-01 09:02:42.000000000","message":"Done","commit_id":"43e6f8e9a14180ff2b402fadc9853a9f77cbb213"},{"author":{"_account_id":4656,"name":"Sean M. Collins","email":"sean@coreitpro.com","username":"scollins"},"change_message_id":"76bf5d1856a255536c8f7364399badcee4399739","unresolved":false,"context_lines":[{"line_number":293,"context_line":"        POST /v2.0/logging/sg-rules"},{"line_number":294,"context_line":"        {"},{"line_number":295,"context_line":"            \"sg_rule\": {"},{"line_number":296,"context_line":"                \"rule_id\": \"e30abd17-fef9-4739-8617-dc26da88e686\","},{"line_number":297,"context_line":"             }"},{"line_number":298,"context_line":"        }"},{"line_number":299,"context_line":""}],"source_content_type":"text/x-rst","patch_set":22,"id":"9a1a9d01_9ac20552","line":296,"updated":"2015-09-30 19:32:17.000000000","message":"Is this all the parameters for creating a logger for a security group rule?\n\nWhere\u0027s the part that specifies the logging driver?","commit_id":"43e6f8e9a14180ff2b402fadc9853a9f77cbb213"},{"author":{"_account_id":13702,"name":"yushiro","username":"yushiro","inactive":true},"change_message_id":"b2206c3dcdc4e855fe2f8f16412c3bceb0acc479","unresolved":false,"context_lines":[{"line_number":293,"context_line":"        POST /v2.0/logging/sg-rules"},{"line_number":294,"context_line":"        {"},{"line_number":295,"context_line":"            \"sg_rule\": {"},{"line_number":296,"context_line":"                \"rule_id\": \"e30abd17-fef9-4739-8617-dc26da88e686\","},{"line_number":297,"context_line":"             }"},{"line_number":298,"context_line":"        }"},{"line_number":299,"context_line":""}],"source_content_type":"text/x-rst","patch_set":22,"id":"9a1a9d01_927adc22","line":296,"in_reply_to":"9a1a9d01_9ac20552","updated":"2015-10-01 09:02:42.000000000","message":"\u003eIs this all the parameters for creating a logger for a security group rule? \nYes.  This information is for sg-rule that needs to get log. \n        \n\u003eWhere\u0027s the part that specifies the logging driver? \nLogger driver is specified for each tenant and log rules are belong to a tenant (please refer L324-333).","commit_id":"43e6f8e9a14180ff2b402fadc9853a9f77cbb213"},{"author":{"_account_id":11682,"name":"Ryan Moats","email":"rmoats@us.ibm.com","username":"regXboi"},"change_message_id":"733aa4e66d45229080301842d9e64d2c3e993621","unresolved":false,"context_lines":[{"line_number":321,"context_line":""},{"line_number":322,"context_line":"Create logging driver::"},{"line_number":323,"context_line":""},{"line_number":324,"context_line":"        POST /v2.0/logging/8d4c70a21fed4aeba121a1a429ba0d04/rsyslog"},{"line_number":325,"context_line":"        {"},{"line_number":326,"context_line":"            \"rsyslog\": {"},{"line_number":327,"context_line":"                \"tenant_id\":\"8d4c70a21fed4aeba121a1a429ba0d04\","}],"source_content_type":"text/x-rst","patch_set":22,"id":"9a1a9d01_6c15433e","line":324,"updated":"2015-09-29 14:46:09.000000000","message":"See comment on L278","commit_id":"43e6f8e9a14180ff2b402fadc9853a9f77cbb213"},{"author":{"_account_id":13702,"name":"yushiro","username":"yushiro","inactive":true},"change_message_id":"b2206c3dcdc4e855fe2f8f16412c3bceb0acc479","unresolved":false,"context_lines":[{"line_number":321,"context_line":""},{"line_number":322,"context_line":"Create logging driver::"},{"line_number":323,"context_line":""},{"line_number":324,"context_line":"        POST /v2.0/logging/8d4c70a21fed4aeba121a1a429ba0d04/rsyslog"},{"line_number":325,"context_line":"        {"},{"line_number":326,"context_line":"            \"rsyslog\": {"},{"line_number":327,"context_line":"                \"tenant_id\":\"8d4c70a21fed4aeba121a1a429ba0d04\","}],"source_content_type":"text/x-rst","patch_set":22,"id":"9a1a9d01_52d524e2","line":324,"in_reply_to":"9a1a9d01_6c15433e","updated":"2015-10-01 09:02:42.000000000","message":"Done","commit_id":"43e6f8e9a14180ff2b402fadc9853a9f77cbb213"},{"author":{"_account_id":2874,"name":"yong sheng gong","email":"gong.yongsheng@99cloud.net","username":"gongysh"},"change_message_id":"65e47831a4790246169beecf28e2a674b8f232a5","unresolved":false,"context_lines":[{"line_number":436,"context_line":""},{"line_number":437,"context_line":"    neutron logging-available-driver-types"},{"line_number":438,"context_line":""},{"line_number":439,"context_line":"For logging driver::"},{"line_number":440,"context_line":""},{"line_number":441,"context_line":"    neutron logging-rsyslog-create \u003ctenant_id\u003e --remote-host \u003cremote host\u003e"},{"line_number":442,"context_line":"                                               --log-path \u003clocation\u003e"}],"source_content_type":"text/x-rst","patch_set":22,"id":"9a1a9d01_2ac1ab2e","line":439,"updated":"2015-09-28 11:33:52.000000000","message":"for rsyslog logging driver?","commit_id":"43e6f8e9a14180ff2b402fadc9853a9f77cbb213"},{"author":{"_account_id":13702,"name":"yushiro","username":"yushiro","inactive":true},"change_message_id":"b2206c3dcdc4e855fe2f8f16412c3bceb0acc479","unresolved":false,"context_lines":[{"line_number":436,"context_line":""},{"line_number":437,"context_line":"    neutron logging-available-driver-types"},{"line_number":438,"context_line":""},{"line_number":439,"context_line":"For logging driver::"},{"line_number":440,"context_line":""},{"line_number":441,"context_line":"    neutron logging-rsyslog-create \u003ctenant_id\u003e --remote-host \u003cremote host\u003e"},{"line_number":442,"context_line":"                                               --log-path \u003clocation\u003e"}],"source_content_type":"text/x-rst","patch_set":22,"id":"9a1a9d01_3248b0cb","line":439,"in_reply_to":"9a1a9d01_2ac1ab2e","updated":"2015-10-01 09:02:42.000000000","message":"Done","commit_id":"43e6f8e9a14180ff2b402fadc9853a9f77cbb213"},{"author":{"_account_id":11682,"name":"Ryan Moats","email":"rmoats@us.ibm.com","username":"regXboi"},"change_message_id":"733aa4e66d45229080301842d9e64d2c3e993621","unresolved":false,"context_lines":[{"line_number":436,"context_line":""},{"line_number":437,"context_line":"    neutron logging-available-driver-types"},{"line_number":438,"context_line":""},{"line_number":439,"context_line":"For logging driver::"},{"line_number":440,"context_line":""},{"line_number":441,"context_line":"    neutron logging-rsyslog-create \u003ctenant_id\u003e --remote-host \u003cremote host\u003e"},{"line_number":442,"context_line":"                                               --log-path \u003clocation\u003e"}],"source_content_type":"text/x-rst","patch_set":22,"id":"9a1a9d01_2ce50b37","line":439,"in_reply_to":"9a1a9d01_2ac1ab2e","updated":"2015-09-29 14:46:09.000000000","message":"This is consistent with the reference at L321, so both would need to change together (if they do change)","commit_id":"43e6f8e9a14180ff2b402fadc9853a9f77cbb213"},{"author":{"_account_id":13702,"name":"yushiro","username":"yushiro","inactive":true},"change_message_id":"b2206c3dcdc4e855fe2f8f16412c3bceb0acc479","unresolved":false,"context_lines":[{"line_number":436,"context_line":""},{"line_number":437,"context_line":"    neutron logging-available-driver-types"},{"line_number":438,"context_line":""},{"line_number":439,"context_line":"For logging driver::"},{"line_number":440,"context_line":""},{"line_number":441,"context_line":"    neutron logging-rsyslog-create \u003ctenant_id\u003e --remote-host \u003cremote host\u003e"},{"line_number":442,"context_line":"                                               --log-path \u003clocation\u003e"}],"source_content_type":"text/x-rst","patch_set":22,"id":"9a1a9d01_5243e4ae","line":439,"in_reply_to":"9a1a9d01_2ce50b37","updated":"2015-10-01 09:02:42.000000000","message":"Done","commit_id":"43e6f8e9a14180ff2b402fadc9853a9f77cbb213"},{"author":{"_account_id":2874,"name":"yong sheng gong","email":"gong.yongsheng@99cloud.net","username":"gongysh"},"change_message_id":"65e47831a4790246169beecf28e2a674b8f232a5","unresolved":false,"context_lines":[{"line_number":438,"context_line":""},{"line_number":439,"context_line":"For logging driver::"},{"line_number":440,"context_line":""},{"line_number":441,"context_line":"    neutron logging-rsyslog-create \u003ctenant_id\u003e --remote-host \u003cremote host\u003e"},{"line_number":442,"context_line":"                                               --log-path \u003clocation\u003e"},{"line_number":443,"context_line":"                                               --log-level \u003cinfo, debug, ..\u003e"},{"line_number":444,"context_line":"    neutron logging-rsyslog-list \u003ctenant_id\u003e"}],"source_content_type":"text/x-rst","patch_set":22,"id":"9a1a9d01_4a565f5d","line":441,"updated":"2015-09-28 11:33:52.000000000","message":"where is log_rule_id?","commit_id":"43e6f8e9a14180ff2b402fadc9853a9f77cbb213"},{"author":{"_account_id":13702,"name":"yushiro","username":"yushiro","inactive":true},"change_message_id":"b2206c3dcdc4e855fe2f8f16412c3bceb0acc479","unresolved":false,"context_lines":[{"line_number":438,"context_line":""},{"line_number":439,"context_line":"For logging driver::"},{"line_number":440,"context_line":""},{"line_number":441,"context_line":"    neutron logging-rsyslog-create \u003ctenant_id\u003e --remote-host \u003cremote host\u003e"},{"line_number":442,"context_line":"                                               --log-path \u003clocation\u003e"},{"line_number":443,"context_line":"                                               --log-level \u003cinfo, debug, ..\u003e"},{"line_number":444,"context_line":"    neutron logging-rsyslog-list \u003ctenant_id\u003e"}],"source_content_type":"text/x-rst","patch_set":22,"id":"9a1a9d01_12180cd2","line":441,"in_reply_to":"9a1a9d01_0c892775","updated":"2015-10-01 09:02:42.000000000","message":"Yes. I will update it for consistent.","commit_id":"43e6f8e9a14180ff2b402fadc9853a9f77cbb213"},{"author":{"_account_id":13702,"name":"yushiro","username":"yushiro","inactive":true},"change_message_id":"b2206c3dcdc4e855fe2f8f16412c3bceb0acc479","unresolved":false,"context_lines":[{"line_number":438,"context_line":""},{"line_number":439,"context_line":"For logging driver::"},{"line_number":440,"context_line":""},{"line_number":441,"context_line":"    neutron logging-rsyslog-create \u003ctenant_id\u003e --remote-host \u003cremote host\u003e"},{"line_number":442,"context_line":"                                               --log-path \u003clocation\u003e"},{"line_number":443,"context_line":"                                               --log-level \u003cinfo, debug, ..\u003e"},{"line_number":444,"context_line":"    neutron logging-rsyslog-list \u003ctenant_id\u003e"}],"source_content_type":"text/x-rst","patch_set":22,"id":"9a1a9d01_f21478a0","line":441,"in_reply_to":"9a1a9d01_4a565f5d","updated":"2015-10-01 09:02:42.000000000","message":"Logger driver will be selected by tenant in which log rules are belonging to.  Therefore, we don\u0027t have to specify log_rule_id.","commit_id":"43e6f8e9a14180ff2b402fadc9853a9f77cbb213"},{"author":{"_account_id":11682,"name":"Ryan Moats","email":"rmoats@us.ibm.com","username":"regXboi"},"change_message_id":"733aa4e66d45229080301842d9e64d2c3e993621","unresolved":false,"context_lines":[{"line_number":438,"context_line":""},{"line_number":439,"context_line":"For logging driver::"},{"line_number":440,"context_line":""},{"line_number":441,"context_line":"    neutron logging-rsyslog-create \u003ctenant_id\u003e --remote-host \u003cremote host\u003e"},{"line_number":442,"context_line":"                                               --log-path \u003clocation\u003e"},{"line_number":443,"context_line":"                                               --log-level \u003cinfo, debug, ..\u003e"},{"line_number":444,"context_line":"    neutron logging-rsyslog-list \u003ctenant_id\u003e"}],"source_content_type":"text/x-rst","patch_set":22,"id":"9a1a9d01_0c892775","line":441,"in_reply_to":"9a1a9d01_4a565f5d","updated":"2015-09-29 14:46:09.000000000","message":"log_rule_id doesn\u0027t appear in the request, so why is it necessary?\n\nOTOH, why not use --tenant-id \u003ctenant_id\u003e to be consistent with other commands?","commit_id":"43e6f8e9a14180ff2b402fadc9853a9f77cbb213"},{"author":{"_account_id":2874,"name":"yong sheng gong","email":"gong.yongsheng@99cloud.net","username":"gongysh"},"change_message_id":"65e47831a4790246169beecf28e2a674b8f232a5","unresolved":false,"context_lines":[{"line_number":560,"context_line":"References"},{"line_number":561,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":562,"context_line":""},{"line_number":563,"context_line":".. [1] https://review.openstack.org/132133"},{"line_number":564,"context_line":".. [2] https://review.openstack.org/132134"},{"line_number":565,"context_line":".. [3] net/ipv4/netfilter/ipt_LOG.c"},{"line_number":566,"context_line":".. [4] http://linux.die.net/man/8/iptables [LOG section]"}],"source_content_type":"text/x-rst","patch_set":22,"id":"9a1a9d01_2a4bebb1","line":563,"updated":"2015-09-28 11:33:52.000000000","message":"use [#]","commit_id":"43e6f8e9a14180ff2b402fadc9853a9f77cbb213"},{"author":{"_account_id":13702,"name":"yushiro","username":"yushiro","inactive":true},"change_message_id":"b2206c3dcdc4e855fe2f8f16412c3bceb0acc479","unresolved":false,"context_lines":[{"line_number":560,"context_line":"References"},{"line_number":561,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":562,"context_line":""},{"line_number":563,"context_line":".. [1] https://review.openstack.org/132133"},{"line_number":564,"context_line":".. [2] https://review.openstack.org/132134"},{"line_number":565,"context_line":".. [3] net/ipv4/netfilter/ipt_LOG.c"},{"line_number":566,"context_line":".. [4] http://linux.die.net/man/8/iptables [LOG section]"}],"source_content_type":"text/x-rst","patch_set":22,"id":"9a1a9d01_b258408b","line":563,"in_reply_to":"9a1a9d01_2a4bebb1","updated":"2015-10-01 09:02:42.000000000","message":"Done","commit_id":"43e6f8e9a14180ff2b402fadc9853a9f77cbb213"},{"author":{"_account_id":2874,"name":"yong sheng gong","email":"gong.yongsheng@99cloud.net","username":"gongysh"},"change_message_id":"65e47831a4790246169beecf28e2a674b8f232a5","unresolved":false,"context_lines":[{"line_number":562,"context_line":""},{"line_number":563,"context_line":".. [1] https://review.openstack.org/132133"},{"line_number":564,"context_line":".. [2] https://review.openstack.org/132134"},{"line_number":565,"context_line":".. [3] net/ipv4/netfilter/ipt_LOG.c"},{"line_number":566,"context_line":".. [4] http://linux.die.net/man/8/iptables [LOG section]"},{"line_number":567,"context_line":".. [5] http://ipset.netfilter.org/iptables-extensions.man.html [NFLOG section]"}],"source_content_type":"text/x-rst","patch_set":22,"id":"9a1a9d01_2f745dfb","line":565,"updated":"2015-09-28 11:33:52.000000000","message":"Do u have URL for this file?","commit_id":"43e6f8e9a14180ff2b402fadc9853a9f77cbb213"},{"author":{"_account_id":13702,"name":"yushiro","username":"yushiro","inactive":true},"change_message_id":"b2206c3dcdc4e855fe2f8f16412c3bceb0acc479","unresolved":false,"context_lines":[{"line_number":562,"context_line":""},{"line_number":563,"context_line":".. [1] https://review.openstack.org/132133"},{"line_number":564,"context_line":".. [2] https://review.openstack.org/132134"},{"line_number":565,"context_line":".. [3] net/ipv4/netfilter/ipt_LOG.c"},{"line_number":566,"context_line":".. [4] http://linux.die.net/man/8/iptables [LOG section]"},{"line_number":567,"context_line":".. [5] http://ipset.netfilter.org/iptables-extensions.man.html [NFLOG section]"}],"source_content_type":"text/x-rst","patch_set":22,"id":"9a1a9d01_3280b08a","line":565,"in_reply_to":"9a1a9d01_2f745dfb","updated":"2015-10-01 09:02:42.000000000","message":"Yes, you can get it at link: http://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/plain/net/ipv4/netfilter/ipt_LOG.c?id\u003drefs/heads/linux-2.6.34.y\nWe will put it into our spec.","commit_id":"43e6f8e9a14180ff2b402fadc9853a9f77cbb213"},{"author":{"_account_id":841,"name":"Akihiro Motoki","email":"amotoki@gmail.com","username":"amotoki"},"change_message_id":"7d6e4c15f9ebaec612debf807b8d06964e17be7d","unresolved":false,"context_lines":[{"line_number":29,"context_line":""},{"line_number":30,"context_line":"2. Tenant-Users need logs to make sure their security-group and firewall"},{"line_number":31,"context_line":"   works as expected, and to assess what kinds of packets went through their"},{"line_number":32,"context_line":"   security-group/firewall or were dropped."},{"line_number":33,"context_line":""},{"line_number":34,"context_line":"  * In the future, the API can be expanded to satisfy the needs to"},{"line_number":35,"context_line":"    Tenant-Users. This would involve additional filtering which would"}],"source_content_type":"text/x-rst","patch_set":23,"id":"7a2fa921_9a816692","line":32,"updated":"2015-10-06 12:02:52.000000000","message":"The second point is out of scope of this spec.\n\nI would suggest to declare the first one as the problem this spec tries to address and make the second a note for future enhancement. This highlight the scope of this spec.","commit_id":"c00a7f2feb7331223b041b4f0ca56307e675835a"},{"author":{"_account_id":13702,"name":"yushiro","username":"yushiro","inactive":true},"change_message_id":"56380dbb389b1b2a37abb2a97631f2728d1ece4b","unresolved":false,"context_lines":[{"line_number":29,"context_line":""},{"line_number":30,"context_line":"2. Tenant-Users need logs to make sure their security-group and firewall"},{"line_number":31,"context_line":"   works as expected, and to assess what kinds of packets went through their"},{"line_number":32,"context_line":"   security-group/firewall or were dropped."},{"line_number":33,"context_line":""},{"line_number":34,"context_line":"  * In the future, the API can be expanded to satisfy the needs to"},{"line_number":35,"context_line":"    Tenant-Users. This would involve additional filtering which would"}],"source_content_type":"text/x-rst","patch_set":23,"id":"7a2fa921_362202a4","line":32,"in_reply_to":"7a2fa921_9a816692","updated":"2015-10-09 13:58:58.000000000","message":"Thanks for your suggestion. We will update it.","commit_id":"c00a7f2feb7331223b041b4f0ca56307e675835a"},{"author":{"_account_id":841,"name":"Akihiro Motoki","email":"amotoki@gmail.com","username":"amotoki"},"change_message_id":"7d6e4c15f9ebaec612debf807b8d06964e17be7d","unresolved":false,"context_lines":[{"line_number":36,"context_line":"    be out of scope for this spec."},{"line_number":37,"context_line":""},{"line_number":38,"context_line":"Proposed Change"},{"line_number":39,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":40,"context_line":"* We propose to creating a new logging API for Neutron, and to support logging"},{"line_number":41,"context_line":"  for security-group and firewall rules as a first implementation of the"},{"line_number":42,"context_line":"  logging API."}],"source_content_type":"text/x-rst","patch_set":23,"id":"7a2fa921_f5266b15","line":39,"updated":"2015-10-06 12:02:52.000000000","message":"Looking at the proposed API, this proposal only covers a case which enable logging for specific rule(s).\n\nI think various scenarios to enable logging for SG/firewalls.\n\nFor exampel, in SG case,\n\n- Enable logging for a specific security group rule\n- Enable logging for a specific security group\n- Enable logging for a specific instance or associated other resource (e.g., LBaaS VIP)\n- Enable logging for a specific project\n- ....\n\nI would like to know how the proposed logging API can cope with various scenarios.\n\nWhen debugging security group or FWaaS behavior, I think we need a way to check which rule is applied to a given traffic from the log. I am not sure how this API can be used for such debugging.","commit_id":"c00a7f2feb7331223b041b4f0ca56307e675835a"},{"author":{"_account_id":13702,"name":"yushiro","username":"yushiro","inactive":true},"change_message_id":"56380dbb389b1b2a37abb2a97631f2728d1ece4b","unresolved":false,"context_lines":[{"line_number":36,"context_line":"    be out of scope for this spec."},{"line_number":37,"context_line":""},{"line_number":38,"context_line":"Proposed Change"},{"line_number":39,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":40,"context_line":"* We propose to creating a new logging API for Neutron, and to support logging"},{"line_number":41,"context_line":"  for security-group and firewall rules as a first implementation of the"},{"line_number":42,"context_line":"  logging API."}],"source_content_type":"text/x-rst","patch_set":23,"id":"7a2fa921_b6ecd2bb","line":39,"in_reply_to":"7a2fa921_f5266b15","updated":"2015-10-09 13:58:58.000000000","message":"\u003e I would like to know how the proposed logging API can cope with various scenarios\n\nHmm, currently, I\u0027m considering about it.  I\u0027d like to discuss/determine at Tokyo summit about logging API.\n\n\u003eWhen debugging security group or FWaaS behavior, I think we need a way to check which rule is applied to a given traffic from the log.\n\nFor example, we can check which rule is applied by logging-prefix in data log by changing  logging-prefix to \"[sg-i-\u003csg-rule-uuid:13\u003e]\".\n\nHow do you think about my idea?","commit_id":"c00a7f2feb7331223b041b4f0ca56307e675835a"},{"author":{"_account_id":6788,"name":"Rossella Sblendido","email":"rsblendido@suse.com","username":"rossella-o"},"change_message_id":"9fd14c66b363f4548fb152aa8304a1fde849447a","unresolved":false,"context_lines":[{"line_number":56,"context_line":"  * [API] See `REST API Impact`_ section."},{"line_number":57,"context_line":""},{"line_number":58,"context_line":"* As a first implementation of the logging api we support logging of packets"},{"line_number":59,"context_line":"  events for security-group and firewall rules. The following data are candidates"},{"line_number":60,"context_line":"  to be logged (those data after \u0027IN\u0027 can be obtained from iptables [1]_)."},{"line_number":61,"context_line":""},{"line_number":62,"context_line":":dir:"}],"source_content_type":"text/x-rst","patch_set":23,"id":"9a1a9d01_ba666427","line":59,"updated":"2015-10-05 10:44:45.000000000","message":"will you log all these data or provide a way to filter them?","commit_id":"c00a7f2feb7331223b041b4f0ca56307e675835a"},{"author":{"_account_id":13702,"name":"yushiro","username":"yushiro","inactive":true},"change_message_id":"56380dbb389b1b2a37abb2a97631f2728d1ece4b","unresolved":false,"context_lines":[{"line_number":56,"context_line":"  * [API] See `REST API Impact`_ section."},{"line_number":57,"context_line":""},{"line_number":58,"context_line":"* As a first implementation of the logging api we support logging of packets"},{"line_number":59,"context_line":"  events for security-group and firewall rules. The following data are candidates"},{"line_number":60,"context_line":"  to be logged (those data after \u0027IN\u0027 can be obtained from iptables [1]_)."},{"line_number":61,"context_line":""},{"line_number":62,"context_line":":dir:"}],"source_content_type":"text/x-rst","patch_set":23,"id":"7a2fa921_96fbd646","line":59,"in_reply_to":"9a1a9d01_ba666427","updated":"2015-10-09 13:58:58.000000000","message":"Yes, first-step: we will log all these data then second-step: we will filter logged data and show to tenant.","commit_id":"c00a7f2feb7331223b041b4f0ca56307e675835a"},{"author":{"_account_id":841,"name":"Akihiro Motoki","email":"amotoki@gmail.com","username":"amotoki"},"change_message_id":"7d6e4c15f9ebaec612debf807b8d06964e17be7d","unresolved":false,"context_lines":[{"line_number":65,"context_line":"    Tenant\u0027s uuid characters that will be logged for further processing. but"},{"line_number":66,"context_line":"    in case of SG we can only use the first 18 characters of tenant UIID"},{"line_number":67,"context_line":"    (refer [2]_) and all of the characters of tenant UIID in case of FWaaS"},{"line_number":68,"context_line":"    (refer [3]_)."},{"line_number":69,"context_line":":act:"},{"line_number":70,"context_line":"    Action(Accept/A, Deny/D) [Only for firewall resource]"},{"line_number":71,"context_line":":IN:"}],"source_content_type":"text/x-rst","patch_set":23,"id":"7a2fa921_9a588658","line":68,"updated":"2015-10-06 12:02:52.000000000","message":"In addition, could you describe the exact reason?\nI am not sure what is the reason you chose the first 18 characters?\n\nI think you are talking about --log-prefix. The reference says log-prefix is up to 29 letters long and I think you are using the latter part for different information (SG rule ID?). I would like to know the exact reason of 14 chars.","commit_id":"c00a7f2feb7331223b041b4f0ca56307e675835a"},{"author":{"_account_id":13702,"name":"yushiro","username":"yushiro","inactive":true},"change_message_id":"56380dbb389b1b2a37abb2a97631f2728d1ece4b","unresolved":false,"context_lines":[{"line_number":65,"context_line":"    Tenant\u0027s uuid characters that will be logged for further processing. but"},{"line_number":66,"context_line":"    in case of SG we can only use the first 18 characters of tenant UIID"},{"line_number":67,"context_line":"    (refer [2]_) and all of the characters of tenant UIID in case of FWaaS"},{"line_number":68,"context_line":"    (refer [3]_)."},{"line_number":69,"context_line":":act:"},{"line_number":70,"context_line":"    Action(Accept/A, Deny/D) [Only for firewall resource]"},{"line_number":71,"context_line":":IN:"}],"source_content_type":"text/x-rst","patch_set":23,"id":"7a2fa921_712c0499","line":68,"in_reply_to":"7a2fa921_9a588658","updated":"2015-10-09 13:58:58.000000000","message":"Yes, you\u0027re right.  I\u0027ll insert additional info to log by using \"--log-prefix\".","commit_id":"c00a7f2feb7331223b041b4f0ca56307e675835a"},{"author":{"_account_id":6854,"name":"YAMAMOTO Takashi","email":"yamamoto@midokura.com","username":"yamamoto"},"change_message_id":"03588fc66fa204a22e8600f80edc57f2e7a32df7","unresolved":false,"context_lines":[{"line_number":103,"context_line":":LEN:"},{"line_number":104,"context_line":"    (In case of UDP) UDP header size"},{"line_number":105,"context_line":""},{"line_number":106,"context_line":"Example log::"},{"line_number":107,"context_line":""},{"line_number":108,"context_line":"  [sg]:[i b69466d826fac54566] IN\u003dqbr2fe19647-9a"},{"line_number":109,"context_line":"  OUT\u003dqbr2fe19647-9a PHYSIN\u003dqvb2fe19647-9a PHYSOUT\u003dtap2fe19647-9a"}],"source_content_type":"text/x-rst","patch_set":23,"id":"9a1a9d01_e8a69b52","line":106,"updated":"2015-10-02 07:11:53.000000000","message":"this looks very iptables specific.\nis the log \"free-form\"?\nie. non-iptables based implementations can choose\ndifferent format?","commit_id":"c00a7f2feb7331223b041b4f0ca56307e675835a"},{"author":{"_account_id":13702,"name":"yushiro","username":"yushiro","inactive":true},"change_message_id":"56380dbb389b1b2a37abb2a97631f2728d1ece4b","unresolved":false,"context_lines":[{"line_number":103,"context_line":":LEN:"},{"line_number":104,"context_line":"    (In case of UDP) UDP header size"},{"line_number":105,"context_line":""},{"line_number":106,"context_line":"Example log::"},{"line_number":107,"context_line":""},{"line_number":108,"context_line":"  [sg]:[i b69466d826fac54566] IN\u003dqbr2fe19647-9a"},{"line_number":109,"context_line":"  OUT\u003dqbr2fe19647-9a PHYSIN\u003dqvb2fe19647-9a PHYSOUT\u003dtap2fe19647-9a"}],"source_content_type":"text/x-rst","patch_set":23,"id":"7a2fa921_b1b37c4c","line":106,"in_reply_to":"7a2fa921_d5bb2f0d","updated":"2015-10-09 13:58:58.000000000","message":"Thank you for your idea.  As you said,  a generic field is important.  I\u0027ll consider about it.","commit_id":"c00a7f2feb7331223b041b4f0ca56307e675835a"},{"author":{"_account_id":841,"name":"Akihiro Motoki","email":"amotoki@gmail.com","username":"amotoki"},"change_message_id":"7d6e4c15f9ebaec612debf807b8d06964e17be7d","unresolved":false,"context_lines":[{"line_number":103,"context_line":":LEN:"},{"line_number":104,"context_line":"    (In case of UDP) UDP header size"},{"line_number":105,"context_line":""},{"line_number":106,"context_line":"Example log::"},{"line_number":107,"context_line":""},{"line_number":108,"context_line":"  [sg]:[i b69466d826fac54566] IN\u003dqbr2fe19647-9a"},{"line_number":109,"context_line":"  OUT\u003dqbr2fe19647-9a PHYSIN\u003dqvb2fe19647-9a PHYSOUT\u003dtap2fe19647-9a"}],"source_content_type":"text/x-rst","patch_set":23,"id":"7a2fa921_d5bb2f0d","line":106,"in_reply_to":"9a1a9d01_e8a69b52","updated":"2015-10-06 12:02:52.000000000","message":"Agree with Takashi. Fields defined and field names are all from iptable origin.\n\nThe fields available varies depending on features and back-end implementations.\n\nYou are trying to define a generic logging API, so I think we need to define what fields are essential for the logging API.\n\nFor example:\n- timestamp\n- resource type\n- corresponding resource ID\n- detail event description\n- and so on.","commit_id":"c00a7f2feb7331223b041b4f0ca56307e675835a"},{"author":{"_account_id":6788,"name":"Rossella Sblendido","email":"rsblendido@suse.com","username":"rossella-o"},"change_message_id":"9fd14c66b363f4548fb152aa8304a1fde849447a","unresolved":false,"context_lines":[{"line_number":119,"context_line":"Data Model Impact"},{"line_number":120,"context_line":"-----------------"},{"line_number":121,"context_line":""},{"line_number":122,"context_line":"The SecurityGroupRuleLogging model has the following attributes:"},{"line_number":123,"context_line":""},{"line_number":124,"context_line":"+-----------------+--------+---------------+-------+--------------------------+"},{"line_number":125,"context_line":"|Attribute name   |Type    |Default Value  |CRUD   |Description               |"}],"source_content_type":"text/x-rst","patch_set":23,"id":"9a1a9d01_7aea0cae","line":122,"updated":"2015-10-05 10:44:45.000000000","message":"Can we have something more generic that can be used in future by other resources too? Something like...LogResource or maybe a better name that has as fields id, tenant_id and resource_id that it\u0027s the ID of the resource to log? Could be a sec group rule, a port or what ever we need to log","commit_id":"c00a7f2feb7331223b041b4f0ca56307e675835a"},{"author":{"_account_id":13702,"name":"yushiro","username":"yushiro","inactive":true},"change_message_id":"56380dbb389b1b2a37abb2a97631f2728d1ece4b","unresolved":false,"context_lines":[{"line_number":119,"context_line":"Data Model Impact"},{"line_number":120,"context_line":"-----------------"},{"line_number":121,"context_line":""},{"line_number":122,"context_line":"The SecurityGroupRuleLogging model has the following attributes:"},{"line_number":123,"context_line":""},{"line_number":124,"context_line":"+-----------------+--------+---------------+-------+--------------------------+"},{"line_number":125,"context_line":"|Attribute name   |Type    |Default Value  |CRUD   |Description               |"}],"source_content_type":"text/x-rst","patch_set":23,"id":"7a2fa921_b18a9c62","line":122,"in_reply_to":"9a1a9d01_7aea0cae","updated":"2015-10-09 13:58:58.000000000","message":"Thanks for your idea, we will update it.","commit_id":"c00a7f2feb7331223b041b4f0ca56307e675835a"},{"author":{"_account_id":6854,"name":"YAMAMOTO Takashi","email":"yamamoto@midokura.com","username":"yamamoto"},"change_message_id":"03588fc66fa204a22e8600f80edc57f2e7a32df7","unresolved":false,"context_lines":[{"line_number":131,"context_line":"+-----------------+--------+---------------+-------+--------------------------|"},{"line_number":132,"context_line":"|rule_id          |uuid    |N/A            |CRD    |Security-group-rule UUID  |"},{"line_number":133,"context_line":"|                 |        |               |       |for this logging resource |"},{"line_number":134,"context_line":"|                 |        |               |       |ID                        |"},{"line_number":135,"context_line":"+-----------------+--------+---------------+-------+--------------------------+"},{"line_number":136,"context_line":""},{"line_number":137,"context_line":""}],"source_content_type":"text/x-rst","patch_set":23,"id":"9a1a9d01_fc473c1b","line":134,"updated":"2015-10-02 07:11:53.000000000","message":"does this mean to log every packets matched with this rule?\nit sounds too granular to me.\n\ni guess it would be more useful to control it\nper-port basis, for example.","commit_id":"c00a7f2feb7331223b041b4f0ca56307e675835a"},{"author":{"_account_id":13702,"name":"yushiro","username":"yushiro","inactive":true},"change_message_id":"56380dbb389b1b2a37abb2a97631f2728d1ece4b","unresolved":false,"context_lines":[{"line_number":131,"context_line":"+-----------------+--------+---------------+-------+--------------------------|"},{"line_number":132,"context_line":"|rule_id          |uuid    |N/A            |CRD    |Security-group-rule UUID  |"},{"line_number":133,"context_line":"|                 |        |               |       |for this logging resource |"},{"line_number":134,"context_line":"|                 |        |               |       |ID                        |"},{"line_number":135,"context_line":"+-----------------+--------+---------------+-------+--------------------------+"},{"line_number":136,"context_line":""},{"line_number":137,"context_line":""}],"source_content_type":"text/x-rst","patch_set":23,"id":"7a2fa921_5161c8a7","line":134,"in_reply_to":"9a1a9d01_fc473c1b","updated":"2015-10-09 13:58:58.000000000","message":"\u003e does this mean to log every packets matched with this rule?\n\nYes, your opinion is better. we will consider it.","commit_id":"c00a7f2feb7331223b041b4f0ca56307e675835a"},{"author":{"_account_id":6854,"name":"YAMAMOTO Takashi","email":"yamamoto@midokura.com","username":"yamamoto"},"change_message_id":"03588fc66fa204a22e8600f80edc57f2e7a32df7","unresolved":false,"context_lines":[{"line_number":145,"context_line":"|tenant_id        |uuid    |N/A            |R      |Id of tenant that created |"},{"line_number":146,"context_line":"|                 |        |               |       |this logging resource ID  |"},{"line_number":147,"context_line":"+-----------------+--------+---------------+-------+--------------------------+"},{"line_number":148,"context_line":"|rule_id          |uuid    |N/A            |CRD    |Firewall rule UUID for    |"},{"line_number":149,"context_line":"|                 |        |               |       |this logging resource ID  |"},{"line_number":150,"context_line":"+-----------------+--------+---------------+-------+--------------------------+"},{"line_number":151,"context_line":""}],"source_content_type":"text/x-rst","patch_set":23,"id":"9a1a9d01_e8e1bb9b","line":148,"range":{"start_line":148,"start_character":44,"end_line":148,"end_character":47},"updated":"2015-10-02 07:11:53.000000000","message":"what does \"D\" in CRUD column mean for the attribute?\n\ni think CRU maps to allow_post/allow_put/is_visible\nbut i\u0027m not sure about D.","commit_id":"c00a7f2feb7331223b041b4f0ca56307e675835a"},{"author":{"_account_id":13702,"name":"yushiro","username":"yushiro","inactive":true},"change_message_id":"56380dbb389b1b2a37abb2a97631f2728d1ece4b","unresolved":false,"context_lines":[{"line_number":145,"context_line":"|tenant_id        |uuid    |N/A            |R      |Id of tenant that created |"},{"line_number":146,"context_line":"|                 |        |               |       |this logging resource ID  |"},{"line_number":147,"context_line":"+-----------------+--------+---------------+-------+--------------------------+"},{"line_number":148,"context_line":"|rule_id          |uuid    |N/A            |CRD    |Firewall rule UUID for    |"},{"line_number":149,"context_line":"|                 |        |               |       |this logging resource ID  |"},{"line_number":150,"context_line":"+-----------------+--------+---------------+-------+--------------------------+"},{"line_number":151,"context_line":""}],"source_content_type":"text/x-rst","patch_set":23,"id":"7a2fa921_710ba4d6","line":148,"in_reply_to":"9a1a9d01_e8e1bb9b","updated":"2015-10-09 13:58:58.000000000","message":"\"D\": This maps to allow_delete. May be we will instead \"CRUD\" column by \"Access\" column.\n\nThe informations allow_post/allow_post/allow_delete/ is_visible ... can be found in Rest API impact section.","commit_id":"c00a7f2feb7331223b041b4f0ca56307e675835a"},{"author":{"_account_id":6854,"name":"YAMAMOTO Takashi","email":"yamamoto@midokura.com","username":"yamamoto"},"change_message_id":"03588fc66fa204a22e8600f80edc57f2e7a32df7","unresolved":false,"context_lines":[{"line_number":157,"context_line":"+\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d+\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d+\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d+\u003d\u003d\u003d\u003d\u003d\u003d\u003d+\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d+"},{"line_number":158,"context_line":"|id               |uuid    |generated      |R      |Identity                  |"},{"line_number":159,"context_line":"+-----------------+--------+---------------+-------+--------------------------+"},{"line_number":160,"context_line":"|tenant_id        |uuid    |N/A            |CRD    |Tenant creates logging    |"},{"line_number":161,"context_line":"+-----------------+--------+---------------+-------+--------------------------+"},{"line_number":162,"context_line":"|type             |string  |N/A            |R      |Logger driver type        |"},{"line_number":163,"context_line":"+-----------------+--------+---------------+-------+--------------------------+"}],"source_content_type":"text/x-rst","patch_set":23,"id":"9a1a9d01_a83503f8","line":160,"updated":"2015-10-02 07:11:53.000000000","message":"how is this associated to a specific tenant?","commit_id":"c00a7f2feb7331223b041b4f0ca56307e675835a"},{"author":{"_account_id":13702,"name":"yushiro","username":"yushiro","inactive":true},"change_message_id":"56380dbb389b1b2a37abb2a97631f2728d1ece4b","unresolved":false,"context_lines":[{"line_number":157,"context_line":"+\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d+\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d+\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d+\u003d\u003d\u003d\u003d\u003d\u003d\u003d+\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d+"},{"line_number":158,"context_line":"|id               |uuid    |generated      |R      |Identity                  |"},{"line_number":159,"context_line":"+-----------------+--------+---------------+-------+--------------------------+"},{"line_number":160,"context_line":"|tenant_id        |uuid    |N/A            |CRD    |Tenant creates logging    |"},{"line_number":161,"context_line":"+-----------------+--------+---------------+-------+--------------------------+"},{"line_number":162,"context_line":"|type             |string  |N/A            |R      |Logger driver type        |"},{"line_number":163,"context_line":"+-----------------+--------+---------------+-------+--------------------------+"}],"source_content_type":"text/x-rst","patch_set":23,"id":"7a2fa921_b1fdbcb2","line":160,"in_reply_to":"9a1a9d01_a83503f8","updated":"2015-10-09 13:58:58.000000000","message":"You can see in line 440.","commit_id":"c00a7f2feb7331223b041b4f0ca56307e675835a"},{"author":{"_account_id":6854,"name":"YAMAMOTO Takashi","email":"yamamoto@midokura.com","username":"yamamoto"},"change_message_id":"03588fc66fa204a22e8600f80edc57f2e7a32df7","unresolved":false,"context_lines":[{"line_number":175,"context_line":"+-----------------+--------+---------------+-------+--------------------------+"},{"line_number":176,"context_line":"|log_path         |string  |N/A            |CRD    |Specify Location on Node  |"},{"line_number":177,"context_line":"|                 |        |               |       |that will store logged    |"},{"line_number":178,"context_line":"|                 |        |               |       |data                      |"},{"line_number":179,"context_line":"+-----------------+--------+---------------+-------+--------------------------+"},{"line_number":180,"context_line":"|log_level        |string  |N/A            |CRD    |Log levels                |"},{"line_number":181,"context_line":"+-----------------+--------+---------------+-------+--------------------------+"}],"source_content_type":"text/x-rst","patch_set":23,"id":"9a1a9d01_68a36b50","line":178,"updated":"2015-10-02 07:11:53.000000000","message":"is this a directory on remote_host?","commit_id":"c00a7f2feb7331223b041b4f0ca56307e675835a"},{"author":{"_account_id":13702,"name":"yushiro","username":"yushiro","inactive":true},"change_message_id":"56380dbb389b1b2a37abb2a97631f2728d1ece4b","unresolved":false,"context_lines":[{"line_number":175,"context_line":"+-----------------+--------+---------------+-------+--------------------------+"},{"line_number":176,"context_line":"|log_path         |string  |N/A            |CRD    |Specify Location on Node  |"},{"line_number":177,"context_line":"|                 |        |               |       |that will store logged    |"},{"line_number":178,"context_line":"|                 |        |               |       |data                      |"},{"line_number":179,"context_line":"+-----------------+--------+---------------+-------+--------------------------+"},{"line_number":180,"context_line":"|log_level        |string  |N/A            |CRD    |Log levels                |"},{"line_number":181,"context_line":"+-----------------+--------+---------------+-------+--------------------------+"}],"source_content_type":"text/x-rst","patch_set":23,"id":"7a2fa921_9119a024","line":178,"in_reply_to":"9a1a9d01_68a36b50","updated":"2015-10-09 13:58:58.000000000","message":"Yes, logged data will be sotred at here.","commit_id":"c00a7f2feb7331223b041b4f0ca56307e675835a"},{"author":{"_account_id":841,"name":"Akihiro Motoki","email":"amotoki@gmail.com","username":"amotoki"},"change_message_id":"7d6e4c15f9ebaec612debf807b8d06964e17be7d","unresolved":false,"context_lines":[{"line_number":232,"context_line":"    }"},{"line_number":233,"context_line":""},{"line_number":234,"context_line":"    SUB_RESOURCE_ATTRIBUTE_MAP \u003d {"},{"line_number":235,"context_line":"        \u0027rsyslog\u0027: {"},{"line_number":236,"context_line":"            \u0027parent\u0027: {\u0027colection_name\u0027: [\u0027sg_log_rules\u0027,\u0027fw-rules\u0027],"},{"line_number":237,"context_line":"                       \u0027member_name\u0027: [\u0027sg_log_rule\u0027, \u0027fw_log_rule\u0027]},"},{"line_number":238,"context_line":"            \u0027parameters\u0027: dict((LOG_DRIVER_COMMON_FIELDS),"}],"source_content_type":"text/x-rst","patch_set":23,"id":"7a2fa921_355863fa","line":235,"updated":"2015-10-06 12:02:52.000000000","message":"Why do you need to expose log driver details?\n\nIsn\u0027t this kind of thing configured in advance?","commit_id":"c00a7f2feb7331223b041b4f0ca56307e675835a"},{"author":{"_account_id":13702,"name":"yushiro","username":"yushiro","inactive":true},"change_message_id":"56380dbb389b1b2a37abb2a97631f2728d1ece4b","unresolved":false,"context_lines":[{"line_number":232,"context_line":"    }"},{"line_number":233,"context_line":""},{"line_number":234,"context_line":"    SUB_RESOURCE_ATTRIBUTE_MAP \u003d {"},{"line_number":235,"context_line":"        \u0027rsyslog\u0027: {"},{"line_number":236,"context_line":"            \u0027parent\u0027: {\u0027colection_name\u0027: [\u0027sg_log_rules\u0027,\u0027fw-rules\u0027],"},{"line_number":237,"context_line":"                       \u0027member_name\u0027: [\u0027sg_log_rule\u0027, \u0027fw_log_rule\u0027]},"},{"line_number":238,"context_line":"            \u0027parameters\u0027: dict((LOG_DRIVER_COMMON_FIELDS),"}],"source_content_type":"text/x-rst","patch_set":23,"id":"7a2fa921_11dcb044","line":235,"in_reply_to":"7a2fa921_355863fa","updated":"2015-10-09 13:58:58.000000000","message":"You can see line: 44 in this patch-set. We want to create logging service that for each tenant can be chose  different logger.","commit_id":"c00a7f2feb7331223b041b4f0ca56307e675835a"},{"author":{"_account_id":6788,"name":"Rossella Sblendido","email":"rsblendido@suse.com","username":"rossella-o"},"change_message_id":"9fd14c66b363f4548fb152aa8304a1fde849447a","unresolved":false,"context_lines":[{"line_number":400,"context_line":"Notifications Impact"},{"line_number":401,"context_line":"--------------------"},{"line_number":402,"context_line":""},{"line_number":403,"context_line":"Changes to an existing notification."},{"line_number":404,"context_line":"When enabling/disabling logging, ovs-agent or l3-agent needs to know the"},{"line_number":405,"context_line":"\"logging\" parameter (not attribute)."},{"line_number":406,"context_line":""}],"source_content_type":"text/x-rst","patch_set":23,"id":"9a1a9d01_5ab6288b","line":403,"updated":"2015-10-05 10:44:45.000000000","message":"why not adding a new notification? If this API is a \"new logging API for Neutron\" as you state in the proposed change, I think it deserves its own notification mechanism and shouldn\u0027t reuse existing ones. Let\u0027s abstract the logging part from the sec group/firewall specific code","commit_id":"c00a7f2feb7331223b041b4f0ca56307e675835a"},{"author":{"_account_id":13702,"name":"yushiro","username":"yushiro","inactive":true},"change_message_id":"56380dbb389b1b2a37abb2a97631f2728d1ece4b","unresolved":false,"context_lines":[{"line_number":400,"context_line":"Notifications Impact"},{"line_number":401,"context_line":"--------------------"},{"line_number":402,"context_line":""},{"line_number":403,"context_line":"Changes to an existing notification."},{"line_number":404,"context_line":"When enabling/disabling logging, ovs-agent or l3-agent needs to know the"},{"line_number":405,"context_line":"\"logging\" parameter (not attribute)."},{"line_number":406,"context_line":""}],"source_content_type":"text/x-rst","patch_set":23,"id":"7a2fa921_d1a638ad","line":403,"in_reply_to":"9a1a9d01_5ab6288b","updated":"2015-10-09 13:58:58.000000000","message":"Thank you.   We will update it.","commit_id":"c00a7f2feb7331223b041b4f0ca56307e675835a"},{"author":{"_account_id":6854,"name":"YAMAMOTO Takashi","email":"yamamoto@midokura.com","username":"yamamoto"},"change_message_id":"5ad4966de2064931b15c20e4cc3db5228f2a09b2","unresolved":false,"context_lines":[{"line_number":70,"context_line":":resource id:"},{"line_number":71,"context_line":"    Specify resource ID is logged. Note: ``In case security-group and"},{"line_number":72,"context_line":"    security-group-rule, we only use the first 13 characters of UUID``"},{"line_number":73,"context_line":"    (refer [2]_)."},{"line_number":74,"context_line":":event:"},{"line_number":75,"context_line":"    Describe event log (ATCP: Accept TCP rule, DTCP: Deny TCP rule, ...)."},{"line_number":76,"context_line":":payload:"}],"source_content_type":"text/x-rst","patch_set":25,"id":"3a29b11f_8b27ac11","line":73,"updated":"2015-10-20 09:25:08.000000000","message":"can you try to separate the schema/api and the limitations in a specific implementation?","commit_id":"9f66d630401fac07e4fe0260fab3651603d37eaf"},{"author":{"_account_id":13702,"name":"yushiro","username":"yushiro","inactive":true},"change_message_id":"81d46ccb4869640d7927279d6ff7e7b99253afd0","unresolved":false,"context_lines":[{"line_number":70,"context_line":":resource id:"},{"line_number":71,"context_line":"    Specify resource ID is logged. Note: ``In case security-group and"},{"line_number":72,"context_line":"    security-group-rule, we only use the first 13 characters of UUID``"},{"line_number":73,"context_line":"    (refer [2]_)."},{"line_number":74,"context_line":":event:"},{"line_number":75,"context_line":"    Describe event log (ATCP: Accept TCP rule, DTCP: Deny TCP rule, ...)."},{"line_number":76,"context_line":":payload:"}],"source_content_type":"text/x-rst","patch_set":25,"id":"fa80f949_1f56a529","line":73,"in_reply_to":"3a29b11f_8b27ac11","updated":"2015-11-04 10:27:06.000000000","message":"Yes, I\u0027ll update it.","commit_id":"9f66d630401fac07e4fe0260fab3651603d37eaf"},{"author":{"_account_id":6854,"name":"YAMAMOTO Takashi","email":"yamamoto@midokura.com","username":"yamamoto"},"change_message_id":"5ad4966de2064931b15c20e4cc3db5228f2a09b2","unresolved":false,"context_lines":[{"line_number":72,"context_line":"    security-group-rule, we only use the first 13 characters of UUID``"},{"line_number":73,"context_line":"    (refer [2]_)."},{"line_number":74,"context_line":":event:"},{"line_number":75,"context_line":"    Describe event log (ATCP: Accept TCP rule, DTCP: Deny TCP rule, ...)."},{"line_number":76,"context_line":":payload:"},{"line_number":77,"context_line":"    Logging data."},{"line_number":78,"context_line":""}],"source_content_type":"text/x-rst","patch_set":25,"id":"3a29b11f_ebd420be","line":75,"updated":"2015-10-20 09:25:08.000000000","message":"are these (ATCP/DTCP) commonly used abbreviations?\ni haven\u0027t heard them.","commit_id":"9f66d630401fac07e4fe0260fab3651603d37eaf"},{"author":{"_account_id":13702,"name":"yushiro","username":"yushiro","inactive":true},"change_message_id":"81d46ccb4869640d7927279d6ff7e7b99253afd0","unresolved":false,"context_lines":[{"line_number":72,"context_line":"    security-group-rule, we only use the first 13 characters of UUID``"},{"line_number":73,"context_line":"    (refer [2]_)."},{"line_number":74,"context_line":":event:"},{"line_number":75,"context_line":"    Describe event log (ATCP: Accept TCP rule, DTCP: Deny TCP rule, ...)."},{"line_number":76,"context_line":":payload:"},{"line_number":77,"context_line":"    Logging data."},{"line_number":78,"context_line":""}],"source_content_type":"text/x-rst","patch_set":25,"id":"fa80f949_9f17f550","line":75,"in_reply_to":"3a29b11f_ebd420be","updated":"2015-11-04 10:27:06.000000000","message":"ATCP/DTCP are not commonly used abbreviations. This is just our an example for event log description.  Maybe we will update it as below:\n\n:event:\n       Describe event log (Accept ICMP, Deny TCP, ...).\n\nDo you have any suggestion?","commit_id":"9f66d630401fac07e4fe0260fab3651603d37eaf"},{"author":{"_account_id":4656,"name":"Sean M. Collins","email":"sean@coreitpro.com","username":"scollins"},"change_message_id":"7ce86afef10bc00d22f190dc14d1954843582b11","unresolved":false,"context_lines":[{"line_number":79,"context_line":"Example log:"},{"line_number":80,"context_line":""},{"line_number":81,"context_line":"+---------+--------------------------------+---------+--------+-------------+-------+---------------------------------------------+"},{"line_number":82,"context_line":"|timestamp|teannt                          |log level|resource|resouece ID  |event  |payload                                      |"},{"line_number":83,"context_line":"|         |                                |         |type    |             |       |                                             |"},{"line_number":84,"context_line":"+\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d+\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d+\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d+\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d+\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d+\u003d\u003d\u003d\u003d\u003d\u003d\u003d+\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d+"},{"line_number":85,"context_line":"|Aug 10   |8d4c70a21fed4aeba121a1a429ba0d04|7(debug) |sgrule  |1eb261ec-32bd|ATCP   |IN\u003dqbr4c8e2f90-13 OUT\u003dqbr4c8e2f90-13         |"}],"source_content_type":"text/x-rst","patch_set":25,"id":"5a2ca52d_dcfa1343","line":82,"updated":"2015-10-15 22:12:06.000000000","message":"teannt -\u003e tenant","commit_id":"9f66d630401fac07e4fe0260fab3651603d37eaf"},{"author":{"_account_id":13702,"name":"yushiro","username":"yushiro","inactive":true},"change_message_id":"81d46ccb4869640d7927279d6ff7e7b99253afd0","unresolved":false,"context_lines":[{"line_number":79,"context_line":"Example log:"},{"line_number":80,"context_line":""},{"line_number":81,"context_line":"+---------+--------------------------------+---------+--------+-------------+-------+---------------------------------------------+"},{"line_number":82,"context_line":"|timestamp|teannt                          |log level|resource|resouece ID  |event  |payload                                      |"},{"line_number":83,"context_line":"|         |                                |         |type    |             |       |                                             |"},{"line_number":84,"context_line":"+\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d+\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d+\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d+\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d+\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d+\u003d\u003d\u003d\u003d\u003d\u003d\u003d+\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d+"},{"line_number":85,"context_line":"|Aug 10   |8d4c70a21fed4aeba121a1a429ba0d04|7(debug) |sgrule  |1eb261ec-32bd|ATCP   |IN\u003dqbr4c8e2f90-13 OUT\u003dqbr4c8e2f90-13         |"}],"source_content_type":"text/x-rst","patch_set":25,"id":"fa80f949_e2522413","line":82,"in_reply_to":"5a2ca52d_86f67df7","updated":"2015-11-04 10:27:06.000000000","message":"Done","commit_id":"9f66d630401fac07e4fe0260fab3651603d37eaf"},{"author":{"_account_id":16788,"name":"Ramanjaneya Reddy Palleti","email":"ramanjaneya.palleti@huawei.com","username":"Ramanjaneya"},"change_message_id":"1c7845c3ab322604ede023a02a142150b02918a0","unresolved":false,"context_lines":[{"line_number":79,"context_line":"Example log:"},{"line_number":80,"context_line":""},{"line_number":81,"context_line":"+---------+--------------------------------+---------+--------+-------------+-------+---------------------------------------------+"},{"line_number":82,"context_line":"|timestamp|teannt                          |log level|resource|resouece ID  |event  |payload                                      |"},{"line_number":83,"context_line":"|         |                                |         |type    |             |       |                                             |"},{"line_number":84,"context_line":"+\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d+\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d+\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d+\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d+\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d+\u003d\u003d\u003d\u003d\u003d\u003d\u003d+\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d+"},{"line_number":85,"context_line":"|Aug 10   |8d4c70a21fed4aeba121a1a429ba0d04|7(debug) |sgrule  |1eb261ec-32bd|ATCP   |IN\u003dqbr4c8e2f90-13 OUT\u003dqbr4c8e2f90-13         |"}],"source_content_type":"text/x-rst","patch_set":25,"id":"5a2ca52d_86f67df7","line":82,"in_reply_to":"5a2ca52d_dcfa1343","updated":"2015-10-16 04:25:13.000000000","message":"Change to \"tena\"nt","commit_id":"9f66d630401fac07e4fe0260fab3651603d37eaf"},{"author":{"_account_id":13702,"name":"yushiro","username":"yushiro","inactive":true},"change_message_id":"81d46ccb4869640d7927279d6ff7e7b99253afd0","unresolved":false,"context_lines":[{"line_number":79,"context_line":"Example log:"},{"line_number":80,"context_line":""},{"line_number":81,"context_line":"+---------+--------------------------------+---------+--------+-------------+-------+---------------------------------------------+"},{"line_number":82,"context_line":"|timestamp|teannt                          |log level|resource|resouece ID  |event  |payload                                      |"},{"line_number":83,"context_line":"|         |                                |         |type    |             |       |                                             |"},{"line_number":84,"context_line":"+\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d+\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d+\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d+\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d+\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d+\u003d\u003d\u003d\u003d\u003d\u003d\u003d+\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d+"},{"line_number":85,"context_line":"|Aug 10   |8d4c70a21fed4aeba121a1a429ba0d04|7(debug) |sgrule  |1eb261ec-32bd|ATCP   |IN\u003dqbr4c8e2f90-13 OUT\u003dqbr4c8e2f90-13         |"}],"source_content_type":"text/x-rst","patch_set":25,"id":"fa80f949_c24da073","line":82,"in_reply_to":"5a2ca52d_dcfa1343","updated":"2015-11-04 10:27:06.000000000","message":"Done","commit_id":"9f66d630401fac07e4fe0260fab3651603d37eaf"},{"author":{"_account_id":6854,"name":"YAMAMOTO Takashi","email":"yamamoto@midokura.com","username":"yamamoto"},"change_message_id":"5ad4966de2064931b15c20e4cc3db5228f2a09b2","unresolved":false,"context_lines":[{"line_number":116,"context_line":"+--------------+-------+-------+----------+------------+----------------------+"},{"line_number":117,"context_line":""},{"line_number":118,"context_line":""},{"line_number":119,"context_line":"The LoggerDriver object has the following attributes:"},{"line_number":120,"context_line":""},{"line_number":121,"context_line":"+--------------+-------+-------+----------+------------+----------------------+"},{"line_number":122,"context_line":"|Attribute     |Type   |Access |Default   |Validation/ |Description           |"}],"source_content_type":"text/x-rst","patch_set":25,"id":"3a29b11f_6e47be4b","line":119,"updated":"2015-10-20 09:25:08.000000000","message":"who and how fills this table?","commit_id":"9f66d630401fac07e4fe0260fab3651603d37eaf"},{"author":{"_account_id":13702,"name":"yushiro","username":"yushiro","inactive":true},"change_message_id":"81d46ccb4869640d7927279d6ff7e7b99253afd0","unresolved":false,"context_lines":[{"line_number":116,"context_line":"+--------------+-------+-------+----------+------------+----------------------+"},{"line_number":117,"context_line":""},{"line_number":118,"context_line":""},{"line_number":119,"context_line":"The LoggerDriver object has the following attributes:"},{"line_number":120,"context_line":""},{"line_number":121,"context_line":"+--------------+-------+-------+----------+------------+----------------------+"},{"line_number":122,"context_line":"|Attribute     |Type   |Access |Default   |Validation/ |Description           |"}],"source_content_type":"text/x-rst","patch_set":25,"id":"fa80f949_42b0d043","line":119,"in_reply_to":"3a29b11f_6e47be4b","updated":"2015-11-04 10:27:06.000000000","message":"You can see line 331-354 in this specs and we will update data model for more clear.  Please just a moment :)","commit_id":"9f66d630401fac07e4fe0260fab3651603d37eaf"},{"author":{"_account_id":6854,"name":"YAMAMOTO Takashi","email":"yamamoto@midokura.com","username":"yamamoto"},"change_message_id":"5ad4966de2064931b15c20e4cc3db5228f2a09b2","unresolved":false,"context_lines":[{"line_number":162,"context_line":"|              |       |       |       |           |for this logging resource |"},{"line_number":163,"context_line":"|              |       |       |       |           |ID                        |"},{"line_number":164,"context_line":"+--------------+-------+-------+-------+-----------+--------------------------+"},{"line_number":165,"context_line":"|log_id        |uuid   |RW     |N/A    |uuid       |Specify Logging resource  |"},{"line_number":166,"context_line":"|              |       |       |       |           |ID attach this rule.      |"},{"line_number":167,"context_line":"+--------------+-------+-------+-------+-----------+--------------------------+"},{"line_number":168,"context_line":""}],"source_content_type":"text/x-rst","patch_set":25,"id":"3a29b11f_ab85c8ad","line":165,"updated":"2015-10-20 09:25:08.000000000","message":"an log_id can be used for multiple xxxRuleLogging instances?","commit_id":"9f66d630401fac07e4fe0260fab3651603d37eaf"},{"author":{"_account_id":13702,"name":"yushiro","username":"yushiro","inactive":true},"change_message_id":"81d46ccb4869640d7927279d6ff7e7b99253afd0","unresolved":false,"context_lines":[{"line_number":162,"context_line":"|              |       |       |       |           |for this logging resource |"},{"line_number":163,"context_line":"|              |       |       |       |           |ID                        |"},{"line_number":164,"context_line":"+--------------+-------+-------+-------+-----------+--------------------------+"},{"line_number":165,"context_line":"|log_id        |uuid   |RW     |N/A    |uuid       |Specify Logging resource  |"},{"line_number":166,"context_line":"|              |       |       |       |           |ID attach this rule.      |"},{"line_number":167,"context_line":"+--------------+-------+-------+-------+-----------+--------------------------+"},{"line_number":168,"context_line":""}],"source_content_type":"text/x-rst","patch_set":25,"id":"fa80f949_02bf28fc","line":165,"in_reply_to":"3a29b11f_ab85c8ad","updated":"2015-11-04 10:27:06.000000000","message":"Yes.","commit_id":"9f66d630401fac07e4fe0260fab3651603d37eaf"},{"author":{"_account_id":6854,"name":"YAMAMOTO Takashi","email":"yamamoto@midokura.com","username":"yamamoto"},"change_message_id":"5ad4966de2064931b15c20e4cc3db5228f2a09b2","unresolved":false,"context_lines":[{"line_number":217,"context_line":"                            \u0027validate\u0027: {\u0027type:string\u0027: None},"},{"line_number":218,"context_line":"                            \u0027default\u0027: None, \u0027is_visible\u0027: True},"},{"line_number":219,"context_line":"            \u0027resource_type\u0027: {\u0027allow_post\u0027: True, \u0027allow_put\u0027: False,"},{"line_number":220,"context_line":"                              \u0027is_visible\u0027: True, \u0027default\u0027: \u0027info\u0027},"},{"line_number":221,"context_line":"            \u0027log_driver\u0027: {\u0027allow_post\u0027: False, \u0027allow_put\u0027: False,"},{"line_number":222,"context_line":"                           \u0027is_visible\u0027: True},"},{"line_number":223,"context_line":"            \u0027resource_ids\u0027: {\u0027allow_post\u0027: False, \u0027allow_put\u0027: False,"}],"source_content_type":"text/x-rst","patch_set":25,"id":"3a29b11f_4b82f495","line":220,"updated":"2015-10-20 09:25:08.000000000","message":"\u0027info\u0027 ?  is this a copy-and-paste error?","commit_id":"9f66d630401fac07e4fe0260fab3651603d37eaf"},{"author":{"_account_id":13702,"name":"yushiro","username":"yushiro","inactive":true},"change_message_id":"81d46ccb4869640d7927279d6ff7e7b99253afd0","unresolved":false,"context_lines":[{"line_number":217,"context_line":"                            \u0027validate\u0027: {\u0027type:string\u0027: None},"},{"line_number":218,"context_line":"                            \u0027default\u0027: None, \u0027is_visible\u0027: True},"},{"line_number":219,"context_line":"            \u0027resource_type\u0027: {\u0027allow_post\u0027: True, \u0027allow_put\u0027: False,"},{"line_number":220,"context_line":"                              \u0027is_visible\u0027: True, \u0027default\u0027: \u0027info\u0027},"},{"line_number":221,"context_line":"            \u0027log_driver\u0027: {\u0027allow_post\u0027: False, \u0027allow_put\u0027: False,"},{"line_number":222,"context_line":"                           \u0027is_visible\u0027: True},"},{"line_number":223,"context_line":"            \u0027resource_ids\u0027: {\u0027allow_post\u0027: False, \u0027allow_put\u0027: False,"}],"source_content_type":"text/x-rst","patch_set":25,"id":"fa80f949_22534ce3","line":220,"in_reply_to":"3a29b11f_4b82f495","updated":"2015-11-04 10:27:06.000000000","message":"Yes....\n\nWe\u0027ll correct it in next patch.","commit_id":"9f66d630401fac07e4fe0260fab3651603d37eaf"},{"author":{"_account_id":4656,"name":"Sean M. Collins","email":"sean@coreitpro.com","username":"scollins"},"change_message_id":"f5ee26b780a68df99dc615e6c35894c1d9283eda","unresolved":false,"context_lines":[{"line_number":355,"context_line":"        PUT /v2.0/security-group-rules/e30abd17-fef9-4739-8617-dc26da88e686"},{"line_number":356,"context_line":"        {"},{"line_number":357,"context_line":"            \"security_group_rule\": {"},{"line_number":358,"context_line":"                \"log_id\": \"8d4c70a21fed4aeba121a1a429ba0d04\""},{"line_number":359,"context_line":"            }"},{"line_number":360,"context_line":"        }"},{"line_number":361,"context_line":""}],"source_content_type":"text/x-rst","patch_set":25,"id":"5a2ca52d_bcce372c","line":358,"updated":"2015-10-15 22:11:24.000000000","message":"Is this value correct? The only other places where \"8d4c70a21fed4aeba121a1a429ba0d04\" is used is as a tenant_id.","commit_id":"9f66d630401fac07e4fe0260fab3651603d37eaf"},{"author":{"_account_id":13702,"name":"yushiro","username":"yushiro","inactive":true},"change_message_id":"81d46ccb4869640d7927279d6ff7e7b99253afd0","unresolved":false,"context_lines":[{"line_number":355,"context_line":"        PUT /v2.0/security-group-rules/e30abd17-fef9-4739-8617-dc26da88e686"},{"line_number":356,"context_line":"        {"},{"line_number":357,"context_line":"            \"security_group_rule\": {"},{"line_number":358,"context_line":"                \"log_id\": \"8d4c70a21fed4aeba121a1a429ba0d04\""},{"line_number":359,"context_line":"            }"},{"line_number":360,"context_line":"        }"},{"line_number":361,"context_line":""}],"source_content_type":"text/x-rst","patch_set":25,"id":"fa80f949_c205a0c2","line":358,"in_reply_to":"5a2ca52d_bcce372c","updated":"2015-11-04 10:27:06.000000000","message":"It should be \"46ebaec0-0570-43ac-82f6-60d2b03168c4\". Sorry for my mistake.","commit_id":"9f66d630401fac07e4fe0260fab3651603d37eaf"},{"author":{"_account_id":4656,"name":"Sean M. Collins","email":"sean@coreitpro.com","username":"scollins"},"change_message_id":"17f018bfe4a8a95bd71245388dda6d41e9dff3bb","unresolved":false,"context_lines":[{"line_number":364,"context_line":"            \"security_group_rule\": {"},{"line_number":365,"context_line":"                \"id\": \"e30abd17-fef9-4739-8617-dc26da88e686\","},{"line_number":366,"context_line":"                \"tenant_id\": \"8d4c70a21fed4aeba121a1a429ba0d04\","},{"line_number":367,"context_line":"                ..."},{"line_number":368,"context_line":"                \"log_id\": \"46ebaec0-0570-43ac-82f6-60d2b03168c4\","},{"line_number":369,"context_line":"            }"},{"line_number":370,"context_line":"        }"}],"source_content_type":"text/x-rst","patch_set":25,"id":"5a2ca52d_b965e9b5","line":367,"updated":"2015-10-15 21:33:38.000000000","message":"can you please add all the attributes? I assume ... means you\u0027re skipping some","commit_id":"9f66d630401fac07e4fe0260fab3651603d37eaf"},{"author":{"_account_id":13702,"name":"yushiro","username":"yushiro","inactive":true},"change_message_id":"81d46ccb4869640d7927279d6ff7e7b99253afd0","unresolved":false,"context_lines":[{"line_number":364,"context_line":"            \"security_group_rule\": {"},{"line_number":365,"context_line":"                \"id\": \"e30abd17-fef9-4739-8617-dc26da88e686\","},{"line_number":366,"context_line":"                \"tenant_id\": \"8d4c70a21fed4aeba121a1a429ba0d04\","},{"line_number":367,"context_line":"                ..."},{"line_number":368,"context_line":"                \"log_id\": \"46ebaec0-0570-43ac-82f6-60d2b03168c4\","},{"line_number":369,"context_line":"            }"},{"line_number":370,"context_line":"        }"}],"source_content_type":"text/x-rst","patch_set":25,"id":"fa80f949_42fa10bf","line":367,"in_reply_to":"5a2ca52d_b965e9b5","updated":"2015-11-04 10:27:06.000000000","message":"Sure. We will update it in next revision.","commit_id":"9f66d630401fac07e4fe0260fab3651603d37eaf"}],"specs/newton/logging-API-for-security-group-rules.rst":[{"author":{"_account_id":6854,"name":"YAMAMOTO Takashi","email":"yamamoto@midokura.com","username":"yamamoto"},"change_message_id":"979efd484f81cb138a71a12030d4966c93b2677b","unresolved":false,"context_lines":[{"line_number":17,"context_line":""},{"line_number":18,"context_line":"Inspecting what happened on network traffic is necessary for *operator*"},{"line_number":19,"context_line":"(including cloud administrator and developer) to tackle a problem."},{"line_number":20,"context_line":"The following are some common use cases:"},{"line_number":21,"context_line":""},{"line_number":22,"context_line":"* When *operator* has common network issue such as:"},{"line_number":23,"context_line":""}],"source_content_type":"text/x-rst","patch_set":38,"id":"dab17558_398381ce","line":20,"updated":"2016-05-06 10:16:50.000000000","message":"have you considered tap-as-a-service? :-)","commit_id":"88cf65bad2e7e87b22d2a3d64933bbb033f7e908"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"8ca2e8c3c75a7956cd3483b2ec99b0683a2d2328","unresolved":false,"context_lines":[{"line_number":17,"context_line":""},{"line_number":18,"context_line":"Inspecting what happened on network traffic is necessary for *operator*"},{"line_number":19,"context_line":"(including cloud administrator and developer) to tackle a problem."},{"line_number":20,"context_line":"The following are some common use cases:"},{"line_number":21,"context_line":""},{"line_number":22,"context_line":"* When *operator* has common network issue such as:"},{"line_number":23,"context_line":""}],"source_content_type":"text/x-rst","patch_set":38,"id":"dab17558_7965921c","line":20,"in_reply_to":"dab17558_398381ce","updated":"2016-05-10 10:08:22.000000000","message":"Thanks for your suggestion. According to my understanding, Taas will difficult to recognize security-group-rules work as expected or not in case security group implementation base on iptables. Taas will be a good solution in case security group implementation base on ovs, then we can consider Taas as a security group logging driver for Logging API. :-)","commit_id":"88cf65bad2e7e87b22d2a3d64933bbb033f7e908"},{"author":{"_account_id":6854,"name":"YAMAMOTO Takashi","email":"yamamoto@midokura.com","username":"yamamoto"},"change_message_id":"979efd484f81cb138a71a12030d4966c93b2677b","unresolved":false,"context_lines":[{"line_number":61,"context_line":""},{"line_number":62,"context_line":"The objective of this spec is to:"},{"line_number":63,"context_line":""},{"line_number":64,"context_line":"* **Define format and ways to collect security-group-rules related events**."},{"line_number":65,"context_line":""},{"line_number":66,"context_line":"We propose a logging API to collect security-group-rules related events,"},{"line_number":67,"context_line":"then *operator* can access directly to file or syslog on compute host to"}],"source_content_type":"text/x-rst","patch_set":38,"id":"dab17558_39d1c1ce","line":64,"range":{"start_line":64,"start_character":59,"end_line":64,"end_character":66},"updated":"2016-05-06 10:16:50.000000000","message":"i couldn\u0027t find the definition of \"related\" in this spec.","commit_id":"88cf65bad2e7e87b22d2a3d64933bbb033f7e908"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"8ca2e8c3c75a7956cd3483b2ec99b0683a2d2328","unresolved":false,"context_lines":[{"line_number":61,"context_line":""},{"line_number":62,"context_line":"The objective of this spec is to:"},{"line_number":63,"context_line":""},{"line_number":64,"context_line":"* **Define format and ways to collect security-group-rules related events**."},{"line_number":65,"context_line":""},{"line_number":66,"context_line":"We propose a logging API to collect security-group-rules related events,"},{"line_number":67,"context_line":"then *operator* can access directly to file or syslog on compute host to"}],"source_content_type":"text/x-rst","patch_set":38,"id":"dab17558_542df593","line":64,"range":{"start_line":64,"start_character":59,"end_line":64,"end_character":66},"in_reply_to":"dab17558_39d1c1ce","updated":"2016-05-10 10:08:22.000000000","message":"We\u0027d like to log events such as ACCEPT security event for each direction(ingress/egress) of security group rules or DROP security event on VM port or all events(including ACCEPT \u0026 DROP events) related to security groups.","commit_id":"88cf65bad2e7e87b22d2a3d64933bbb033f7e908"},{"author":{"_account_id":6854,"name":"YAMAMOTO Takashi","email":"yamamoto@midokura.com","username":"yamamoto"},"change_message_id":"979efd484f81cb138a71a12030d4966c93b2677b","unresolved":false,"context_lines":[{"line_number":87,"context_line":""},{"line_number":88,"context_line":"    (1) direction(INGRESS/EGRESS) or uuid of security group rule."},{"line_number":89,"context_line":"    (2) security group uuid."},{"line_number":90,"context_line":"    (3) neutron port uuid."},{"line_number":91,"context_line":""},{"line_number":92,"context_line":"Logged data will be collected to files or syslog, that depends on logger"},{"line_number":93,"context_line":"back-end implementation. Currently, we only support file or syslog."}],"source_content_type":"text/x-rst","patch_set":38,"id":"dab17558_19eddd8b","line":90,"updated":"2016-05-06 10:16:50.000000000","message":"i guess these need more explanation.","commit_id":"88cf65bad2e7e87b22d2a3d64933bbb033f7e908"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"8ca2e8c3c75a7956cd3483b2ec99b0683a2d2328","unresolved":false,"context_lines":[{"line_number":87,"context_line":""},{"line_number":88,"context_line":"    (1) direction(INGRESS/EGRESS) or uuid of security group rule."},{"line_number":89,"context_line":"    (2) security group uuid."},{"line_number":90,"context_line":"    (3) neutron port uuid."},{"line_number":91,"context_line":""},{"line_number":92,"context_line":"Logged data will be collected to files or syslog, that depends on logger"},{"line_number":93,"context_line":"back-end implementation. Currently, we only support file or syslog."}],"source_content_type":"text/x-rst","patch_set":38,"id":"dab17558_14e36d34","line":90,"in_reply_to":"dab17558_19eddd8b","updated":"2016-05-10 10:08:22.000000000","message":"Yeah, I\u0027d like to update this paragraph (L73-L90) as below:\n\nThe events related to security groups will be collected:\n(1) ACCEPT security events for each direction(ingress/egress) of security-group-rules.\n(2) DROP security events\n\nThese events can be specified by:\n(1) direction(INGRESS/EGRESS) of security-group-rule or DROP or ALL (including ACCEPT \u0026 DROP events of security groups)\n(2) security group uuid\n(3) neutron port uuid\n\nThis API can be used for some cases as below:\n\n(1) events of security groups applied to a specific neutron port.\n(2) events of a specific security group applied to a specific neutron port.\n(3) events of a specific security group applied to all ports.\n(4) events of all security groups in a tenant.","commit_id":"88cf65bad2e7e87b22d2a3d64933bbb033f7e908"},{"author":{"_account_id":6854,"name":"YAMAMOTO Takashi","email":"yamamoto@midokura.com","username":"yamamoto"},"change_message_id":"979efd484f81cb138a71a12030d4966c93b2677b","unresolved":false,"context_lines":[{"line_number":183,"context_line":""},{"line_number":184,"context_line":"    step5: When operator has a network issue related VM1 such as \"I can\u0027t access"},{"line_number":185,"context_line":"           to VM1 by ping/ssh\". At this point, the operator can retrieve logged"},{"line_number":186,"context_line":"           data by accessing to file (e.g file name: sg-log-tenant-demo) or"},{"line_number":187,"context_line":"           syslog on compute host to track information related ICMP/SSH such as:"},{"line_number":188,"context_line":""},{"line_number":189,"context_line":"           * Are there ICMP/SSH packets incoming VM1 (by filtering logged data"}],"source_content_type":"text/x-rst","patch_set":38,"id":"dab17558_b9aad117","line":186,"range":{"start_line":186,"start_character":53,"end_line":186,"end_character":71},"updated":"2016-05-06 10:16:50.000000000","message":"how an operator can know the file name and its location?","commit_id":"88cf65bad2e7e87b22d2a3d64933bbb033f7e908"},{"author":{"_account_id":8655,"name":"Jakub Libosvar","email":"libosvar@redhat.com","username":"jlibosva"},"change_message_id":"da5601a7b7ecf252463517b3a2001e6712b2f93a","unresolved":false,"context_lines":[{"line_number":183,"context_line":""},{"line_number":184,"context_line":"    step5: When operator has a network issue related VM1 such as \"I can\u0027t access"},{"line_number":185,"context_line":"           to VM1 by ping/ssh\". At this point, the operator can retrieve logged"},{"line_number":186,"context_line":"           data by accessing to file (e.g file name: sg-log-tenant-demo) or"},{"line_number":187,"context_line":"           syslog on compute host to track information related ICMP/SSH such as:"},{"line_number":188,"context_line":""},{"line_number":189,"context_line":"           * Are there ICMP/SSH packets incoming VM1 (by filtering logged data"}],"source_content_type":"text/x-rst","patch_set":38,"id":"dab17558_ed1ac96d","line":186,"range":{"start_line":186,"start_character":53,"end_line":186,"end_character":71},"in_reply_to":"dab17558_b9aad117","updated":"2016-05-06 13:52:11.000000000","message":"If I get it right, he created a logging-resource in step two, name is on L110.","commit_id":"88cf65bad2e7e87b22d2a3d64933bbb033f7e908"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"8ca2e8c3c75a7956cd3483b2ec99b0683a2d2328","unresolved":false,"context_lines":[{"line_number":183,"context_line":""},{"line_number":184,"context_line":"    step5: When operator has a network issue related VM1 such as \"I can\u0027t access"},{"line_number":185,"context_line":"           to VM1 by ping/ssh\". At this point, the operator can retrieve logged"},{"line_number":186,"context_line":"           data by accessing to file (e.g file name: sg-log-tenant-demo) or"},{"line_number":187,"context_line":"           syslog on compute host to track information related ICMP/SSH such as:"},{"line_number":188,"context_line":""},{"line_number":189,"context_line":"           * Are there ICMP/SSH packets incoming VM1 (by filtering logged data"}],"source_content_type":"text/x-rst","patch_set":38,"id":"dab17558_34f031c9","line":186,"range":{"start_line":186,"start_character":53,"end_line":186,"end_character":71},"in_reply_to":"dab17558_ed1ac96d","updated":"2016-05-10 10:08:22.000000000","message":"@Yamamoto, @Jakub:\nLocation will be defined in configuration file by cloud\u0027s deployer. File name looks like sg-\u003ctenant-uuid\u003e.log. For example: /var/log/neutron/sg-\u003ctenant-uuid\u003e.log\n\nSo I will update this as below: /var/log/neutron/sg-8d4c70a21fed4aeba121a1a429ba0d04.log\n\nHow do you think?","commit_id":"88cf65bad2e7e87b22d2a3d64933bbb033f7e908"},{"author":{"_account_id":6854,"name":"YAMAMOTO Takashi","email":"yamamoto@midokura.com","username":"yamamoto"},"change_message_id":"979efd484f81cb138a71a12030d4966c93b2677b","unresolved":false,"context_lines":[{"line_number":205,"context_line":"|tenant_id   |uuid   |RO      |N/A       |uuid       |Id of tenant that created   |"},{"line_number":206,"context_line":"|            |       |        |          |           |this LoggingResource        |"},{"line_number":207,"context_line":"+------------+-------+--------+----------+-----------+----------------------------+"},{"line_number":208,"context_line":"|name        |string |RW(No   |N/A       |none       |LoggingResource name        |"},{"line_number":209,"context_line":"|            |       |update) |          |           |                            |"},{"line_number":210,"context_line":"+------------+-------+--------+----------+-----------+----------------------------+"},{"line_number":211,"context_line":"|description |string |RW      |N/A       |none       |LoggingResource description |"}],"source_content_type":"text/x-rst","patch_set":38,"id":"dab17558_3426e868","line":208,"range":{"start_line":208,"start_character":22,"end_line":208,"end_character":24},"updated":"2016-05-06 10:16:50.000000000","message":"what do you mean by \"RW(No update)\"?","commit_id":"88cf65bad2e7e87b22d2a3d64933bbb033f7e908"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"8ca2e8c3c75a7956cd3483b2ec99b0683a2d2328","unresolved":false,"context_lines":[{"line_number":205,"context_line":"|tenant_id   |uuid   |RO      |N/A       |uuid       |Id of tenant that created   |"},{"line_number":206,"context_line":"|            |       |        |          |           |this LoggingResource        |"},{"line_number":207,"context_line":"+------------+-------+--------+----------+-----------+----------------------------+"},{"line_number":208,"context_line":"|name        |string |RW(No   |N/A       |none       |LoggingResource name        |"},{"line_number":209,"context_line":"|            |       |update) |          |           |                            |"},{"line_number":210,"context_line":"+------------+-------+--------+----------+-----------+----------------------------+"},{"line_number":211,"context_line":"|description |string |RW      |N/A       |none       |LoggingResource description |"}],"source_content_type":"text/x-rst","patch_set":38,"id":"dab17558_34acb18b","line":208,"range":{"start_line":208,"start_character":22,"end_line":208,"end_character":24},"in_reply_to":"dab17558_3426e868","updated":"2016-05-10 10:08:22.000000000","message":"RW(No update) is mean allow write to an attribute, but does not allow update to that attribute.","commit_id":"88cf65bad2e7e87b22d2a3d64933bbb033f7e908"},{"author":{"_account_id":6854,"name":"YAMAMOTO Takashi","email":"yamamoto@midokura.com","username":"yamamoto"},"change_message_id":"979efd484f81cb138a71a12030d4966c93b2677b","unresolved":false,"context_lines":[{"line_number":212,"context_line":"+------------+-------+--------+----------+-----------+----------------------------+"},{"line_number":213,"context_line":"|enabled     |bool   |RW      |False     |Boolean    |Enable/disable log          |"},{"line_number":214,"context_line":"+------------+-------+--------+----------+-----------+----------------------------+"},{"line_number":215,"context_line":"|log_type    |string |RW(No   |N/A       |enum       |Type of resource log        |"},{"line_number":216,"context_line":"|            |       |update) |          |           |                            |"},{"line_number":217,"context_line":"+------------+-------+--------+----------+-----------+----------------------------+"},{"line_number":218,"context_line":""}],"source_content_type":"text/x-rst","patch_set":38,"id":"dab17558_595be554","line":215,"range":{"start_line":215,"start_character":54,"end_line":215,"end_character":74},"updated":"2016-05-06 10:16:50.000000000","message":"is this always \"security_groups\"?","commit_id":"88cf65bad2e7e87b22d2a3d64933bbb033f7e908"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"8ca2e8c3c75a7956cd3483b2ec99b0683a2d2328","unresolved":false,"context_lines":[{"line_number":212,"context_line":"+------------+-------+--------+----------+-----------+----------------------------+"},{"line_number":213,"context_line":"|enabled     |bool   |RW      |False     |Boolean    |Enable/disable log          |"},{"line_number":214,"context_line":"+------------+-------+--------+----------+-----------+----------------------------+"},{"line_number":215,"context_line":"|log_type    |string |RW(No   |N/A       |enum       |Type of resource log        |"},{"line_number":216,"context_line":"|            |       |update) |          |           |                            |"},{"line_number":217,"context_line":"+------------+-------+--------+----------+-----------+----------------------------+"},{"line_number":218,"context_line":""}],"source_content_type":"text/x-rst","patch_set":38,"id":"dab17558_747bd9f5","line":215,"range":{"start_line":215,"start_character":54,"end_line":215,"end_character":74},"in_reply_to":"dab17558_595be554","updated":"2016-05-10 10:08:22.000000000","message":"No, this attribute can be \"security_groups\" or \"firewall\" or others. We\u0027d like to propose LoggingResource model to manage all security event log for each tenant. So I think this attribute does not necessary anymore. I will remove it in next revision.","commit_id":"88cf65bad2e7e87b22d2a3d64933bbb033f7e908"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"43b53baf3a60b5f8689371de9701f5c9ba52c8c3","unresolved":false,"context_lines":[{"line_number":212,"context_line":"+------------+-------+--------+----------+-----------+----------------------------+"},{"line_number":213,"context_line":"|enabled     |bool   |RW      |False     |Boolean    |Enable/disable log          |"},{"line_number":214,"context_line":"+------------+-------+--------+----------+-----------+----------------------------+"},{"line_number":215,"context_line":"|log_type    |string |RW(No   |N/A       |enum       |Type of resource log        |"},{"line_number":216,"context_line":"|            |       |update) |          |           |                            |"},{"line_number":217,"context_line":"+------------+-------+--------+----------+-----------+----------------------------+"},{"line_number":218,"context_line":""}],"source_content_type":"text/x-rst","patch_set":38,"id":"dab17558_dc00b936","line":215,"range":{"start_line":215,"start_character":54,"end_line":215,"end_character":74},"in_reply_to":"dab17558_747bd9f5","updated":"2016-05-11 04:56:40.000000000","message":"Sorry for confusing you, I did re-thinking that \u0027log_type\u0027 is necessary. logging_resource object is intended to be a generic container. Adding read-only \"log_type\" field (\"log_type\": [\"security_group\", ...]) will help API consumers expects what field is available. It makes sense. So I\u0027d like to keep and update this field. Please inform me if you have any concern.","commit_id":"88cf65bad2e7e87b22d2a3d64933bbb033f7e908"},{"author":{"_account_id":6854,"name":"YAMAMOTO Takashi","email":"yamamoto@midokura.com","username":"yamamoto"},"change_message_id":"979efd484f81cb138a71a12030d4966c93b2677b","unresolved":false,"context_lines":[{"line_number":229,"context_line":"+-------------------+------+------+---------+-----------+-------------------------+"},{"line_number":230,"context_line":"|tenant_id          |uuid  |RO    |N/A      |uuid       |Tenant creates logging   |"},{"line_number":231,"context_line":"+-------------------+------+------+---------+-----------+-------------------------+"},{"line_number":232,"context_line":"|type               |string|RW    |N/A      |enum       |Type of resource log     |"},{"line_number":233,"context_line":"+-------------------+------+------+---------+-----------+-------------------------+"},{"line_number":234,"context_line":""},{"line_number":235,"context_line":"The SecurityGroupLogging model would look like:"}],"source_content_type":"text/x-rst","patch_set":38,"id":"dab17558_59092531","line":232,"range":{"start_line":232,"start_character":57,"end_line":232,"end_character":78},"updated":"2016-05-06 10:16:50.000000000","message":"what\u0027s this?","commit_id":"88cf65bad2e7e87b22d2a3d64933bbb033f7e908"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"8ca2e8c3c75a7956cd3483b2ec99b0683a2d2328","unresolved":false,"context_lines":[{"line_number":229,"context_line":"+-------------------+------+------+---------+-----------+-------------------------+"},{"line_number":230,"context_line":"|tenant_id          |uuid  |RO    |N/A      |uuid       |Tenant creates logging   |"},{"line_number":231,"context_line":"+-------------------+------+------+---------+-----------+-------------------------+"},{"line_number":232,"context_line":"|type               |string|RW    |N/A      |enum       |Type of resource log     |"},{"line_number":233,"context_line":"+-------------------+------+------+---------+-----------+-------------------------+"},{"line_number":234,"context_line":""},{"line_number":235,"context_line":"The SecurityGroupLogging model would look like:"}],"source_content_type":"text/x-rst","patch_set":38,"id":"dab17558_94d47dbd","line":232,"range":{"start_line":232,"start_character":57,"end_line":232,"end_character":78},"in_reply_to":"dab17558_59092531","updated":"2016-05-10 10:08:22.000000000","message":"This is \"security_group_log\" resource or other resource logs. After double checked, I think this attribute does not necessary. So, I will remove it in next revision.","commit_id":"88cf65bad2e7e87b22d2a3d64933bbb033f7e908"},{"author":{"_account_id":6854,"name":"YAMAMOTO Takashi","email":"yamamoto@midokura.com","username":"yamamoto"},"change_message_id":"979efd484f81cb138a71a12030d4966c93b2677b","unresolved":false,"context_lines":[{"line_number":238,"context_line":"|Attribute         |Type   |Access |Default|Validation/|Description               |"},{"line_number":239,"context_line":"|Name              |       |       |Value  |Conversion |                          |"},{"line_number":240,"context_line":"+\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d+\u003d\u003d\u003d\u003d\u003d\u003d\u003d+\u003d\u003d\u003d\u003d\u003d\u003d\u003d+\u003d\u003d\u003d\u003d\u003d\u003d\u003d+\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d+\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d+"},{"line_number":241,"context_line":"|logging_id        |uuid   |RO     |N/A    |uuid       |Logging we extend         |"},{"line_number":242,"context_line":"+------------------+-------+-------+-------+-----------+--------------------------+"},{"line_number":243,"context_line":"|tenant_id         |uuid   |RO     |N/A    |uuid       |Tenant creates logging    |"},{"line_number":244,"context_line":"+------------------+-------+-------+-------+-----------+--------------------------+"}],"source_content_type":"text/x-rst","patch_set":38,"id":"dab17558_b403f8b7","line":241,"range":{"start_line":241,"start_character":56,"end_line":241,"end_character":73},"updated":"2016-05-06 10:16:50.000000000","message":"is this a reference to the above \"Logging object\"?","commit_id":"88cf65bad2e7e87b22d2a3d64933bbb033f7e908"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"8ca2e8c3c75a7956cd3483b2ec99b0683a2d2328","unresolved":false,"context_lines":[{"line_number":238,"context_line":"|Attribute         |Type   |Access |Default|Validation/|Description               |"},{"line_number":239,"context_line":"|Name              |       |       |Value  |Conversion |                          |"},{"line_number":240,"context_line":"+\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d+\u003d\u003d\u003d\u003d\u003d\u003d\u003d+\u003d\u003d\u003d\u003d\u003d\u003d\u003d+\u003d\u003d\u003d\u003d\u003d\u003d\u003d+\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d+\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d+"},{"line_number":241,"context_line":"|logging_id        |uuid   |RO     |N/A    |uuid       |Logging we extend         |"},{"line_number":242,"context_line":"+------------------+-------+-------+-------+-----------+--------------------------+"},{"line_number":243,"context_line":"|tenant_id         |uuid   |RO     |N/A    |uuid       |Tenant creates logging    |"},{"line_number":244,"context_line":"+------------------+-------+-------+-------+-----------+--------------------------+"}],"source_content_type":"text/x-rst","patch_set":38,"id":"dab17558_f404e94a","line":241,"range":{"start_line":241,"start_character":56,"end_line":241,"end_character":73},"in_reply_to":"dab17558_b403f8b7","updated":"2016-05-10 10:08:22.000000000","message":"Ah, Yes. We need to specify logging_resource_id while create a security_group_log resource.","commit_id":"88cf65bad2e7e87b22d2a3d64933bbb033f7e908"},{"author":{"_account_id":8655,"name":"Jakub Libosvar","email":"libosvar@redhat.com","username":"jlibosva"},"change_message_id":"da5601a7b7ecf252463517b3a2001e6712b2f93a","unresolved":false,"context_lines":[{"line_number":397,"context_line":"------------------"},{"line_number":398,"context_line":""},{"line_number":399,"context_line":"Currently, logged data will be stored into file or syslog. So this may be raised"},{"line_number":400,"context_line":"a little bit performance overhead."},{"line_number":401,"context_line":""},{"line_number":402,"context_line":"IPv6 Impact"},{"line_number":403,"context_line":"-----------"}],"source_content_type":"text/x-rst","patch_set":38,"id":"dab17558_0de8ed0f","line":400,"range":{"start_line":400,"start_character":2,"end_line":400,"end_character":12},"updated":"2016-05-06 13:52:11.000000000","message":"Maybe a better estimation would be good to have. Given that you\u0027re going to perform IO operation per packet sounds like more than just \"a little bit\" to me :)","commit_id":"88cf65bad2e7e87b22d2a3d64933bbb033f7e908"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"8ca2e8c3c75a7956cd3483b2ec99b0683a2d2328","unresolved":false,"context_lines":[{"line_number":397,"context_line":"------------------"},{"line_number":398,"context_line":""},{"line_number":399,"context_line":"Currently, logged data will be stored into file or syslog. So this may be raised"},{"line_number":400,"context_line":"a little bit performance overhead."},{"line_number":401,"context_line":""},{"line_number":402,"context_line":"IPv6 Impact"},{"line_number":403,"context_line":"-----------"}],"source_content_type":"text/x-rst","patch_set":38,"id":"dab17558_f4b22993","line":400,"range":{"start_line":400,"start_character":2,"end_line":400,"end_character":12},"in_reply_to":"dab17558_0de8ed0f","updated":"2016-05-10 10:08:22.000000000","message":"In Tokyo summit, We showed performance of system when enable log for security group and firewall, it\u0027s increase about ~4%. Could you please see https://goo.gl/6qKS8L (Japanese) and https://www.youtube.com/watch?v\u003dyBnyD0CPJIE (English).","commit_id":"88cf65bad2e7e87b22d2a3d64933bbb033f7e908"},{"author":{"_account_id":8655,"name":"Jakub Libosvar","email":"libosvar@redhat.com","username":"jlibosva"},"change_message_id":"da5601a7b7ecf252463517b3a2001e6712b2f93a","unresolved":false,"context_lines":[{"line_number":422,"context_line":""},{"line_number":423,"context_line":"None"},{"line_number":424,"context_line":""},{"line_number":425,"context_line":""},{"line_number":426,"context_line":"Alternatives"},{"line_number":427,"context_line":"------------"},{"line_number":428,"context_line":""}],"source_content_type":"text/x-rst","patch_set":38,"id":"dab17558_0d6d8d98","line":425,"updated":"2016-05-06 13:52:11.000000000","message":"Upgrades impact: How is gonna neutron-server talk to older agents that doesn\u0027t implement SG logging? Maybe it would be worth to describe.","commit_id":"88cf65bad2e7e87b22d2a3d64933bbb033f7e908"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"8ca2e8c3c75a7956cd3483b2ec99b0683a2d2328","unresolved":false,"context_lines":[{"line_number":422,"context_line":""},{"line_number":423,"context_line":"None"},{"line_number":424,"context_line":""},{"line_number":425,"context_line":""},{"line_number":426,"context_line":"Alternatives"},{"line_number":427,"context_line":"------------"},{"line_number":428,"context_line":""}],"source_content_type":"text/x-rst","patch_set":38,"id":"dab17558_d42445c6","line":425,"in_reply_to":"dab17558_0d6d8d98","updated":"2016-05-10 10:08:22.000000000","message":"Logging API will be implemented as a service. That means Logging API contain Logging API plugin, Logging API agent and security group logging driver... So I think upgrades impact will be None.","commit_id":"88cf65bad2e7e87b22d2a3d64933bbb033f7e908"},{"author":{"_account_id":6854,"name":"YAMAMOTO Takashi","email":"yamamoto@midokura.com","username":"yamamoto"},"change_message_id":"979efd484f81cb138a71a12030d4966c93b2677b","unresolved":false,"context_lines":[{"line_number":426,"context_line":"Alternatives"},{"line_number":427,"context_line":"------------"},{"line_number":428,"context_line":""},{"line_number":429,"context_line":"Before Mitaka, we should avoid to change the security groups API by extending"},{"line_number":430,"context_line":"security groups resource (adding \u0027logging\u0027 attribute to security groups resource)."},{"line_number":431,"context_line":"It would break the compatibility with the EC2 API."},{"line_number":432,"context_line":""}],"source_content_type":"text/x-rst","patch_set":38,"id":"dab17558_f90459c7","line":429,"range":{"start_line":429,"start_character":7,"end_line":429,"end_character":13},"updated":"2016-05-06 10:16:50.000000000","message":"needs an update?","commit_id":"88cf65bad2e7e87b22d2a3d64933bbb033f7e908"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"8ca2e8c3c75a7956cd3483b2ec99b0683a2d2328","unresolved":false,"context_lines":[{"line_number":426,"context_line":"Alternatives"},{"line_number":427,"context_line":"------------"},{"line_number":428,"context_line":""},{"line_number":429,"context_line":"Before Mitaka, we should avoid to change the security groups API by extending"},{"line_number":430,"context_line":"security groups resource (adding \u0027logging\u0027 attribute to security groups resource)."},{"line_number":431,"context_line":"It would break the compatibility with the EC2 API."},{"line_number":432,"context_line":""}],"source_content_type":"text/x-rst","patch_set":38,"id":"dab17558_8fa8e4dc","line":429,"range":{"start_line":429,"start_character":7,"end_line":429,"end_character":13},"in_reply_to":"dab17558_f90459c7","updated":"2016-05-10 10:08:22.000000000","message":"Ah, We don\u0027t need an update here. \nI will change this to \"Changing the security-group API by adding \u0027logging\u0027 attribute to Security Group API resource. It would break the compatibility with the EC2 API. And we should avoid changing FWaaS API by extend it.\"","commit_id":"88cf65bad2e7e87b22d2a3d64933bbb033f7e908"},{"author":{"_account_id":8655,"name":"Jakub Libosvar","email":"libosvar@redhat.com","username":"jlibosva"},"change_message_id":"da5601a7b7ecf252463517b3a2001e6712b2f93a","unresolved":false,"context_lines":[{"line_number":479,"context_line":"None, since this is covered by the in-tree API tests."},{"line_number":480,"context_line":""},{"line_number":481,"context_line":""},{"line_number":482,"context_line":"Functional Tests"},{"line_number":483,"context_line":"----------------"},{"line_number":484,"context_line":""},{"line_number":485,"context_line":"Regression test with the logging feature enabled."},{"line_number":486,"context_line":"Test if the logging feature actually works."},{"line_number":487,"context_line":""},{"line_number":488,"context_line":""},{"line_number":489,"context_line":"API Tests"}],"source_content_type":"text/x-rst","patch_set":38,"id":"dab17558_4d2cb54a","line":486,"range":{"start_line":482,"start_character":0,"end_line":486,"end_character":43},"updated":"2016-05-06 13:52:11.000000000","message":"Maybe fullstack tests make more sense here to test the feature from API level down to iptables.","commit_id":"88cf65bad2e7e87b22d2a3d64933bbb033f7e908"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"8ca2e8c3c75a7956cd3483b2ec99b0683a2d2328","unresolved":false,"context_lines":[{"line_number":479,"context_line":"None, since this is covered by the in-tree API tests."},{"line_number":480,"context_line":""},{"line_number":481,"context_line":""},{"line_number":482,"context_line":"Functional Tests"},{"line_number":483,"context_line":"----------------"},{"line_number":484,"context_line":""},{"line_number":485,"context_line":"Regression test with the logging feature enabled."},{"line_number":486,"context_line":"Test if the logging feature actually works."},{"line_number":487,"context_line":""},{"line_number":488,"context_line":""},{"line_number":489,"context_line":"API Tests"}],"source_content_type":"text/x-rst","patch_set":38,"id":"dab17558_efc6d098","line":486,"range":{"start_line":482,"start_character":0,"end_line":486,"end_character":43},"in_reply_to":"dab17558_4d2cb54a","updated":"2016-05-10 10:08:22.000000000","message":"Thanks for your suggestion, I will add fullstack test to this section.","commit_id":"88cf65bad2e7e87b22d2a3d64933bbb033f7e908"},{"author":{"_account_id":6788,"name":"Rossella Sblendido","email":"rsblendido@suse.com","username":"rossella-o"},"change_message_id":"ec417318e9261b37d664c577a99bdde670c4677b","unresolved":false,"context_lines":[{"line_number":15,"context_line":"Problem Description"},{"line_number":16,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":17,"context_line":""},{"line_number":18,"context_line":"Inspecting what happened on network traffic is necessary for *operator*"},{"line_number":19,"context_line":"(including cloud administrator and developer) to tackle a problem."},{"line_number":20,"context_line":"The following are some common use cases:"},{"line_number":21,"context_line":""}],"source_content_type":"text/x-rst","patch_set":39,"id":"dab17558_a67c3721","line":18,"updated":"2016-05-13 13:21:48.000000000","message":"You stress here the inspection part and the ability to be able to debug issues. If it\u0027s about that, my comment would be that there are other tools that can be used, e.g. taas and we probably don\u0027t need this spec :)\nI recall that when we talked in Austin you answered that with taas or other tools we don\u0027t have any logging and in some scenario we want logs for some compliance reason. I would stress that here. For me that\u0027s the major reason to get this feature done, since for debugging there are other options.","commit_id":"37b311f1b67b9500784763f1e4ea5fa9335c3c9b"},{"author":{"_account_id":7715,"name":"Hirofumi Ichihara","email":"ichihara.hirofumi@gmail.com","username":"Hirofumi-Ichihara"},"change_message_id":"b2ac6bbac365e42141302c1d015eab328bc1576e","unresolved":false,"context_lines":[{"line_number":15,"context_line":"Problem Description"},{"line_number":16,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":17,"context_line":""},{"line_number":18,"context_line":"Inspecting what happened on network traffic is necessary for *operator*"},{"line_number":19,"context_line":"(including cloud administrator and developer) to tackle a problem."},{"line_number":20,"context_line":"The following are some common use cases:"},{"line_number":21,"context_line":""}],"source_content_type":"text/x-rst","patch_set":39,"id":"dab17558_b946a8bd","line":18,"in_reply_to":"dab17558_a67c3721","updated":"2016-05-17 01:54:55.000000000","message":"I had the same question. If this feature is for operator, they can easily debug such issues as administrator of the cloud. However, I can understand a use case which we want logs for compliance reason. Actually our private cloud has the same problem, for example, when certain VM illegally communicated, we operator must specify the VM and submit his all communication log *immediately*. Can you make spec clear about the use case?","commit_id":"37b311f1b67b9500784763f1e4ea5fa9335c3c9b"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"a50edfb607d8c611f607f418c1aa23d4bd1b80e9","unresolved":false,"context_lines":[{"line_number":15,"context_line":"Problem Description"},{"line_number":16,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":17,"context_line":""},{"line_number":18,"context_line":"Inspecting what happened on network traffic is necessary for *operator*"},{"line_number":19,"context_line":"(including cloud administrator and developer) to tackle a problem."},{"line_number":20,"context_line":"The following are some common use cases:"},{"line_number":21,"context_line":""}],"source_content_type":"text/x-rst","patch_set":39,"id":"bab6814e_7be461e0","line":18,"in_reply_to":"dab17558_a67c3721","updated":"2016-05-20 11:25:46.000000000","message":"Indeed, troubleshooting connectivity issue we can use other tools as taas, tcp dump,...As my understanding, taas, other tools(eg tcp dump) are only getting packet information not include security event ACCEPT/DROP that we need for some compliance reasons. So this spec intends to collect security events (ACCEPT/DROP event) related to security groups. That is the most important target of my feature.","commit_id":"37b311f1b67b9500784763f1e4ea5fa9335c3c9b"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"a50edfb607d8c611f607f418c1aa23d4bd1b80e9","unresolved":false,"context_lines":[{"line_number":15,"context_line":"Problem Description"},{"line_number":16,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":17,"context_line":""},{"line_number":18,"context_line":"Inspecting what happened on network traffic is necessary for *operator*"},{"line_number":19,"context_line":"(including cloud administrator and developer) to tackle a problem."},{"line_number":20,"context_line":"The following are some common use cases:"},{"line_number":21,"context_line":""}],"source_content_type":"text/x-rst","patch_set":39,"id":"bab6814e_26e3e034","line":18,"in_reply_to":"dab17558_b946a8bd","updated":"2016-05-20 11:25:46.000000000","message":"Welcome to my spec, Hirofumi. Thank for your suggestion. I\u0027ve updated your use case into my spec in API operation sample section in patch-set 40. However, i\u0027m not sure they definitely the same. Could you please review for me?","commit_id":"37b311f1b67b9500784763f1e4ea5fa9335c3c9b"},{"author":{"_account_id":6788,"name":"Rossella Sblendido","email":"rsblendido@suse.com","username":"rossella-o"},"change_message_id":"ec417318e9261b37d664c577a99bdde670c4677b","unresolved":false,"context_lines":[{"line_number":31,"context_line":""},{"line_number":32,"context_line":"  For troubleshooting process."},{"line_number":33,"context_line":""},{"line_number":34,"context_line":"* In some cases, *operator* wants to monitor network traffic flows such as:"},{"line_number":35,"context_line":""},{"line_number":36,"context_line":"  * North-south network traffic travels between an instance and external network."},{"line_number":37,"context_line":"  * East-west network traffic travels between instances."}],"source_content_type":"text/x-rst","patch_set":39,"id":"dab17558_86d653c1","line":34,"updated":"2016-05-13 13:21:48.000000000","message":"as per my previous comment, this should be the first point","commit_id":"37b311f1b67b9500784763f1e4ea5fa9335c3c9b"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"a50edfb607d8c611f607f418c1aa23d4bd1b80e9","unresolved":false,"context_lines":[{"line_number":31,"context_line":""},{"line_number":32,"context_line":"  For troubleshooting process."},{"line_number":33,"context_line":""},{"line_number":34,"context_line":"* In some cases, *operator* wants to monitor network traffic flows such as:"},{"line_number":35,"context_line":""},{"line_number":36,"context_line":"  * North-south network traffic travels between an instance and external network."},{"line_number":37,"context_line":"  * East-west network traffic travels between instances."}],"source_content_type":"text/x-rst","patch_set":39,"id":"bab6814e_a6e070fb","line":34,"in_reply_to":"dab17558_86d653c1","updated":"2016-05-20 11:25:46.000000000","message":"I\u0027ve updated my spec as your recommend.Thanks.","commit_id":"37b311f1b67b9500784763f1e4ea5fa9335c3c9b"},{"author":{"_account_id":6788,"name":"Rossella Sblendido","email":"rsblendido@suse.com","username":"rossella-o"},"change_message_id":"ec417318e9261b37d664c577a99bdde670c4677b","unresolved":false,"context_lines":[{"line_number":44,"context_line":""},{"line_number":45,"context_line":"  For detecting attack patterns, alert abnormal activities."},{"line_number":46,"context_line":""},{"line_number":47,"context_line":"* When *operator* deploys a security group for number of VMs, they want to"},{"line_number":48,"context_line":"  make sure security-group-rules work as expected."},{"line_number":49,"context_line":""},{"line_number":50,"context_line":"In Neutron, all traffic come in/out instances are managed by security groups."}],"source_content_type":"text/x-rst","patch_set":39,"id":"dab17558_e6559fc6","line":47,"updated":"2016-05-13 13:21:48.000000000","message":"not sure this point is really relevant","commit_id":"37b311f1b67b9500784763f1e4ea5fa9335c3c9b"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"a50edfb607d8c611f607f418c1aa23d4bd1b80e9","unresolved":false,"context_lines":[{"line_number":44,"context_line":""},{"line_number":45,"context_line":"  For detecting attack patterns, alert abnormal activities."},{"line_number":46,"context_line":""},{"line_number":47,"context_line":"* When *operator* deploys a security group for number of VMs, they want to"},{"line_number":48,"context_line":"  make sure security-group-rules work as expected."},{"line_number":49,"context_line":""},{"line_number":50,"context_line":"In Neutron, all traffic come in/out instances are managed by security groups."}],"source_content_type":"text/x-rst","patch_set":39,"id":"bab6814e_c6e5b4dc","line":47,"in_reply_to":"dab17558_e6559fc6","updated":"2016-05-20 11:25:46.000000000","message":"Actually, it can be useful for tenant rather than operator. So I\u0027ve changed from *operator* to *tenant*.","commit_id":"37b311f1b67b9500784763f1e4ea5fa9335c3c9b"},{"author":{"_account_id":6788,"name":"Rossella Sblendido","email":"rsblendido@suse.com","username":"rossella-o"},"change_message_id":"ec417318e9261b37d664c577a99bdde670c4677b","unresolved":false,"context_lines":[{"line_number":54,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":55,"context_line":""},{"line_number":56,"context_line":"Today when traffic doesn\u0027t flow the way it is supposed to (as prescribed by"},{"line_number":57,"context_line":"security-group-rules), learning what happened can be achieved by painstakingly"},{"line_number":58,"context_line":"browsing distributed logs. To improve the situation, we\u0027d do the following:"},{"line_number":59,"context_line":""},{"line_number":60,"context_line":"* Capture security events when they occur."}],"source_content_type":"text/x-rst","patch_set":39,"id":"dab17558_e6fc7f40","line":57,"updated":"2016-05-13 13:21:48.000000000","message":"again is this all about debugging? I don\u0027t think so","commit_id":"37b311f1b67b9500784763f1e4ea5fa9335c3c9b"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"a50edfb607d8c611f607f418c1aa23d4bd1b80e9","unresolved":false,"context_lines":[{"line_number":54,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":55,"context_line":""},{"line_number":56,"context_line":"Today when traffic doesn\u0027t flow the way it is supposed to (as prescribed by"},{"line_number":57,"context_line":"security-group-rules), learning what happened can be achieved by painstakingly"},{"line_number":58,"context_line":"browsing distributed logs. To improve the situation, we\u0027d do the following:"},{"line_number":59,"context_line":""},{"line_number":60,"context_line":"* Capture security events when they occur."}],"source_content_type":"text/x-rst","patch_set":39,"id":"bab6814e_a615104a","line":57,"in_reply_to":"dab17558_e6fc7f40","updated":"2016-05-20 11:25:46.000000000","message":"Indeed again, my spec intends to capture security event (ACCEPT or DROP) of traffic flows to the VMs. That helps *operator* troubleshooting connectivity and security issues easier. In addition, we can extend the analyze and alarm tools for these events.","commit_id":"37b311f1b67b9500784763f1e4ea5fa9335c3c9b"},{"author":{"_account_id":5367,"name":"boden","email":"bodenvmw@gmail.com","username":"boden"},"change_message_id":"2fd8eed460a1616c635d225e779d10d58a666b7e","unresolved":false,"context_lines":[{"line_number":61,"context_line":""},{"line_number":62,"context_line":"The objective of this spec is to:"},{"line_number":63,"context_line":""},{"line_number":64,"context_line":"* **Define format and ways to collect events related to security-groups**."},{"line_number":65,"context_line":""},{"line_number":66,"context_line":"We propose a logging API to collect events related to security-groups,"},{"line_number":67,"context_line":"then *operator* can access directly to file or syslog on compute host to"}],"source_content_type":"text/x-rst","patch_set":39,"id":"dab17558_3c791cc9","line":64,"range":{"start_line":64,"start_character":3,"end_line":64,"end_character":18},"updated":"2016-05-10 18:28:30.000000000","message":"Does this mean the spec intends to explain the logging output format? If so I\u0027m not seeing this described herein.","commit_id":"37b311f1b67b9500784763f1e4ea5fa9335c3c9b"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"c448d8f81d6ff8c0e381ab46260dd02efacb38ee","unresolved":false,"context_lines":[{"line_number":61,"context_line":""},{"line_number":62,"context_line":"The objective of this spec is to:"},{"line_number":63,"context_line":""},{"line_number":64,"context_line":"* **Define format and ways to collect events related to security-groups**."},{"line_number":65,"context_line":""},{"line_number":66,"context_line":"We propose a logging API to collect events related to security-groups,"},{"line_number":67,"context_line":"then *operator* can access directly to file or syslog on compute host to"}],"source_content_type":"text/x-rst","patch_set":39,"id":"dab17558_53627dae","line":64,"range":{"start_line":64,"start_character":3,"end_line":64,"end_character":18},"in_reply_to":"dab17558_3c791cc9","updated":"2016-05-13 08:57:23.000000000","message":"My spec intends to define:\n1) a way to configure log for security groups.\n2) layout logging API model to can extend for other resources such as firewall.\n\nLogging output format depends on logger-backend(collector driver) implementation. It should be proposed on consume log spec as the next step.\nThis spec is the first step in blueprint security-group-logging.","commit_id":"37b311f1b67b9500784763f1e4ea5fa9335c3c9b"},{"author":{"_account_id":5367,"name":"boden","email":"bodenvmw@gmail.com","username":"boden"},"change_message_id":"2fd8eed460a1616c635d225e779d10d58a666b7e","unresolved":false,"context_lines":[{"line_number":64,"context_line":"* **Define format and ways to collect events related to security-groups**."},{"line_number":65,"context_line":""},{"line_number":66,"context_line":"We propose a logging API to collect events related to security-groups,"},{"line_number":67,"context_line":"then *operator* can access directly to file or syslog on compute host to"},{"line_number":68,"context_line":"consume these events."},{"line_number":69,"context_line":""},{"line_number":70,"context_line":"Expected API behavior"},{"line_number":71,"context_line":"---------------------"}],"source_content_type":"text/x-rst","patch_set":39,"id":"dab17558_3ffaae75","line":68,"range":{"start_line":67,"start_character":5,"end_line":68,"end_character":20},"updated":"2016-05-10 18:28:30.000000000","message":"Some neutron core plugins realize secgroup/rules using a remote SDN controller that may also support (sg) logging. How do we anticipate these plugins to provide log files on compute hosts?","commit_id":"37b311f1b67b9500784763f1e4ea5fa9335c3c9b"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"c448d8f81d6ff8c0e381ab46260dd02efacb38ee","unresolved":false,"context_lines":[{"line_number":64,"context_line":"* **Define format and ways to collect events related to security-groups**."},{"line_number":65,"context_line":""},{"line_number":66,"context_line":"We propose a logging API to collect events related to security-groups,"},{"line_number":67,"context_line":"then *operator* can access directly to file or syslog on compute host to"},{"line_number":68,"context_line":"consume these events."},{"line_number":69,"context_line":""},{"line_number":70,"context_line":"Expected API behavior"},{"line_number":71,"context_line":"---------------------"}],"source_content_type":"text/x-rst","patch_set":39,"id":"dab17558_7394e1e7","line":68,"range":{"start_line":67,"start_character":5,"end_line":68,"end_character":20},"in_reply_to":"dab17558_3ffaae75","updated":"2016-05-13 08:57:23.000000000","message":"Sorry. This sentence should be removed. Because it specifies to a detail implementation. That\u0027s not good for this spec. In addition, as I noted above, consume log includes:\n1) logging output format (security event format),\n2) a way to consume log (security event log) (e.g a REST API or deploy a central logging server, ...)\n\nIt should be proposed in other spec as the second step of blueprint security-group-logging.","commit_id":"37b311f1b67b9500784763f1e4ea5fa9335c3c9b"},{"author":{"_account_id":5367,"name":"boden","email":"bodenvmw@gmail.com","username":"boden"},"change_message_id":"2fd8eed460a1616c635d225e779d10d58a666b7e","unresolved":false,"context_lines":[{"line_number":70,"context_line":"Expected API behavior"},{"line_number":71,"context_line":"---------------------"},{"line_number":72,"context_line":""},{"line_number":73,"context_line":"The events related to security groups will be collected:"},{"line_number":74,"context_line":"    (1) ACCEPT security events for each direction (INGRESS/EGRESS) of security-group-rules."},{"line_number":75,"context_line":"    (2) DROP security events."},{"line_number":76,"context_line":""},{"line_number":77,"context_line":"These events can be specified by:"},{"line_number":78,"context_line":"    (1) direction (INGRESS/EGRESS) of security-group-rule or DROP or"},{"line_number":79,"context_line":"        ALL (including ACCEPT \u0026 DROP events of security groups)."},{"line_number":80,"context_line":"    (2) security group uuid."},{"line_number":81,"context_line":"    (3) neutron port uuid."},{"line_number":82,"context_line":""},{"line_number":83,"context_line":"This API can be used for cases as below:"},{"line_number":84,"context_line":"    (1) events of security groups applied to a specific neutron port."},{"line_number":85,"context_line":"    (2) events of a specific security group applied to a specific neutron port."},{"line_number":86,"context_line":"    (3) events of a specific security group applied to all ports."},{"line_number":87,"context_line":"    (4) events of all security groups in a tenant."},{"line_number":88,"context_line":""},{"line_number":89,"context_line":"Logged data will be collected to file such as /var/log/neutron/sg-\u003ctenant-uuid\u003e.log"},{"line_number":90,"context_line":"on compute node, that depends on logger back-end implementation."}],"source_content_type":"text/x-rst","patch_set":39,"id":"dab17558_7f91d6f0","line":87,"range":{"start_line":73,"start_character":0,"end_line":87,"end_character":50},"updated":"2016-05-10 18:28:30.000000000","message":"As noted above, some neutron core plugins realize secgroups/rules/logs on a remote SDN controller. What happens when these plugins can only support a subset of the above? Is there a way for them to expose which they support?\n\nFor example the SDN controller may only support logging at the secgroup level, not at the port level. In this case API can only be used for #3.","commit_id":"37b311f1b67b9500784763f1e4ea5fa9335c3c9b"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"a50edfb607d8c611f607f418c1aa23d4bd1b80e9","unresolved":false,"context_lines":[{"line_number":70,"context_line":"Expected API behavior"},{"line_number":71,"context_line":"---------------------"},{"line_number":72,"context_line":""},{"line_number":73,"context_line":"The events related to security groups will be collected:"},{"line_number":74,"context_line":"    (1) ACCEPT security events for each direction (INGRESS/EGRESS) of security-group-rules."},{"line_number":75,"context_line":"    (2) DROP security events."},{"line_number":76,"context_line":""},{"line_number":77,"context_line":"These events can be specified by:"},{"line_number":78,"context_line":"    (1) direction (INGRESS/EGRESS) of security-group-rule or DROP or"},{"line_number":79,"context_line":"        ALL (including ACCEPT \u0026 DROP events of security groups)."},{"line_number":80,"context_line":"    (2) security group uuid."},{"line_number":81,"context_line":"    (3) neutron port uuid."},{"line_number":82,"context_line":""},{"line_number":83,"context_line":"This API can be used for cases as below:"},{"line_number":84,"context_line":"    (1) events of security groups applied to a specific neutron port."},{"line_number":85,"context_line":"    (2) events of a specific security group applied to a specific neutron port."},{"line_number":86,"context_line":"    (3) events of a specific security group applied to all ports."},{"line_number":87,"context_line":"    (4) events of all security groups in a tenant."},{"line_number":88,"context_line":""},{"line_number":89,"context_line":"Logged data will be collected to file such as /var/log/neutron/sg-\u003ctenant-uuid\u003e.log"},{"line_number":90,"context_line":"on compute node, that depends on logger back-end implementation."}],"source_content_type":"text/x-rst","patch_set":39,"id":"bab6814e_411feeb6","line":87,"range":{"start_line":73,"start_character":0,"end_line":87,"end_character":50},"in_reply_to":"dab17558_0634f1f8","updated":"2016-05-20 11:25:46.000000000","message":"I\u0027ve have updated it as your suggestion. Thank you very much.","commit_id":"37b311f1b67b9500784763f1e4ea5fa9335c3c9b"},{"author":{"_account_id":5367,"name":"boden","email":"bodenvmw@gmail.com","username":"boden"},"change_message_id":"e750a8b8190d6ef13531750e80c837803e2808d2","unresolved":false,"context_lines":[{"line_number":70,"context_line":"Expected API behavior"},{"line_number":71,"context_line":"---------------------"},{"line_number":72,"context_line":""},{"line_number":73,"context_line":"The events related to security groups will be collected:"},{"line_number":74,"context_line":"    (1) ACCEPT security events for each direction (INGRESS/EGRESS) of security-group-rules."},{"line_number":75,"context_line":"    (2) DROP security events."},{"line_number":76,"context_line":""},{"line_number":77,"context_line":"These events can be specified by:"},{"line_number":78,"context_line":"    (1) direction (INGRESS/EGRESS) of security-group-rule or DROP or"},{"line_number":79,"context_line":"        ALL (including ACCEPT \u0026 DROP events of security groups)."},{"line_number":80,"context_line":"    (2) security group uuid."},{"line_number":81,"context_line":"    (3) neutron port uuid."},{"line_number":82,"context_line":""},{"line_number":83,"context_line":"This API can be used for cases as below:"},{"line_number":84,"context_line":"    (1) events of security groups applied to a specific neutron port."},{"line_number":85,"context_line":"    (2) events of a specific security group applied to a specific neutron port."},{"line_number":86,"context_line":"    (3) events of a specific security group applied to all ports."},{"line_number":87,"context_line":"    (4) events of all security groups in a tenant."},{"line_number":88,"context_line":""},{"line_number":89,"context_line":"Logged data will be collected to file such as /var/log/neutron/sg-\u003ctenant-uuid\u003e.log"},{"line_number":90,"context_line":"on compute node, that depends on logger back-end implementation."}],"source_content_type":"text/x-rst","patch_set":39,"id":"dab17558_4ade933e","line":87,"range":{"start_line":73,"start_character":0,"end_line":87,"end_character":50},"in_reply_to":"dab17558_0634f1f8","updated":"2016-05-17 15:57:15.000000000","message":"If we\u0027ve achieved this elsewhere (e.g. QoS as mentioned above) then it seems natural we\u0027d try to \"reuse\" what we have already. I definitely think this is need for the reasons I described above (I can give concrete examples need be).","commit_id":"37b311f1b67b9500784763f1e4ea5fa9335c3c9b"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"a50edfb607d8c611f607f418c1aa23d4bd1b80e9","unresolved":false,"context_lines":[{"line_number":70,"context_line":"Expected API behavior"},{"line_number":71,"context_line":"---------------------"},{"line_number":72,"context_line":""},{"line_number":73,"context_line":"The events related to security groups will be collected:"},{"line_number":74,"context_line":"    (1) ACCEPT security events for each direction (INGRESS/EGRESS) of security-group-rules."},{"line_number":75,"context_line":"    (2) DROP security events."},{"line_number":76,"context_line":""},{"line_number":77,"context_line":"These events can be specified by:"},{"line_number":78,"context_line":"    (1) direction (INGRESS/EGRESS) of security-group-rule or DROP or"},{"line_number":79,"context_line":"        ALL (including ACCEPT \u0026 DROP events of security groups)."},{"line_number":80,"context_line":"    (2) security group uuid."},{"line_number":81,"context_line":"    (3) neutron port uuid."},{"line_number":82,"context_line":""},{"line_number":83,"context_line":"This API can be used for cases as below:"},{"line_number":84,"context_line":"    (1) events of security groups applied to a specific neutron port."},{"line_number":85,"context_line":"    (2) events of a specific security group applied to a specific neutron port."},{"line_number":86,"context_line":"    (3) events of a specific security group applied to all ports."},{"line_number":87,"context_line":"    (4) events of all security groups in a tenant."},{"line_number":88,"context_line":""},{"line_number":89,"context_line":"Logged data will be collected to file such as /var/log/neutron/sg-\u003ctenant-uuid\u003e.log"},{"line_number":90,"context_line":"on compute node, that depends on logger back-end implementation."}],"source_content_type":"text/x-rst","patch_set":39,"id":"bab6814e_4c33a5f6","line":87,"range":{"start_line":73,"start_character":0,"end_line":87,"end_character":50},"in_reply_to":"dab17558_4ade933e","updated":"2016-05-20 11:25:46.000000000","message":"I\u0027ve updated my spec as Berezovsky Irena\u0027s suggestion. Could you see L330-L333 and L439-L441 in patch-set 40. How do you think about it.","commit_id":"37b311f1b67b9500784763f1e4ea5fa9335c3c9b"},{"author":{"_account_id":6598,"name":"Berezovsky Irena","email":"irenab.dev@gmail.com","username":"irenab"},"change_message_id":"3d8485d948c4e4dddcf5315f0bbd81af489378b5","unresolved":false,"context_lines":[{"line_number":70,"context_line":"Expected API behavior"},{"line_number":71,"context_line":"---------------------"},{"line_number":72,"context_line":""},{"line_number":73,"context_line":"The events related to security groups will be collected:"},{"line_number":74,"context_line":"    (1) ACCEPT security events for each direction (INGRESS/EGRESS) of security-group-rules."},{"line_number":75,"context_line":"    (2) DROP security events."},{"line_number":76,"context_line":""},{"line_number":77,"context_line":"These events can be specified by:"},{"line_number":78,"context_line":"    (1) direction (INGRESS/EGRESS) of security-group-rule or DROP or"},{"line_number":79,"context_line":"        ALL (including ACCEPT \u0026 DROP events of security groups)."},{"line_number":80,"context_line":"    (2) security group uuid."},{"line_number":81,"context_line":"    (3) neutron port uuid."},{"line_number":82,"context_line":""},{"line_number":83,"context_line":"This API can be used for cases as below:"},{"line_number":84,"context_line":"    (1) events of security groups applied to a specific neutron port."},{"line_number":85,"context_line":"    (2) events of a specific security group applied to a specific neutron port."},{"line_number":86,"context_line":"    (3) events of a specific security group applied to all ports."},{"line_number":87,"context_line":"    (4) events of all security groups in a tenant."},{"line_number":88,"context_line":""},{"line_number":89,"context_line":"Logged data will be collected to file such as /var/log/neutron/sg-\u003ctenant-uuid\u003e.log"},{"line_number":90,"context_line":"on compute node, that depends on logger back-end implementation."}],"source_content_type":"text/x-rst","patch_set":39,"id":"dab17558_0634f1f8","line":87,"range":{"start_line":73,"start_character":0,"end_line":87,"end_character":50},"in_reply_to":"dab17558_69722d7e","updated":"2016-05-15 15:11:10.000000000","message":"I think this can be achieved in the similar way as with QoS Service, when backend plugin returns the supported capabilities, in qoS case the list of supported rules. Here it can be the list of the options from the above list","commit_id":"37b311f1b67b9500784763f1e4ea5fa9335c3c9b"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"c448d8f81d6ff8c0e381ab46260dd02efacb38ee","unresolved":false,"context_lines":[{"line_number":70,"context_line":"Expected API behavior"},{"line_number":71,"context_line":"---------------------"},{"line_number":72,"context_line":""},{"line_number":73,"context_line":"The events related to security groups will be collected:"},{"line_number":74,"context_line":"    (1) ACCEPT security events for each direction (INGRESS/EGRESS) of security-group-rules."},{"line_number":75,"context_line":"    (2) DROP security events."},{"line_number":76,"context_line":""},{"line_number":77,"context_line":"These events can be specified by:"},{"line_number":78,"context_line":"    (1) direction (INGRESS/EGRESS) of security-group-rule or DROP or"},{"line_number":79,"context_line":"        ALL (including ACCEPT \u0026 DROP events of security groups)."},{"line_number":80,"context_line":"    (2) security group uuid."},{"line_number":81,"context_line":"    (3) neutron port uuid."},{"line_number":82,"context_line":""},{"line_number":83,"context_line":"This API can be used for cases as below:"},{"line_number":84,"context_line":"    (1) events of security groups applied to a specific neutron port."},{"line_number":85,"context_line":"    (2) events of a specific security group applied to a specific neutron port."},{"line_number":86,"context_line":"    (3) events of a specific security group applied to all ports."},{"line_number":87,"context_line":"    (4) events of all security groups in a tenant."},{"line_number":88,"context_line":""},{"line_number":89,"context_line":"Logged data will be collected to file such as /var/log/neutron/sg-\u003ctenant-uuid\u003e.log"},{"line_number":90,"context_line":"on compute node, that depends on logger back-end implementation."}],"source_content_type":"text/x-rst","patch_set":39,"id":"dab17558_69722d7e","line":87,"range":{"start_line":73,"start_character":0,"end_line":87,"end_character":50},"in_reply_to":"dab17558_7f91d6f0","updated":"2016-05-13 08:57:23.000000000","message":"If core plugins only support a subset in my spec, for example only support security group level on tenant, not for port security group level, then operator use logging API to get security group log on port, in this case, no log-data will be emitted.\n\n\u003e Is there a way for them to expose which they support?\n\nCurrently, we are focusing on ovs plugin and security group based on iptables implementation as a reference implementation for this spec. In case SDN controller, I\u0027m investigating about it. You can refer to my proposed architecture: https://docs.google.com/presentation/d/1c8WMCVNkvzz-FgGrrzzKL0mHLx30F1xrGPaNRga5uX0/edit?usp\u003dsharing\n\nDo you have any suggestion for me?","commit_id":"37b311f1b67b9500784763f1e4ea5fa9335c3c9b"},{"author":{"_account_id":6788,"name":"Rossella Sblendido","email":"rsblendido@suse.com","username":"rossella-o"},"change_message_id":"ec417318e9261b37d664c577a99bdde670c4677b","unresolved":false,"context_lines":[{"line_number":87,"context_line":"    (4) events of all security groups in a tenant."},{"line_number":88,"context_line":""},{"line_number":89,"context_line":"Logged data will be collected to file such as /var/log/neutron/sg-\u003ctenant-uuid\u003e.log"},{"line_number":90,"context_line":"on compute node, that depends on logger back-end implementation."},{"line_number":91,"context_line":""},{"line_number":92,"context_line":"Example for the API operation"},{"line_number":93,"context_line":"-----------------------------"}],"source_content_type":"text/x-rst","patch_set":39,"id":"dab17558_97603ea6","line":90,"range":{"start_line":90,"start_character":17,"end_line":90,"end_character":63},"updated":"2016-05-13 13:21:48.000000000","message":"can you explain a bit more please?","commit_id":"37b311f1b67b9500784763f1e4ea5fa9335c3c9b"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"a50edfb607d8c611f607f418c1aa23d4bd1b80e9","unresolved":false,"context_lines":[{"line_number":87,"context_line":"    (4) events of all security groups in a tenant."},{"line_number":88,"context_line":""},{"line_number":89,"context_line":"Logged data will be collected to file such as /var/log/neutron/sg-\u003ctenant-uuid\u003e.log"},{"line_number":90,"context_line":"on compute node, that depends on logger back-end implementation."},{"line_number":91,"context_line":""},{"line_number":92,"context_line":"Example for the API operation"},{"line_number":93,"context_line":"-----------------------------"}],"source_content_type":"text/x-rst","patch_set":39,"id":"bab6814e_61515236","line":90,"range":{"start_line":90,"start_character":17,"end_line":90,"end_character":63},"in_reply_to":"dab17558_97603ea6","updated":"2016-05-20 11:25:46.000000000","message":"Surely. I have updated it from Line 79 to Line 109 in patch set 40.","commit_id":"37b311f1b67b9500784763f1e4ea5fa9335c3c9b"},{"author":{"_account_id":5367,"name":"boden","email":"bodenvmw@gmail.com","username":"boden"},"change_message_id":"2fd8eed460a1616c635d225e779d10d58a666b7e","unresolved":false,"context_lines":[{"line_number":103,"context_line":"            POST /v2.0/logging/logging-resources"},{"line_number":104,"context_line":"            {"},{"line_number":105,"context_line":"                \"logging_resource\": {"},{"line_number":106,"context_line":"                    \"tenant_id\": \"8d4c70a21fed4aeba121a1a429ba0d04\","},{"line_number":107,"context_line":"                    \"name\": \"sg-log-tenant-demo\","},{"line_number":108,"context_line":"                    \"description\": \"Log packet traffic in/out tenant demo\","},{"line_number":109,"context_line":"                 }"}],"source_content_type":"text/x-rst","patch_set":39,"id":"dab17558_907f49aa","line":106,"range":{"start_line":106,"start_character":21,"end_line":106,"end_character":30},"updated":"2016-05-10 18:28:30.000000000","message":"tenant_id is used a lot in this doc. Shouldn\u0027t we be using \u0027project_id\u0027 now?","commit_id":"37b311f1b67b9500784763f1e4ea5fa9335c3c9b"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"c448d8f81d6ff8c0e381ab46260dd02efacb38ee","unresolved":false,"context_lines":[{"line_number":103,"context_line":"            POST /v2.0/logging/logging-resources"},{"line_number":104,"context_line":"            {"},{"line_number":105,"context_line":"                \"logging_resource\": {"},{"line_number":106,"context_line":"                    \"tenant_id\": \"8d4c70a21fed4aeba121a1a429ba0d04\","},{"line_number":107,"context_line":"                    \"name\": \"sg-log-tenant-demo\","},{"line_number":108,"context_line":"                    \"description\": \"Log packet traffic in/out tenant demo\","},{"line_number":109,"context_line":"                 }"}],"source_content_type":"text/x-rst","patch_set":39,"id":"dab17558_2e6cac9b","line":106,"range":{"start_line":106,"start_character":21,"end_line":106,"end_character":30},"in_reply_to":"dab17558_907f49aa","updated":"2016-05-13 08:57:23.000000000","message":"At the moment, neutron is in progress migrating from tenant_id to project_id. So I\u0027d like to keep it at this cycle. However, we can change it if necessary.","commit_id":"37b311f1b67b9500784763f1e4ea5fa9335c3c9b"},{"author":{"_account_id":6598,"name":"Berezovsky Irena","email":"irenab.dev@gmail.com","username":"irenab"},"change_message_id":"3d8485d948c4e4dddcf5315f0bbd81af489378b5","unresolved":false,"context_lines":[{"line_number":123,"context_line":"           for this tenant. For example, operator wants to monitor all allowed"},{"line_number":124,"context_line":"           traffic incoming VM1 of tenant-demo by::"},{"line_number":125,"context_line":""},{"line_number":126,"context_line":"            POST /v2.0/logging/security-group-logs"},{"line_number":127,"context_line":"            {"},{"line_number":128,"context_line":"                \"security_group_log\": {"},{"line_number":129,"context_line":"                    \"logging_resource_id\": \"46ebaec0-0570-43ac-82f6-60d2b03168c4\","}],"source_content_type":"text/x-rst","patch_set":39,"id":"dab17558_663b3dec","line":126,"updated":"2016-05-15 15:11:10.000000000","message":"I wonder if this API should be security group specific or it should take into account the similar needs for the firewall logging","commit_id":"37b311f1b67b9500784763f1e4ea5fa9335c3c9b"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"a50edfb607d8c611f607f418c1aa23d4bd1b80e9","unresolved":false,"context_lines":[{"line_number":123,"context_line":"           for this tenant. For example, operator wants to monitor all allowed"},{"line_number":124,"context_line":"           traffic incoming VM1 of tenant-demo by::"},{"line_number":125,"context_line":""},{"line_number":126,"context_line":"            POST /v2.0/logging/security-group-logs"},{"line_number":127,"context_line":"            {"},{"line_number":128,"context_line":"                \"security_group_log\": {"},{"line_number":129,"context_line":"                    \"logging_resource_id\": \"46ebaec0-0570-43ac-82f6-60d2b03168c4\","}],"source_content_type":"text/x-rst","patch_set":39,"id":"bab6814e_cc8035fa","line":126,"in_reply_to":"dab17558_663b3dec","updated":"2016-05-20 11:25:46.000000000","message":"\u003e It should take into account the similar needs for the firewall logging.\n\nThis model can be extended to firewall logging with same API endpoint: /v2.0/logging/firewall-logs. Currently, this spec only exposes for security group logging.","commit_id":"37b311f1b67b9500784763f1e4ea5fa9335c3c9b"},{"author":{"_account_id":6788,"name":"Rossella Sblendido","email":"rsblendido@suse.com","username":"rossella-o"},"change_message_id":"ec417318e9261b37d664c577a99bdde670c4677b","unresolved":false,"context_lines":[{"line_number":184,"context_line":"             with security-group-rule-id or protocol type of ICMP/SSH rule)?"},{"line_number":185,"context_line":"           * Where are ICMP/SSH packets which come to VM1 from?"},{"line_number":186,"context_line":""},{"line_number":187,"context_line":""},{"line_number":188,"context_line":"Data Model Impact"},{"line_number":189,"context_line":"-----------------"},{"line_number":190,"context_line":""}],"source_content_type":"text/x-rst","patch_set":39,"id":"dab17558_17f44ecd","line":187,"updated":"2016-05-13 13:21:48.000000000","message":"I think showing an example of the logs would also help","commit_id":"37b311f1b67b9500784763f1e4ea5fa9335c3c9b"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"a50edfb607d8c611f607f418c1aa23d4bd1b80e9","unresolved":false,"context_lines":[{"line_number":184,"context_line":"             with security-group-rule-id or protocol type of ICMP/SSH rule)?"},{"line_number":185,"context_line":"           * Where are ICMP/SSH packets which come to VM1 from?"},{"line_number":186,"context_line":""},{"line_number":187,"context_line":""},{"line_number":188,"context_line":"Data Model Impact"},{"line_number":189,"context_line":"-----------------"},{"line_number":190,"context_line":""}],"source_content_type":"text/x-rst","patch_set":39,"id":"bab6814e_6c8029c1","line":187,"in_reply_to":"dab17558_17f44ecd","updated":"2016-05-20 11:25:46.000000000","message":"I\u0027ve already added Example logging format section in patch-set 40.","commit_id":"37b311f1b67b9500784763f1e4ea5fa9335c3c9b"},{"author":{"_account_id":5367,"name":"boden","email":"bodenvmw@gmail.com","username":"boden"},"change_message_id":"2fd8eed460a1616c635d225e779d10d58a666b7e","unresolved":false,"context_lines":[{"line_number":185,"context_line":"           * Where are ICMP/SSH packets which come to VM1 from?"},{"line_number":186,"context_line":""},{"line_number":187,"context_line":""},{"line_number":188,"context_line":"Data Model Impact"},{"line_number":189,"context_line":"-----------------"},{"line_number":190,"context_line":""},{"line_number":191,"context_line":"The LoggingResource model has the following attributes:"}],"source_content_type":"text/x-rst","patch_set":39,"id":"dab17558_0b1e885e","line":188,"range":{"start_line":188,"start_character":0,"end_line":188,"end_character":17},"updated":"2016-05-10 18:28:30.000000000","message":"Do we really think all these new models are necessary? \nHere are a few of my questions with the current models proposed:\n(a) What purpose do the logging resources serve? Are we thinking in the future there might be other resource logs that would be associated with these logging resources (e.g. they are containers)?\n(b) What happens to sec group log resources if they bound resource is deleted? For example a security_group_log for a port, and that port gets deleted. Is the log resource still hanging around?\n\n\nWhile I can see benefit of this model approach if we are planning for something in the future (e.g. resource logging framework), have we kicked around other approaches that may be simpler?\n\nFor example something like:\n/v2.0/sg-logs -- New (admin only) resource for defining sg logging definitions (e.g. sg_event, enabled, etc.).\n\nThen the sg-log defintions could be applied at the resource level:\n/v2.0/security-groups/​{security_group_id}​/sg-logs -- get/set sg logging per sg\n/v2.0/ports/{port_id}/sg-logs -- get/set sg logging per port\n\nIf we really have a UC for per sg + on specific port, perhaps we could expose a subresource like:\n/v2.0/ports/{port_id}/security-groups/{sg_id}/sg_logs\n\nIf we wanted some \"default behavior\" we could even add an attribute to the network, sg (or other) resource to specify the default sg-logs to apply for newly created resources.\n\nI\u0027m not proposing that the idea I presented here is better/worse (I haven\u0027t thought too deeply yet), but rather I\u0027m hoping we\u0027ve considered other approaches and chosen the best on for our needs.","commit_id":"37b311f1b67b9500784763f1e4ea5fa9335c3c9b"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"c448d8f81d6ff8c0e381ab46260dd02efacb38ee","unresolved":false,"context_lines":[{"line_number":185,"context_line":"           * Where are ICMP/SSH packets which come to VM1 from?"},{"line_number":186,"context_line":""},{"line_number":187,"context_line":""},{"line_number":188,"context_line":"Data Model Impact"},{"line_number":189,"context_line":"-----------------"},{"line_number":190,"context_line":""},{"line_number":191,"context_line":"The LoggingResource model has the following attributes:"}],"source_content_type":"text/x-rst","patch_set":39,"id":"dab17558_a9d096ca","line":188,"range":{"start_line":188,"start_character":0,"end_line":188,"end_character":17},"in_reply_to":"dab17558_0b1e885e","updated":"2016-05-13 08:57:23.000000000","message":"\u003e What purpose do the logging resources serve? Are we thinking in the future there might be other resource logs that would be associated with these logging resources (e.g. they are containers)?\n\nYes, the logging resource is intended to be a generic container. We can associate other resources log to it, such as firewall log.\n\n\u003e What happens to sec group log resources if they bound resource is deleted? For example a security_group_log for a port, and that port gets deleted. Is the log resource still hanging around?\n\nLogging API plugin will subscribe port resource, security group resource [1]. When a port or a security group is deleted, Logging API plugin will get a notify event, Logging API consider to notify to Logging API agent, then Logging Agent will update back-end. So the log resource (security_group_log) does not continue logging.\n\n\u003e While I can see benefit of this model approach if we are planning for something in the future (e.g. resource logging framework),have we kicked around other approaches that may be simpler?\n\nThanks for your presented clearly. I think this approach is same my idea in previous patch-set [2]. Otherwise, adding the new attributes to security-group API would break the compatibility with the EC2 API [3]. Base on the previous discussion [2], I think we should keep all the association between logging and the resource logging stay within the /logging API endpoint. How do you think?\n\n[1] http://docs.openstack.org/developer/neutron/devref/callbacks.html\n[2] https://review.openstack.org/#/c/203509/28/specs/mitaka/logging-API-for-security-group-rules.rst\n[3] https://review.openstack.org/#/c/132134/","commit_id":"37b311f1b67b9500784763f1e4ea5fa9335c3c9b"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"a50edfb607d8c611f607f418c1aa23d4bd1b80e9","unresolved":false,"context_lines":[{"line_number":185,"context_line":"           * Where are ICMP/SSH packets which come to VM1 from?"},{"line_number":186,"context_line":""},{"line_number":187,"context_line":""},{"line_number":188,"context_line":"Data Model Impact"},{"line_number":189,"context_line":"-----------------"},{"line_number":190,"context_line":""},{"line_number":191,"context_line":"The LoggingResource model has the following attributes:"}],"source_content_type":"text/x-rst","patch_set":39,"id":"bab6814e_ec5d3948","line":188,"range":{"start_line":188,"start_character":0,"end_line":188,"end_character":17},"in_reply_to":"dab17558_9a84e35d","updated":"2016-05-20 11:25:46.000000000","message":"\u003e we can set cascade delete in the DB model, that way we don\u0027t need to rely on notifications.\n\nThanks for your suggestion.\n\n\u003e It made sense before because you specified in LogginResource the logging driver, so LoggingResource was a container for all the resource sharing the same driver but what\u0027s the point now? Btw are we going to configure the logging driver in the config file or how?\n\nI moved logging driver\u0027s configuration to configure file because exposing mechanism collector to user it not necessary as Armando \u0026 Akihiro\u0027s comment in patch-set 31.\n\n\u003e Armando Migliaccio\n\u003e why do you want to expose the underlying collection mechanisms if the way to expose events to the users is abstracted out? Did I miss some piece of the conversation?\n\u003e Akihiro Motoki\n\u003e In my understanding, this is an API for admin/operators.\nBasically I am a fun of exposing available information which can be specified in the API. On the other hand, based on a discussion on https://bugs.launchpad.net/neutron/+bug/1416179, exposing this kind of information is overspec.\n\n\u003e Can you explain that in the spec please:\n\nSurely, could you please see L79-L99 in patch-set 40.","commit_id":"37b311f1b67b9500784763f1e4ea5fa9335c3c9b"},{"author":{"_account_id":5367,"name":"boden","email":"bodenvmw@gmail.com","username":"boden"},"change_message_id":"e750a8b8190d6ef13531750e80c837803e2808d2","unresolved":false,"context_lines":[{"line_number":185,"context_line":"           * Where are ICMP/SSH packets which come to VM1 from?"},{"line_number":186,"context_line":""},{"line_number":187,"context_line":""},{"line_number":188,"context_line":"Data Model Impact"},{"line_number":189,"context_line":"-----------------"},{"line_number":190,"context_line":""},{"line_number":191,"context_line":"The LoggingResource model has the following attributes:"}],"source_content_type":"text/x-rst","patch_set":39,"id":"dab17558_bec2e431","line":188,"range":{"start_line":188,"start_character":0,"end_line":188,"end_character":17},"in_reply_to":"dab17558_9a84e35d","updated":"2016-05-17 15:57:15.000000000","message":"In regards to logging resource; if it\u0027s purpose is really for grouping/containment then it seems this could also be achieved with tagging or some other scheme. Just a thought as the logging resource has metadata of name+description, but a security group log has a description too; this leads me to deduce that the logging resource is just a way to group logs in a named container which could be achieved via tagging or similar scheme..\n\n\nAbout the security group API and EC2 compatibility -- we break that compatibility even if we add extension specific sub-resources to sec groups? I don\u0027t have experience in this area, but that seems odd since the sub resources are effectively \"hidden\" unless you choose to hit them. If this is the case I\u0027m not crazy about our EC2 compat impact on API development.","commit_id":"37b311f1b67b9500784763f1e4ea5fa9335c3c9b"},{"author":{"_account_id":6788,"name":"Rossella Sblendido","email":"rsblendido@suse.com","username":"rossella-o"},"change_message_id":"ec417318e9261b37d664c577a99bdde670c4677b","unresolved":false,"context_lines":[{"line_number":185,"context_line":"           * Where are ICMP/SSH packets which come to VM1 from?"},{"line_number":186,"context_line":""},{"line_number":187,"context_line":""},{"line_number":188,"context_line":"Data Model Impact"},{"line_number":189,"context_line":"-----------------"},{"line_number":190,"context_line":""},{"line_number":191,"context_line":"The LoggingResource model has the following attributes:"}],"source_content_type":"text/x-rst","patch_set":39,"id":"dab17558_9a84e35d","line":188,"range":{"start_line":188,"start_character":0,"end_line":188,"end_character":17},"in_reply_to":"dab17558_a9d096ca","updated":"2016-05-13 13:21:48.000000000","message":"\u003eWhat happens to sec group log resources if they bound \u003eresource is deleted? For example a security_group_log for a \u003eport, and that port gets deleted. Is the log resource still \u003ehanging around?\n\nwe can set cascade delete in the DB model, that way we don\u0027t need to rely on notifications.\n\n\u003eYes, the logging resource is intended to be a generic container. We can associate other resources log to it, such as firewall log.\n\nIt made sense before because you specified in LogginResource the logging driver, so LoggingResource was a container for all the resource sharing the same driver but what\u0027s the point now? Btw are we going to configure the logging driver in the config file or how? Can you explain that in the spec please.","commit_id":"37b311f1b67b9500784763f1e4ea5fa9335c3c9b"},{"author":{"_account_id":6788,"name":"Rossella Sblendido","email":"rsblendido@suse.com","username":"rossella-o"},"change_message_id":"ec417318e9261b37d664c577a99bdde670c4677b","unresolved":false,"context_lines":[{"line_number":188,"context_line":"Data Model Impact"},{"line_number":189,"context_line":"-----------------"},{"line_number":190,"context_line":""},{"line_number":191,"context_line":"The LoggingResource model has the following attributes:"},{"line_number":192,"context_line":""},{"line_number":193,"context_line":"+------------+-------+--------+----------+-----------+----------------------------+"},{"line_number":194,"context_line":"|Attribute   |Type   |Access  |Default   |Validation/|Description                 |"}],"source_content_type":"text/x-rst","patch_set":39,"id":"dab17558_5aa8bb77","line":191,"updated":"2016-05-13 13:21:48.000000000","message":"I second Akihiro\u0027s comment on PS31, there should be a way to retrieve which logging resource types are available...e.g. for the first implementation only security groups.","commit_id":"37b311f1b67b9500784763f1e4ea5fa9335c3c9b"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"a50edfb607d8c611f607f418c1aa23d4bd1b80e9","unresolved":false,"context_lines":[{"line_number":188,"context_line":"Data Model Impact"},{"line_number":189,"context_line":"-----------------"},{"line_number":190,"context_line":""},{"line_number":191,"context_line":"The LoggingResource model has the following attributes:"},{"line_number":192,"context_line":""},{"line_number":193,"context_line":"+------------+-------+--------+----------+-----------+----------------------------+"},{"line_number":194,"context_line":"|Attribute   |Type   |Access  |Default   |Validation/|Description                 |"}],"source_content_type":"text/x-rst","patch_set":39,"id":"bab6814e_a7cd0ab9","line":191,"in_reply_to":"dab17558_5aa8bb77","updated":"2016-05-20 11:25:46.000000000","message":"Ah, yes. I\u0027ve updated that on L330-L333 in patch-set 40.","commit_id":"37b311f1b67b9500784763f1e4ea5fa9335c3c9b"},{"author":{"_account_id":6598,"name":"Berezovsky Irena","email":"irenab.dev@gmail.com","username":"irenab"},"change_message_id":"3d8485d948c4e4dddcf5315f0bbd81af489378b5","unresolved":false,"context_lines":[{"line_number":206,"context_line":"|enabled     |bool   |RW      |False     |Boolean    |Enable/disable log          |"},{"line_number":207,"context_line":"+------------+-------+--------+----------+-----------+----------------------------+"},{"line_number":208,"context_line":""},{"line_number":209,"context_line":"The Logging object, which composes LogResource, has the following"},{"line_number":210,"context_line":"attributes:"},{"line_number":211,"context_line":""},{"line_number":212,"context_line":"+-------------------+------+------+---------+-----------+-------------------------+"}],"source_content_type":"text/x-rst","patch_set":39,"id":"dab17558_410c233b","line":209,"range":{"start_line":209,"start_character":4,"end_line":209,"end_character":18},"updated":"2016-05-15 15:11:10.000000000","message":"so this one is the generic (base) Logging resource that security group logging extends?","commit_id":"37b311f1b67b9500784763f1e4ea5fa9335c3c9b"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"a50edfb607d8c611f607f418c1aa23d4bd1b80e9","unresolved":false,"context_lines":[{"line_number":206,"context_line":"|enabled     |bool   |RW      |False     |Boolean    |Enable/disable log          |"},{"line_number":207,"context_line":"+------------+-------+--------+----------+-----------+----------------------------+"},{"line_number":208,"context_line":""},{"line_number":209,"context_line":"The Logging object, which composes LogResource, has the following"},{"line_number":210,"context_line":"attributes:"},{"line_number":211,"context_line":""},{"line_number":212,"context_line":"+-------------------+------+------+---------+-----------+-------------------------+"}],"source_content_type":"text/x-rst","patch_set":39,"id":"bab6814e_27ff5aab","line":209,"range":{"start_line":209,"start_character":4,"end_line":209,"end_character":18},"in_reply_to":"dab17558_410c233b","updated":"2016-05-20 11:25:46.000000000","message":"Yes, it is in my idea.","commit_id":"37b311f1b67b9500784763f1e4ea5fa9335c3c9b"},{"author":{"_account_id":6788,"name":"Rossella Sblendido","email":"rsblendido@suse.com","username":"rossella-o"},"change_message_id":"ec417318e9261b37d664c577a99bdde670c4677b","unresolved":false,"context_lines":[{"line_number":217,"context_line":"+-------------------+------+------+---------+-----------+-------------------------+"},{"line_number":218,"context_line":"|logging_resource_id|uuid  |RO    |N/A      |uuid       |LoggingResource reference|"},{"line_number":219,"context_line":"+-------------------+------+------+---------+-----------+-------------------------+"},{"line_number":220,"context_line":"|tenant_id          |uuid  |RO    |N/A      |uuid       |Tenant creates logging   |"},{"line_number":221,"context_line":"+-------------------+------+------+---------+-----------+-------------------------+"},{"line_number":222,"context_line":""},{"line_number":223,"context_line":"The SecurityGroupLogging model would look like:"}],"source_content_type":"text/x-rst","patch_set":39,"id":"dab17558_f7dc2a48","line":220,"updated":"2016-05-13 13:21:48.000000000","message":"we have tenant_id both here and in LoggingResource. What\u0027s the purpose of that? I assume the Logging object can be create only for the tenant specified in LoggingResource, right?","commit_id":"37b311f1b67b9500784763f1e4ea5fa9335c3c9b"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"a50edfb607d8c611f607f418c1aa23d4bd1b80e9","unresolved":false,"context_lines":[{"line_number":217,"context_line":"+-------------------+------+------+---------+-----------+-------------------------+"},{"line_number":218,"context_line":"|logging_resource_id|uuid  |RO    |N/A      |uuid       |LoggingResource reference|"},{"line_number":219,"context_line":"+-------------------+------+------+---------+-----------+-------------------------+"},{"line_number":220,"context_line":"|tenant_id          |uuid  |RO    |N/A      |uuid       |Tenant creates logging   |"},{"line_number":221,"context_line":"+-------------------+------+------+---------+-----------+-------------------------+"},{"line_number":222,"context_line":""},{"line_number":223,"context_line":"The SecurityGroupLogging model would look like:"}],"source_content_type":"text/x-rst","patch_set":39,"id":"bab6814e_27d75aee","line":220,"in_reply_to":"dab17558_f7dc2a48","updated":"2016-05-20 11:25:46.000000000","message":"\u003e we have tenant_id both here and in LoggingResource. What\u0027s the purpose of that?\n\nI think that is required, when I refer to other resources(e.g Security groups).\n\n\u003e I assume the Logging object can be create only for the tenant specified in LoggingResource, right?\n\nYou\u0027re right.","commit_id":"37b311f1b67b9500784763f1e4ea5fa9335c3c9b"},{"author":{"_account_id":6598,"name":"Berezovsky Irena","email":"irenab.dev@gmail.com","username":"irenab"},"change_message_id":"3d8485d948c4e4dddcf5315f0bbd81af489378b5","unresolved":false,"context_lines":[{"line_number":227,"context_line":"|Name              |       |       |Value  |Conversion |                            |"},{"line_number":228,"context_line":"+\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d+\u003d\u003d\u003d\u003d\u003d\u003d\u003d+\u003d\u003d\u003d\u003d\u003d\u003d\u003d+\u003d\u003d\u003d\u003d\u003d\u003d\u003d+\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d+\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d+"},{"line_number":229,"context_line":"|logging_id        |uuid   |RO     |N/A    |uuid       |Logging we extend           |"},{"line_number":230,"context_line":"+------------------+-------+-------+-------+-----------+----------------------------+"},{"line_number":231,"context_line":"|tenant_id         |uuid   |RO     |N/A    |uuid       |Tenant creates logging      |"},{"line_number":232,"context_line":"+------------------+-------+-------+-------+-----------+----------------------------+"},{"line_number":233,"context_line":"|description       |string |RW(No  |N/A    |none       |SecurityGroupLogging        |"},{"line_number":234,"context_line":"|                  |       |update)|       |           |description                 |"}],"source_content_type":"text/x-rst","patch_set":39,"id":"dab17558_a1134f5b","line":231,"range":{"start_line":230,"start_character":1,"end_line":231,"end_character":12},"updated":"2016-05-15 15:11:10.000000000","message":"I think this can be skipped, since tenant_id is part of the generic logging","commit_id":"37b311f1b67b9500784763f1e4ea5fa9335c3c9b"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"a50edfb607d8c611f607f418c1aa23d4bd1b80e9","unresolved":false,"context_lines":[{"line_number":227,"context_line":"|Name              |       |       |Value  |Conversion |                            |"},{"line_number":228,"context_line":"+\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d+\u003d\u003d\u003d\u003d\u003d\u003d\u003d+\u003d\u003d\u003d\u003d\u003d\u003d\u003d+\u003d\u003d\u003d\u003d\u003d\u003d\u003d+\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d+\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d+"},{"line_number":229,"context_line":"|logging_id        |uuid   |RO     |N/A    |uuid       |Logging we extend           |"},{"line_number":230,"context_line":"+------------------+-------+-------+-------+-----------+----------------------------+"},{"line_number":231,"context_line":"|tenant_id         |uuid   |RO     |N/A    |uuid       |Tenant creates logging      |"},{"line_number":232,"context_line":"+------------------+-------+-------+-------+-----------+----------------------------+"},{"line_number":233,"context_line":"|description       |string |RW(No  |N/A    |none       |SecurityGroupLogging        |"},{"line_number":234,"context_line":"|                  |       |update)|       |           |description                 |"}],"source_content_type":"text/x-rst","patch_set":39,"id":"bab6814e_dc0f4086","line":231,"range":{"start_line":230,"start_character":1,"end_line":231,"end_character":12},"in_reply_to":"dab17558_a1134f5b","updated":"2016-05-20 11:25:46.000000000","message":"Yeah, I\u0027ve skipped it in patch-set 40. Thanks.","commit_id":"37b311f1b67b9500784763f1e4ea5fa9335c3c9b"},{"author":{"_account_id":6598,"name":"Berezovsky Irena","email":"irenab.dev@gmail.com","username":"irenab"},"change_message_id":"3d8485d948c4e4dddcf5315f0bbd81af489378b5","unresolved":false,"context_lines":[{"line_number":278,"context_line":"                        \u0027convert_to\u0027: attr.convert_to_boolean},"},{"line_number":279,"context_line":"            \u0027resource_logs\u0027: {\u0027allow_post\u0027: False, \u0027allow_put\u0027: False,"},{"line_number":280,"context_line":"                              \u0027is_visible\u0027: True}"},{"line_number":281,"context_line":""},{"line_number":282,"context_line":"        }"},{"line_number":283,"context_line":"    }"},{"line_number":284,"context_line":"    SUB_RESOURCE_ATTRIBUTE_MAP \u003d {"}],"source_content_type":"text/x-rst","patch_set":39,"id":"dab17558_e11d5767","line":281,"updated":"2016-05-15 15:11:10.000000000","message":"I think it makes sense to have something similar to https://github.com/openstack/neutron/blob/master/neutron/extensions/qos.py#L64. At this endpoint plugin can respond with supported logging capabilities","commit_id":"37b311f1b67b9500784763f1e4ea5fa9335c3c9b"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"a50edfb607d8c611f607f418c1aa23d4bd1b80e9","unresolved":false,"context_lines":[{"line_number":278,"context_line":"                        \u0027convert_to\u0027: attr.convert_to_boolean},"},{"line_number":279,"context_line":"            \u0027resource_logs\u0027: {\u0027allow_post\u0027: False, \u0027allow_put\u0027: False,"},{"line_number":280,"context_line":"                              \u0027is_visible\u0027: True}"},{"line_number":281,"context_line":""},{"line_number":282,"context_line":"        }"},{"line_number":283,"context_line":"    }"},{"line_number":284,"context_line":"    SUB_RESOURCE_ATTRIBUTE_MAP \u003d {"}],"source_content_type":"text/x-rst","patch_set":39,"id":"bab6814e_a7ea2aaa","line":281,"in_reply_to":"dab17558_e11d5767","updated":"2016-05-20 11:25:46.000000000","message":"Thanks for your suggestion. I\u0027ve updated on L330-L333 in patch-set 40.","commit_id":"37b311f1b67b9500784763f1e4ea5fa9335c3c9b"},{"author":{"_account_id":6788,"name":"Rossella Sblendido","email":"rsblendido@suse.com","username":"rossella-o"},"change_message_id":"ec417318e9261b37d664c577a99bdde670c4677b","unresolved":false,"context_lines":[{"line_number":322,"context_line":"+-------------------+-----------------------------------------------------+-------+"},{"line_number":323,"context_line":"|logging-resource   |/logging/logging-resources/{logging-resource-id}     |PUT    |"},{"line_number":324,"context_line":"+-------------------+-----------------------------------------------------+-------+"},{"line_number":325,"context_line":"|security-group-log |/logging/security-group-logs                         |POST   |"},{"line_number":326,"context_line":"+-------------------+-----------------------------------------------------+-------+"},{"line_number":327,"context_line":"|security-group-log |/logging/security-group-logs                         |GET    |"},{"line_number":328,"context_line":"+-------------------+-----------------------------------------------------+-------+"}],"source_content_type":"text/x-rst","patch_set":39,"id":"dab17558_377cf21f","line":325,"updated":"2016-05-13 13:21:48.000000000","message":"if SecurityGroupLogging is a LoggingResource why do we have a different path? This would imply that every time we subclass LoggingResource we should add a path. Let\u0027s keep it generic and let\u0027s have only the /logging/logging-resources/ path. If we introduce a type field we can filter using that.","commit_id":"37b311f1b67b9500784763f1e4ea5fa9335c3c9b"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"a50edfb607d8c611f607f418c1aa23d4bd1b80e9","unresolved":false,"context_lines":[{"line_number":322,"context_line":"+-------------------+-----------------------------------------------------+-------+"},{"line_number":323,"context_line":"|logging-resource   |/logging/logging-resources/{logging-resource-id}     |PUT    |"},{"line_number":324,"context_line":"+-------------------+-----------------------------------------------------+-------+"},{"line_number":325,"context_line":"|security-group-log |/logging/security-group-logs                         |POST   |"},{"line_number":326,"context_line":"+-------------------+-----------------------------------------------------+-------+"},{"line_number":327,"context_line":"|security-group-log |/logging/security-group-logs                         |GET    |"},{"line_number":328,"context_line":"+-------------------+-----------------------------------------------------+-------+"}],"source_content_type":"text/x-rst","patch_set":39,"id":"bab6814e_59688287","line":325,"in_reply_to":"dab17558_377cf21f","updated":"2016-05-20 11:25:46.000000000","message":"\u003e if SecurityGroupLogging is a LoggingResource why do we have a different path?\n\nSecurityGroupLogging is not LoggingResource(container), It\u0027s child resource of LoggingResource, In Addition, I follows Akihiro\u0027s comment in patch-set 28:\n\n\u003e \"/v2.0/logging/{id}/targets\" may be redundant.\n\u003e I try to list possible options for more productive discussion.\n\u003e /logging/security-groups/{id}\n\u003e The idea is to have a type-specific path in the second level. In this approach, we can define a strict schema in API.\n\u003e If we want to add more types, the path would be /logging/\u003cnew-type\u003e/{id}.\n\u003e /logging/{id}\n\u003e this resource takes \u0027type\u0027 and \u0027filters\u0027 as I mentioned in \u003e the above comment.\n\u003e In this case, the schema of API body varies across target types and we cannot define a strict API schema. This is a demerit of this approach.\n\u003e If you want to add more types like \u0027firewall\u0027, you can define a new type. Some driver mechanism would be nice.","commit_id":"37b311f1b67b9500784763f1e4ea5fa9335c3c9b"},{"author":{"_account_id":6598,"name":"Berezovsky Irena","email":"irenab.dev@gmail.com","username":"irenab"},"change_message_id":"3d8485d948c4e4dddcf5315f0bbd81af489378b5","unresolved":false,"context_lines":[{"line_number":379,"context_line":"    neutron logging-security-group-list"},{"line_number":380,"context_line":"    neutron logging-security-group-show \u003csecurity-group-log-id\u003e"},{"line_number":381,"context_line":"    neutron logging-security-group-delete \u003csecurity-group-log-id\u003e"},{"line_number":382,"context_line":""},{"line_number":383,"context_line":""},{"line_number":384,"context_line":"Performance Impact"},{"line_number":385,"context_line":"------------------"}],"source_content_type":"text/x-rst","patch_set":39,"id":"dab17558_412383a7","line":382,"updated":"2016-05-15 15:11:10.000000000","message":"to check for supported logging capabilities, something like \u0027neutron logging-types\u0027","commit_id":"37b311f1b67b9500784763f1e4ea5fa9335c3c9b"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"a50edfb607d8c611f607f418c1aa23d4bd1b80e9","unresolved":false,"context_lines":[{"line_number":379,"context_line":"    neutron logging-security-group-list"},{"line_number":380,"context_line":"    neutron logging-security-group-show \u003csecurity-group-log-id\u003e"},{"line_number":381,"context_line":"    neutron logging-security-group-delete \u003csecurity-group-log-id\u003e"},{"line_number":382,"context_line":""},{"line_number":383,"context_line":""},{"line_number":384,"context_line":"Performance Impact"},{"line_number":385,"context_line":"------------------"}],"source_content_type":"text/x-rst","patch_set":39,"id":"bab6814e_47c37e38","line":382,"in_reply_to":"dab17558_412383a7","updated":"2016-05-20 11:25:46.000000000","message":"Done","commit_id":"37b311f1b67b9500784763f1e4ea5fa9335c3c9b"},{"author":{"_account_id":6788,"name":"Rossella Sblendido","email":"rsblendido@suse.com","username":"rossella-o"},"change_message_id":"ec417318e9261b37d664c577a99bdde670c4677b","unresolved":false,"context_lines":[{"line_number":441,"context_line":"* Implement"},{"line_number":442,"context_line":""},{"line_number":443,"context_line":"  * REST API + API tests"},{"line_number":444,"context_line":"  * Database model \u0026 database migrations"},{"line_number":445,"context_line":"  * Iptables based reference implementation"},{"line_number":446,"context_line":"  * Python-neutronclient support"},{"line_number":447,"context_line":""}],"source_content_type":"text/x-rst","patch_set":39,"id":"dab17558_b79aa2c3","line":444,"updated":"2016-05-13 13:21:48.000000000","message":"Another work item is to provide oslo versionedobject implementation for the new resources.","commit_id":"37b311f1b67b9500784763f1e4ea5fa9335c3c9b"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"a50edfb607d8c611f607f418c1aa23d4bd1b80e9","unresolved":false,"context_lines":[{"line_number":441,"context_line":"* Implement"},{"line_number":442,"context_line":""},{"line_number":443,"context_line":"  * REST API + API tests"},{"line_number":444,"context_line":"  * Database model \u0026 database migrations"},{"line_number":445,"context_line":"  * Iptables based reference implementation"},{"line_number":446,"context_line":"  * Python-neutronclient support"},{"line_number":447,"context_line":""}],"source_content_type":"text/x-rst","patch_set":39,"id":"bab6814e_07a696ad","line":444,"in_reply_to":"dab17558_b79aa2c3","updated":"2016-05-20 11:25:46.000000000","message":"Done","commit_id":"37b311f1b67b9500784763f1e4ea5fa9335c3c9b"},{"author":{"_account_id":156,"name":"Ryu Ishimoto","email":"ryu@midokura.com","username":"ryu-midokura"},"change_message_id":"326ea708cbce341945b1339beddd528be17f5499","unresolved":false,"context_lines":[{"line_number":65,"context_line":""},{"line_number":66,"context_line":"Operators can specify what kind of events they want to log:"},{"line_number":67,"context_line":""},{"line_number":68,"context_line":"    (1) ALLOW/DROP or ALL (collect all ACCEPT \u0026 DROP events of security groups)."},{"line_number":69,"context_line":"    (2) security group uuid."},{"line_number":70,"context_line":"    (3) neutron port uuid."},{"line_number":71,"context_line":""}],"source_content_type":"text/x-rst","patch_set":40,"id":"bab6814e_7f9594e2","line":68,"updated":"2016-05-25 14:50:26.000000000","message":"Since you use ACCEPT everywhere else, change ALLOW -\u003e ACCEPT.","commit_id":"f339a8a3c84c51d7a77faf011228c4fd1f4b2e9b"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"c17387ac58f77e2827400110d086fb4be17c8a1e","unresolved":false,"context_lines":[{"line_number":65,"context_line":""},{"line_number":66,"context_line":"Operators can specify what kind of events they want to log:"},{"line_number":67,"context_line":""},{"line_number":68,"context_line":"    (1) ALLOW/DROP or ALL (collect all ACCEPT \u0026 DROP events of security groups)."},{"line_number":69,"context_line":"    (2) security group uuid."},{"line_number":70,"context_line":"    (3) neutron port uuid."},{"line_number":71,"context_line":""}],"source_content_type":"text/x-rst","patch_set":40,"id":"bab6814e_b8cc0fbc","line":68,"in_reply_to":"bab6814e_7f9594e2","updated":"2016-05-26 10:40:20.000000000","message":"OK, I will update as your recommend. Thanks.","commit_id":"f339a8a3c84c51d7a77faf011228c4fd1f4b2e9b"},{"author":{"_account_id":6854,"name":"YAMAMOTO Takashi","email":"yamamoto@midokura.com","username":"yamamoto"},"change_message_id":"0be5709a80c51c6f82096364459fc93a1198a089","unresolved":false,"context_lines":[{"line_number":67,"context_line":""},{"line_number":68,"context_line":"    (1) ALLOW/DROP or ALL (collect all ACCEPT \u0026 DROP events of security groups)."},{"line_number":69,"context_line":"    (2) security group uuid."},{"line_number":70,"context_line":"    (3) neutron port uuid."},{"line_number":71,"context_line":""},{"line_number":72,"context_line":"This information can lead to some use cases as below:"},{"line_number":73,"context_line":""}],"source_content_type":"text/x-rst","patch_set":40,"id":"bab6814e_f6ce26b6","line":70,"updated":"2016-05-24 07:02:03.000000000","message":"what 2 and 3 mean is unclear to me.","commit_id":"f339a8a3c84c51d7a77faf011228c4fd1f4b2e9b"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"941a5b5d13b0f393873c6a52a964c75189fb2302","unresolved":false,"context_lines":[{"line_number":67,"context_line":""},{"line_number":68,"context_line":"    (1) ALLOW/DROP or ALL (collect all ACCEPT \u0026 DROP events of security groups)."},{"line_number":69,"context_line":"    (2) security group uuid."},{"line_number":70,"context_line":"    (3) neutron port uuid."},{"line_number":71,"context_line":""},{"line_number":72,"context_line":"This information can lead to some use cases as below:"},{"line_number":73,"context_line":""}],"source_content_type":"text/x-rst","patch_set":40,"id":"bab6814e_40028c3f","line":70,"in_reply_to":"bab6814e_f6ce26b6","updated":"2016-05-25 09:45:53.000000000","message":"Ok, Let me explain about it as below:\n1) Operator can collect security event(ACCEPT/DROP) for a specific security group by specify security group uuid.\n2) Operator can collect security event(ACCEPT/DROP) for a specific VM by specify neutron port uuid\n3) Operator can collect security event(ACCEPT/DROP) for a specific security group applied to a specific VM by specify security group uuid and neutron port uuid.\n4) If operator doesn\u0027t specify any security group (security group uuid) or any VM (neutron port uuid), logging API will collect security event(ACCEPT/DROP) for the tenant.","commit_id":"f339a8a3c84c51d7a77faf011228c4fd1f4b2e9b"},{"author":{"_account_id":19554,"name":"Nam","email":"namnh68@fsoft.com.vn","username":"namnh"},"change_message_id":"c2b985d8b95684b355fd13c847816d14295dc1eb","unresolved":false,"context_lines":[{"line_number":76,"context_line":"    (3) events of a specific security group applied to all ports."},{"line_number":77,"context_line":"    (4) events of all security groups in a tenant."},{"line_number":78,"context_line":""},{"line_number":79,"context_line":"Collecting log-data depends on logger-backend, which can be configurated"},{"line_number":80,"context_line":"looks like::"},{"line_number":81,"context_line":""},{"line_number":82,"context_line":"    LOGGER_CONFIG_OPTS\u003d ["}],"source_content_type":"text/x-rst","patch_set":40,"id":"bab6814e_71f7e08c","line":79,"range":{"start_line":79,"start_character":60,"end_line":79,"end_character":72},"updated":"2016-05-24 07:39:50.000000000","message":"Hi An. Thanks for your effort. It locks good to me. However I found a typo. It should be changed from \"configurated\" to \"configured\".","commit_id":"f339a8a3c84c51d7a77faf011228c4fd1f4b2e9b"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"941a5b5d13b0f393873c6a52a964c75189fb2302","unresolved":false,"context_lines":[{"line_number":76,"context_line":"    (3) events of a specific security group applied to all ports."},{"line_number":77,"context_line":"    (4) events of all security groups in a tenant."},{"line_number":78,"context_line":""},{"line_number":79,"context_line":"Collecting log-data depends on logger-backend, which can be configurated"},{"line_number":80,"context_line":"looks like::"},{"line_number":81,"context_line":""},{"line_number":82,"context_line":"    LOGGER_CONFIG_OPTS\u003d ["}],"source_content_type":"text/x-rst","patch_set":40,"id":"bab6814e_809f545e","line":79,"range":{"start_line":79,"start_character":60,"end_line":79,"end_character":72},"in_reply_to":"bab6814e_71f7e08c","updated":"2016-05-25 09:45:53.000000000","message":"I will update as your comment. Thanks.","commit_id":"f339a8a3c84c51d7a77faf011228c4fd1f4b2e9b"},{"author":{"_account_id":6854,"name":"YAMAMOTO Takashi","email":"yamamoto@midokura.com","username":"yamamoto"},"change_message_id":"0be5709a80c51c6f82096364459fc93a1198a089","unresolved":false,"context_lines":[{"line_number":79,"context_line":"Collecting log-data depends on logger-backend, which can be configurated"},{"line_number":80,"context_line":"looks like::"},{"line_number":81,"context_line":""},{"line_number":82,"context_line":"    LOGGER_CONFIG_OPTS\u003d ["},{"line_number":83,"context_line":"        cfg.StrOpt(\u0027driver\u0027,"},{"line_number":84,"context_line":"                   default\u003d\u0027neutron.services.logaas.drivers.noop.\u0027"},{"line_number":85,"context_line":"                   \u0027noop_driver.NoopCollectorDriver\u0027,"}],"source_content_type":"text/x-rst","patch_set":40,"id":"bab6814e_8bf7b78b","line":82,"range":{"start_line":82,"start_character":4,"end_line":82,"end_character":22},"updated":"2016-05-24 07:02:03.000000000","message":"who consumes these configuration?","commit_id":"f339a8a3c84c51d7a77faf011228c4fd1f4b2e9b"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"941a5b5d13b0f393873c6a52a964c75189fb2302","unresolved":false,"context_lines":[{"line_number":79,"context_line":"Collecting log-data depends on logger-backend, which can be configurated"},{"line_number":80,"context_line":"looks like::"},{"line_number":81,"context_line":""},{"line_number":82,"context_line":"    LOGGER_CONFIG_OPTS\u003d ["},{"line_number":83,"context_line":"        cfg.StrOpt(\u0027driver\u0027,"},{"line_number":84,"context_line":"                   default\u003d\u0027neutron.services.logaas.drivers.noop.\u0027"},{"line_number":85,"context_line":"                   \u0027noop_driver.NoopCollectorDriver\u0027,"}],"source_content_type":"text/x-rst","patch_set":40,"id":"bab6814e_a339c2a5","line":82,"range":{"start_line":82,"start_character":4,"end_line":82,"end_character":22},"in_reply_to":"bab6814e_8bf7b78b","updated":"2016-05-25 09:45:53.000000000","message":"These configuration is defined in the configuration file by cloud deployer. Operator can use this configuration file to know where the log-data will be stored.","commit_id":"f339a8a3c84c51d7a77faf011228c4fd1f4b2e9b"},{"author":{"_account_id":6854,"name":"YAMAMOTO Takashi","email":"yamamoto@midokura.com","username":"yamamoto"},"change_message_id":"0be5709a80c51c6f82096364459fc93a1198a089","unresolved":false,"context_lines":[{"line_number":81,"context_line":""},{"line_number":82,"context_line":"    LOGGER_CONFIG_OPTS\u003d ["},{"line_number":83,"context_line":"        cfg.StrOpt(\u0027driver\u0027,"},{"line_number":84,"context_line":"                   default\u003d\u0027neutron.services.logaas.drivers.noop.\u0027"},{"line_number":85,"context_line":"                   \u0027noop_driver.NoopCollectorDriver\u0027,"},{"line_number":86,"context_line":"                   help\u003d_(\"Logger driver.\")),"},{"line_number":87,"context_line":"        cfg.StrOpt(\u0027syslog_path\u0027,"}],"source_content_type":"text/x-rst","patch_set":40,"id":"bab6814e_eb15a39b","line":84,"range":{"start_line":84,"start_character":45,"end_line":84,"end_character":51},"updated":"2016-05-24 07:02:03.000000000","message":"what\u0027s logaas?","commit_id":"f339a8a3c84c51d7a77faf011228c4fd1f4b2e9b"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"941a5b5d13b0f393873c6a52a964c75189fb2302","unresolved":false,"context_lines":[{"line_number":81,"context_line":""},{"line_number":82,"context_line":"    LOGGER_CONFIG_OPTS\u003d ["},{"line_number":83,"context_line":"        cfg.StrOpt(\u0027driver\u0027,"},{"line_number":84,"context_line":"                   default\u003d\u0027neutron.services.logaas.drivers.noop.\u0027"},{"line_number":85,"context_line":"                   \u0027noop_driver.NoopCollectorDriver\u0027,"},{"line_number":86,"context_line":"                   help\u003d_(\"Logger driver.\")),"},{"line_number":87,"context_line":"        cfg.StrOpt(\u0027syslog_path\u0027,"}],"source_content_type":"text/x-rst","patch_set":40,"id":"bab6814e_e3110a06","line":84,"range":{"start_line":84,"start_character":45,"end_line":84,"end_character":51},"in_reply_to":"bab6814e_eb15a39b","updated":"2016-05-25 09:45:53.000000000","message":"It is my sample package name of logging API implementation.","commit_id":"f339a8a3c84c51d7a77faf011228c4fd1f4b2e9b"},{"author":{"_account_id":6854,"name":"YAMAMOTO Takashi","email":"yamamoto@midokura.com","username":"yamamoto"},"change_message_id":"0be5709a80c51c6f82096364459fc93a1198a089","unresolved":false,"context_lines":[{"line_number":84,"context_line":"                   default\u003d\u0027neutron.services.logaas.drivers.noop.\u0027"},{"line_number":85,"context_line":"                   \u0027noop_driver.NoopCollectorDriver\u0027,"},{"line_number":86,"context_line":"                   help\u003d_(\"Logger driver.\")),"},{"line_number":87,"context_line":"        cfg.StrOpt(\u0027syslog_path\u0027,"},{"line_number":88,"context_line":"                   default\u003d\u0027/var/log/syslog\u0027,"},{"line_number":89,"context_line":"                   help\u003d_(\"syslog path on system\")),"},{"line_number":90,"context_line":"        cfg.BoolOpt(\u0027console_output\u0027,"}],"source_content_type":"text/x-rst","patch_set":40,"id":"bab6814e_8b25f70b","line":87,"range":{"start_line":87,"start_character":20,"end_line":87,"end_character":31},"updated":"2016-05-24 07:02:03.000000000","message":"why do you need to know this?","commit_id":"f339a8a3c84c51d7a77faf011228c4fd1f4b2e9b"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"941a5b5d13b0f393873c6a52a964c75189fb2302","unresolved":false,"context_lines":[{"line_number":84,"context_line":"                   default\u003d\u0027neutron.services.logaas.drivers.noop.\u0027"},{"line_number":85,"context_line":"                   \u0027noop_driver.NoopCollectorDriver\u0027,"},{"line_number":86,"context_line":"                   help\u003d_(\"Logger driver.\")),"},{"line_number":87,"context_line":"        cfg.StrOpt(\u0027syslog_path\u0027,"},{"line_number":88,"context_line":"                   default\u003d\u0027/var/log/syslog\u0027,"},{"line_number":89,"context_line":"                   help\u003d_(\"syslog path on system\")),"},{"line_number":90,"context_line":"        cfg.BoolOpt(\u0027console_output\u0027,"}],"source_content_type":"text/x-rst","patch_set":40,"id":"bab6814e_a3a382b0","line":87,"range":{"start_line":87,"start_character":20,"end_line":87,"end_character":31},"in_reply_to":"bab6814e_8b25f70b","updated":"2016-05-25 09:45:53.000000000","message":"Because the logger-backend (collector) needs to know where security group log will be output for further processes. Take the security group based on iptables implementation as an example, my IptablesSgLogDriver [1] will generate log to /var/log/syslog on compute host. \nThe option \u0027syslog_path\u0027 specify the location of security group log. This is necessary in case SDN controller based implementation.\n\n[1] https://docs.google.com/presentation/d/1c8WMCVNkvzz-FgGrrzzKL0mHLx30F1xrGPaNRga5uX0/edit?usp\u003dsharing","commit_id":"f339a8a3c84c51d7a77faf011228c4fd1f4b2e9b"},{"author":{"_account_id":156,"name":"Ryu Ishimoto","email":"ryu@midokura.com","username":"ryu-midokura"},"change_message_id":"326ea708cbce341945b1339beddd528be17f5499","unresolved":false,"context_lines":[{"line_number":84,"context_line":"                   default\u003d\u0027neutron.services.logaas.drivers.noop.\u0027"},{"line_number":85,"context_line":"                   \u0027noop_driver.NoopCollectorDriver\u0027,"},{"line_number":86,"context_line":"                   help\u003d_(\"Logger driver.\")),"},{"line_number":87,"context_line":"        cfg.StrOpt(\u0027syslog_path\u0027,"},{"line_number":88,"context_line":"                   default\u003d\u0027/var/log/syslog\u0027,"},{"line_number":89,"context_line":"                   help\u003d_(\"syslog path on system\")),"},{"line_number":90,"context_line":"        cfg.BoolOpt(\u0027console_output\u0027,"}],"source_content_type":"text/x-rst","patch_set":40,"id":"bab6814e_f967ddb4","line":87,"range":{"start_line":87,"start_character":20,"end_line":87,"end_character":31},"in_reply_to":"bab6814e_a3a382b0","updated":"2016-05-25 14:50:26.000000000","message":"It would make it more clear if we know which ones are applicable to the log service plugin and which ones are for a specific driver.","commit_id":"f339a8a3c84c51d7a77faf011228c4fd1f4b2e9b"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"c17387ac58f77e2827400110d086fb4be17c8a1e","unresolved":false,"context_lines":[{"line_number":84,"context_line":"                   default\u003d\u0027neutron.services.logaas.drivers.noop.\u0027"},{"line_number":85,"context_line":"                   \u0027noop_driver.NoopCollectorDriver\u0027,"},{"line_number":86,"context_line":"                   help\u003d_(\"Logger driver.\")),"},{"line_number":87,"context_line":"        cfg.StrOpt(\u0027syslog_path\u0027,"},{"line_number":88,"context_line":"                   default\u003d\u0027/var/log/syslog\u0027,"},{"line_number":89,"context_line":"                   help\u003d_(\"syslog path on system\")),"},{"line_number":90,"context_line":"        cfg.BoolOpt(\u0027console_output\u0027,"}],"source_content_type":"text/x-rst","patch_set":40,"id":"bab6814e_7832a7a8","line":87,"range":{"start_line":87,"start_character":20,"end_line":87,"end_character":31},"in_reply_to":"bab6814e_f967ddb4","updated":"2016-05-26 10:40:20.000000000","message":"I understand your question is about making clear what configuration options is for specific driver and which ones are for logging service. My model has a logging-agent to manage extensions such security group log  and/or firewall log and a logger-backend (collector) extension. Here is my model architecture:  https://docs.google.com/presentation/d/1c8WMCVNkvzz-FgGrrzzKL0mHLx30F1xrGPaNRga5uX0/edit?usp\u003dsharing\n\n1) security group log extension will enable log for security group. Then log-data will be output to a specific file, e.g security group base iptables implementation will output log-data to /var/log/syslog.\n   \n   This cofiguration will specify a certain security group log driver:\n    SG_LOG_CONFIG_OPTS \u003d [\n    cfg.StrOpt(\u0027driver\u0027,\n               default\u003d\u0027neutron.services.logaas.drivers.noop.\u0027\n               \u0027noop_driver.NoopSecurityGroupLogDriver\u0027,\n               help\u003d_(\"Security group logging driver\")),\n    ]\n\n2) Logger-backend (collector) extension will collect log-data from security group log extension for further processing. Logger-backend needs to know log-data location via \u0027syslog_path\u0027 option. Here is logger-backend configuration:   \n   LOGGER_CONFIG_OPTS \u003d [\n        cfg.StrOpt(\u0027driver\u0027,\n             default\u003d\u0027neutron.services.logaas.drivers.noop.\u0027\n                   \u0027noop_driver.NoopCollectorDriver\u0027,\n                   help\u003d_(\"Logging driver.\")),\n        cfg.StrOpt(\u0027syslog_path\u0027,\n                   default\u003d\u0027/var/log/syslog\u0027,\n                   help\u003d_(\"syslog path on system\")),\n        cfg.BoolOpt(\u0027console_output\u0027,\n                    default\u003dTrue,\n                    help\u003d_(\u0027Show log-data to console.\u0027)),\n        cfg.StrOpt(\u0027central_server\u0027,\n                   default\u003d\u0027127.0.0.1\u0027,\n                   help\u003d_(\u0027Forward log-data to a central server.\u0027)),\n        cfg.StrOpt(\u0027location\u0027,\n                   default\u003d\u0027/var/log/neutron\u0027,\n                   help\u003d_(\u0027Location store log data at central server\u0027)),\n    ]\n\nSo I can answer your question as below:\n1) is configuration options for specific driver\n2) is configuration options for logging sevice\n\nI\u0027m not sure it satisfied your question. Could you please let me know your opinion. Thanks in advance.","commit_id":"f339a8a3c84c51d7a77faf011228c4fd1f4b2e9b"},{"author":{"_account_id":6854,"name":"YAMAMOTO Takashi","email":"yamamoto@midokura.com","username":"yamamoto"},"change_message_id":"0be5709a80c51c6f82096364459fc93a1198a089","unresolved":false,"context_lines":[{"line_number":89,"context_line":"                   help\u003d_(\"syslog path on system\")),"},{"line_number":90,"context_line":"        cfg.BoolOpt(\u0027console_output\u0027,"},{"line_number":91,"context_line":"                    default\u003dTrue,"},{"line_number":92,"context_line":"                    help\u003d_(\u0027Show log-data to console.\u0027)),"},{"line_number":93,"context_line":"        cfg.StrOpt(\u0027central_server\u0027,"},{"line_number":94,"context_line":"                   default\u003d\u0027127.0.0.1\u0027,"},{"line_number":95,"context_line":"                   help\u003d_(\u0027Forward log-data to a central server.\u0027)),"}],"source_content_type":"text/x-rst","patch_set":40,"id":"bab6814e_ab4a7baa","line":92,"range":{"start_line":92,"start_character":45,"end_line":92,"end_character":52},"updated":"2016-05-24 07:02:03.000000000","message":"console of what?","commit_id":"f339a8a3c84c51d7a77faf011228c4fd1f4b2e9b"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"941a5b5d13b0f393873c6a52a964c75189fb2302","unresolved":false,"context_lines":[{"line_number":89,"context_line":"                   help\u003d_(\"syslog path on system\")),"},{"line_number":90,"context_line":"        cfg.BoolOpt(\u0027console_output\u0027,"},{"line_number":91,"context_line":"                    default\u003dTrue,"},{"line_number":92,"context_line":"                    help\u003d_(\u0027Show log-data to console.\u0027)),"},{"line_number":93,"context_line":"        cfg.StrOpt(\u0027central_server\u0027,"},{"line_number":94,"context_line":"                   default\u003d\u0027127.0.0.1\u0027,"},{"line_number":95,"context_line":"                   help\u003d_(\u0027Forward log-data to a central server.\u0027)),"}],"source_content_type":"text/x-rst","patch_set":40,"id":"bab6814e_c387a610","line":92,"range":{"start_line":92,"start_character":45,"end_line":92,"end_character":52},"in_reply_to":"bab6814e_ab4a7baa","updated":"2016-05-25 09:45:53.000000000","message":"It is the console of Controller node if the neutron CLI to consume log-data is already supported. \"console_output\" will be a reserved option in the future.","commit_id":"f339a8a3c84c51d7a77faf011228c4fd1f4b2e9b"},{"author":{"_account_id":6854,"name":"YAMAMOTO Takashi","email":"yamamoto@midokura.com","username":"yamamoto"},"change_message_id":"0be5709a80c51c6f82096364459fc93a1198a089","unresolved":false,"context_lines":[{"line_number":90,"context_line":"        cfg.BoolOpt(\u0027console_output\u0027,"},{"line_number":91,"context_line":"                    default\u003dTrue,"},{"line_number":92,"context_line":"                    help\u003d_(\u0027Show log-data to console.\u0027)),"},{"line_number":93,"context_line":"        cfg.StrOpt(\u0027central_server\u0027,"},{"line_number":94,"context_line":"                   default\u003d\u0027127.0.0.1\u0027,"},{"line_number":95,"context_line":"                   help\u003d_(\u0027Forward log-data to a central server.\u0027)),"},{"line_number":96,"context_line":"        cfg.StrOpt(\u0027location\u0027,"}],"source_content_type":"text/x-rst","patch_set":40,"id":"bab6814e_6b50935f","line":93,"range":{"start_line":93,"start_character":20,"end_line":93,"end_character":34},"updated":"2016-05-24 07:02:03.000000000","message":"what\u0027s this?","commit_id":"f339a8a3c84c51d7a77faf011228c4fd1f4b2e9b"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"941a5b5d13b0f393873c6a52a964c75189fb2302","unresolved":false,"context_lines":[{"line_number":90,"context_line":"        cfg.BoolOpt(\u0027console_output\u0027,"},{"line_number":91,"context_line":"                    default\u003dTrue,"},{"line_number":92,"context_line":"                    help\u003d_(\u0027Show log-data to console.\u0027)),"},{"line_number":93,"context_line":"        cfg.StrOpt(\u0027central_server\u0027,"},{"line_number":94,"context_line":"                   default\u003d\u0027127.0.0.1\u0027,"},{"line_number":95,"context_line":"                   help\u003d_(\u0027Forward log-data to a central server.\u0027)),"},{"line_number":96,"context_line":"        cfg.StrOpt(\u0027location\u0027,"}],"source_content_type":"text/x-rst","patch_set":40,"id":"bab6814e_a306e282","line":93,"range":{"start_line":93,"start_character":20,"end_line":93,"end_character":34},"in_reply_to":"bab6814e_6b50935f","updated":"2016-05-25 09:45:53.000000000","message":"This option specify where the collected log-data will be stored. Option \u0027location\u0027 specify the location on central server will be used store log-data.","commit_id":"f339a8a3c84c51d7a77faf011228c4fd1f4b2e9b"},{"author":{"_account_id":6854,"name":"YAMAMOTO Takashi","email":"yamamoto@midokura.com","username":"yamamoto"},"change_message_id":"0be5709a80c51c6f82096364459fc93a1198a089","unresolved":false,"context_lines":[{"line_number":98,"context_line":"                   help\u003d_(\u0027Location will be stored log-data at local host\u0027))"},{"line_number":99,"context_line":"    ]"},{"line_number":100,"context_line":""},{"line_number":101,"context_line":"Currently, operators can only access driectly to file on compute host to"},{"line_number":102,"context_line":"consume log-data. File location has format: /var/log/neutron/sg-\u003ctenant-uuid\u003e.log"},{"line_number":103,"context_line":""},{"line_number":104,"context_line":"* Other ways to consume log-data such as:"}],"source_content_type":"text/x-rst","patch_set":40,"id":"bab6814e_4be66fe9","line":101,"range":{"start_line":101,"start_character":37,"end_line":101,"end_character":45},"updated":"2016-05-24 07:02:03.000000000","message":"directly","commit_id":"f339a8a3c84c51d7a77faf011228c4fd1f4b2e9b"},{"author":{"_account_id":6854,"name":"YAMAMOTO Takashi","email":"yamamoto@midokura.com","username":"yamamoto"},"change_message_id":"0be5709a80c51c6f82096364459fc93a1198a089","unresolved":false,"context_lines":[{"line_number":98,"context_line":"                   help\u003d_(\u0027Location will be stored log-data at local host\u0027))"},{"line_number":99,"context_line":"    ]"},{"line_number":100,"context_line":""},{"line_number":101,"context_line":"Currently, operators can only access driectly to file on compute host to"},{"line_number":102,"context_line":"consume log-data. File location has format: /var/log/neutron/sg-\u003ctenant-uuid\u003e.log"},{"line_number":103,"context_line":""},{"line_number":104,"context_line":"* Other ways to consume log-data such as:"}],"source_content_type":"text/x-rst","patch_set":40,"id":"bab6814e_cb809f8e","line":101,"range":{"start_line":101,"start_character":57,"end_line":101,"end_character":69},"updated":"2016-05-24 07:02:03.000000000","message":"the assumption here is that SG is purely implemented on compute nodes?\n\nit won\u0027t be the case with hpb and/or sdn controller based implementations.","commit_id":"f339a8a3c84c51d7a77faf011228c4fd1f4b2e9b"},{"author":{"_account_id":6854,"name":"YAMAMOTO Takashi","email":"yamamoto@midokura.com","username":"yamamoto"},"change_message_id":"0be5709a80c51c6f82096364459fc93a1198a089","unresolved":false,"context_lines":[{"line_number":98,"context_line":"                   help\u003d_(\u0027Location will be stored log-data at local host\u0027))"},{"line_number":99,"context_line":"    ]"},{"line_number":100,"context_line":""},{"line_number":101,"context_line":"Currently, operators can only access driectly to file on compute host to"},{"line_number":102,"context_line":"consume log-data. File location has format: /var/log/neutron/sg-\u003ctenant-uuid\u003e.log"},{"line_number":103,"context_line":""},{"line_number":104,"context_line":"* Other ways to consume log-data such as:"}],"source_content_type":"text/x-rst","patch_set":40,"id":"bab6814e_8bd057f9","line":101,"range":{"start_line":101,"start_character":0,"end_line":101,"end_character":9},"updated":"2016-05-24 07:02:03.000000000","message":"what do you mean by currently?  what this spec proposes?","commit_id":"f339a8a3c84c51d7a77faf011228c4fd1f4b2e9b"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"941a5b5d13b0f393873c6a52a964c75189fb2302","unresolved":false,"context_lines":[{"line_number":98,"context_line":"                   help\u003d_(\u0027Location will be stored log-data at local host\u0027))"},{"line_number":99,"context_line":"    ]"},{"line_number":100,"context_line":""},{"line_number":101,"context_line":"Currently, operators can only access driectly to file on compute host to"},{"line_number":102,"context_line":"consume log-data. File location has format: /var/log/neutron/sg-\u003ctenant-uuid\u003e.log"},{"line_number":103,"context_line":""},{"line_number":104,"context_line":"* Other ways to consume log-data such as:"}],"source_content_type":"text/x-rst","patch_set":40,"id":"bab6814e_f711bd05","line":101,"range":{"start_line":101,"start_character":37,"end_line":101,"end_character":45},"in_reply_to":"bab6814e_4be66fe9","updated":"2016-05-25 09:45:53.000000000","message":"I will update as your comment. Thanks.","commit_id":"f339a8a3c84c51d7a77faf011228c4fd1f4b2e9b"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"941a5b5d13b0f393873c6a52a964c75189fb2302","unresolved":false,"context_lines":[{"line_number":98,"context_line":"                   help\u003d_(\u0027Location will be stored log-data at local host\u0027))"},{"line_number":99,"context_line":"    ]"},{"line_number":100,"context_line":""},{"line_number":101,"context_line":"Currently, operators can only access driectly to file on compute host to"},{"line_number":102,"context_line":"consume log-data. File location has format: /var/log/neutron/sg-\u003ctenant-uuid\u003e.log"},{"line_number":103,"context_line":""},{"line_number":104,"context_line":"* Other ways to consume log-data such as:"}],"source_content_type":"text/x-rst","patch_set":40,"id":"bab6814e_e3a10a48","line":101,"range":{"start_line":101,"start_character":57,"end_line":101,"end_character":69},"in_reply_to":"bab6814e_cb809f8e","updated":"2016-05-25 09:45:53.000000000","message":"\u003e what do you mean by currently?  what this spec proposes?\n\u003e the assumption here is that SG is purely implemented on compute nodes? it won\u0027t be the case with hpb and/or sdn controller based implementations.\n\nIt is just a reference implementation for security group based on iptables implementation on compute node.\n\nIn case of hpb and/or SDN controller based implementation, vendors will implement their SDN\u0027s security group log driver, then logger-backend can collect \u0026 store log-data based configuration file.\n\nIn addition, this sentence should be updated as below: \"Operator can consume log-data by directly accessing to the file in location specified in configuration file\".","commit_id":"f339a8a3c84c51d7a77faf011228c4fd1f4b2e9b"},{"author":{"_account_id":20079,"name":"Ha Van Tu","email":"tuhv@vn.fujitsu.com","username":"tuhv"},"change_message_id":"a3f1c39ec481f2e458a81e5bbc4b81db1d9f522b","unresolved":false,"context_lines":[{"line_number":140,"context_line":""},{"line_number":141,"context_line":"    step3: Check supported logging capabilites::"},{"line_number":142,"context_line":""},{"line_number":143,"context_line":"            GET /v2.0/logging/logging-supported-types"},{"line_number":144,"context_line":""},{"line_number":145,"context_line":"            Response:"},{"line_number":146,"context_line":"            {"}],"source_content_type":"text/x-rst","patch_set":40,"id":"bab6814e_6bd7f3bf","line":143,"range":{"start_line":143,"start_character":30,"end_line":143,"end_character":53},"updated":"2016-05-24 07:01:51.000000000","message":"nit: It should be s/logging-supported-types/logging-types","commit_id":"f339a8a3c84c51d7a77faf011228c4fd1f4b2e9b"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"941a5b5d13b0f393873c6a52a964c75189fb2302","unresolved":false,"context_lines":[{"line_number":140,"context_line":""},{"line_number":141,"context_line":"    step3: Check supported logging capabilites::"},{"line_number":142,"context_line":""},{"line_number":143,"context_line":"            GET /v2.0/logging/logging-supported-types"},{"line_number":144,"context_line":""},{"line_number":145,"context_line":"            Response:"},{"line_number":146,"context_line":"            {"}],"source_content_type":"text/x-rst","patch_set":40,"id":"bab6814e_c08e7c26","line":143,"range":{"start_line":143,"start_character":30,"end_line":143,"end_character":53},"in_reply_to":"bab6814e_6bd7f3bf","updated":"2016-05-25 09:45:53.000000000","message":"I will update as your comment. Thanks.","commit_id":"f339a8a3c84c51d7a77faf011228c4fd1f4b2e9b"},{"author":{"_account_id":20079,"name":"Ha Van Tu","email":"tuhv@vn.fujitsu.com","username":"tuhv"},"change_message_id":"a3f1c39ec481f2e458a81e5bbc4b81db1d9f522b","unresolved":false,"context_lines":[{"line_number":168,"context_line":"                    \"logging_resource_id\": \"46ebaec0-0570-43ac-82f6-60d2b03168c4\","},{"line_number":169,"context_line":"                    \"description\": \"Collecting all traffic in/out VM1\","},{"line_number":170,"context_line":"                    \"sg_event\": \"ALL\","},{"line_number":171,"context_line":"                    \"port_id\": \"None\","},{"line_number":172,"context_line":"                    \"security_group_id\": \"None\""},{"line_number":173,"context_line":"                }"},{"line_number":174,"context_line":"            }"}],"source_content_type":"text/x-rst","patch_set":40,"id":"bab6814e_569292a0","line":171,"range":{"start_line":171,"start_character":31,"end_line":171,"end_character":37},"updated":"2016-05-24 07:01:51.000000000","message":"nit: It should be s/\"None\"/null","commit_id":"f339a8a3c84c51d7a77faf011228c4fd1f4b2e9b"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"941a5b5d13b0f393873c6a52a964c75189fb2302","unresolved":false,"context_lines":[{"line_number":168,"context_line":"                    \"logging_resource_id\": \"46ebaec0-0570-43ac-82f6-60d2b03168c4\","},{"line_number":169,"context_line":"                    \"description\": \"Collecting all traffic in/out VM1\","},{"line_number":170,"context_line":"                    \"sg_event\": \"ALL\","},{"line_number":171,"context_line":"                    \"port_id\": \"None\","},{"line_number":172,"context_line":"                    \"security_group_id\": \"None\""},{"line_number":173,"context_line":"                }"},{"line_number":174,"context_line":"            }"}],"source_content_type":"text/x-rst","patch_set":40,"id":"bab6814e_37686521","line":171,"range":{"start_line":171,"start_character":31,"end_line":171,"end_character":37},"in_reply_to":"bab6814e_569292a0","updated":"2016-05-25 09:45:53.000000000","message":"I will update as your comment. Thanks","commit_id":"f339a8a3c84c51d7a77faf011228c4fd1f4b2e9b"},{"author":{"_account_id":20079,"name":"Ha Van Tu","email":"tuhv@vn.fujitsu.com","username":"tuhv"},"change_message_id":"a3f1c39ec481f2e458a81e5bbc4b81db1d9f522b","unresolved":false,"context_lines":[{"line_number":169,"context_line":"                    \"description\": \"Collecting all traffic in/out VM1\","},{"line_number":170,"context_line":"                    \"sg_event\": \"ALL\","},{"line_number":171,"context_line":"                    \"port_id\": \"None\","},{"line_number":172,"context_line":"                    \"security_group_id\": \"None\""},{"line_number":173,"context_line":"                }"},{"line_number":174,"context_line":"            }"},{"line_number":175,"context_line":""}],"source_content_type":"text/x-rst","patch_set":40,"id":"bab6814e_16800a46","line":172,"range":{"start_line":172,"start_character":41,"end_line":172,"end_character":47},"updated":"2016-05-24 07:01:51.000000000","message":"nit: It should be s/\"None\"/null","commit_id":"f339a8a3c84c51d7a77faf011228c4fd1f4b2e9b"},{"author":{"_account_id":20079,"name":"Ha Van Tu","email":"tuhv@vn.fujitsu.com","username":"tuhv"},"change_message_id":"a3f1c39ec481f2e458a81e5bbc4b81db1d9f522b","unresolved":false,"context_lines":[{"line_number":196,"context_line":"                        \"description\": \"Collecting all traffic in/out VM1\","},{"line_number":197,"context_line":"                        \"logging_resource_id\": \"46ebaec0-0570-43ac-82f6-60d2b03168c4\","},{"line_number":198,"context_line":"                        \"sg_event\": \"ALL\","},{"line_number":199,"context_line":"                        \"port_id\": \"None\","},{"line_number":200,"context_line":"                        \"security_group_id\": None"},{"line_number":201,"context_line":"                    }]"},{"line_number":202,"context_line":"                }"}],"source_content_type":"text/x-rst","patch_set":40,"id":"bab6814e_968cfa80","line":199,"range":{"start_line":199,"start_character":35,"end_line":199,"end_character":41},"updated":"2016-05-24 07:01:51.000000000","message":"nit: It should be s/\"None\"/null","commit_id":"f339a8a3c84c51d7a77faf011228c4fd1f4b2e9b"},{"author":{"_account_id":20079,"name":"Ha Van Tu","email":"tuhv@vn.fujitsu.com","username":"tuhv"},"change_message_id":"a3f1c39ec481f2e458a81e5bbc4b81db1d9f522b","unresolved":false,"context_lines":[{"line_number":197,"context_line":"                        \"logging_resource_id\": \"46ebaec0-0570-43ac-82f6-60d2b03168c4\","},{"line_number":198,"context_line":"                        \"sg_event\": \"ALL\","},{"line_number":199,"context_line":"                        \"port_id\": \"None\","},{"line_number":200,"context_line":"                        \"security_group_id\": None"},{"line_number":201,"context_line":"                    }]"},{"line_number":202,"context_line":"                }"},{"line_number":203,"context_line":"            }"}],"source_content_type":"text/x-rst","patch_set":40,"id":"bab6814e_f6e74644","line":200,"range":{"start_line":200,"start_character":45,"end_line":200,"end_character":49},"updated":"2016-05-24 07:01:51.000000000","message":"nit: It should be s/None/null","commit_id":"f339a8a3c84c51d7a77faf011228c4fd1f4b2e9b"},{"author":{"_account_id":6854,"name":"YAMAMOTO Takashi","email":"yamamoto@midokura.com","username":"yamamoto"},"change_message_id":"0be5709a80c51c6f82096364459fc93a1198a089","unresolved":false,"context_lines":[{"line_number":206,"context_line":"           tenant demo\u0027s network, e.g, a VM has illegally communicated. At"},{"line_number":207,"context_line":"           this point, operator retrieves log-data by accessing to file:"},{"line_number":208,"context_line":"           /var/log/neutron/sg-8d4c70a21fed4aeba121a1a429ba0d04.log"},{"line_number":209,"context_line":"           on compute host to specify VM which has illegally communicated and subumit"},{"line_number":210,"context_line":"           all communication log of this VM for further troubleshooting process."},{"line_number":211,"context_line":""},{"line_number":212,"context_line":""}],"source_content_type":"text/x-rst","patch_set":40,"id":"bab6814e_4b114f5d","line":209,"range":{"start_line":209,"start_character":78,"end_line":209,"end_character":85},"updated":"2016-05-24 07:02:03.000000000","message":"submit","commit_id":"f339a8a3c84c51d7a77faf011228c4fd1f4b2e9b"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"941a5b5d13b0f393873c6a52a964c75189fb2302","unresolved":false,"context_lines":[{"line_number":206,"context_line":"           tenant demo\u0027s network, e.g, a VM has illegally communicated. At"},{"line_number":207,"context_line":"           this point, operator retrieves log-data by accessing to file:"},{"line_number":208,"context_line":"           /var/log/neutron/sg-8d4c70a21fed4aeba121a1a429ba0d04.log"},{"line_number":209,"context_line":"           on compute host to specify VM which has illegally communicated and subumit"},{"line_number":210,"context_line":"           all communication log of this VM for further troubleshooting process."},{"line_number":211,"context_line":""},{"line_number":212,"context_line":""}],"source_content_type":"text/x-rst","patch_set":40,"id":"bab6814e_80ad948a","line":209,"range":{"start_line":209,"start_character":78,"end_line":209,"end_character":85},"in_reply_to":"bab6814e_4b114f5d","updated":"2016-05-25 09:45:53.000000000","message":"I will update as your comment in next revision. Thanks.","commit_id":"f339a8a3c84c51d7a77faf011228c4fd1f4b2e9b"},{"author":{"_account_id":156,"name":"Ryu Ishimoto","email":"ryu@midokura.com","username":"ryu-midokura"},"change_message_id":"326ea708cbce341945b1339beddd528be17f5499","unresolved":false,"context_lines":[{"line_number":210,"context_line":"           all communication log of this VM for further troubleshooting process."},{"line_number":211,"context_line":""},{"line_number":212,"context_line":""},{"line_number":213,"context_line":"Example logging format"},{"line_number":214,"context_line":"----------------------"},{"line_number":215,"context_line":""},{"line_number":216,"context_line":"The example logging out format can be shown as below. The official one"}],"source_content_type":"text/x-rst","patch_set":40,"id":"bab6814e_b0128960","line":213,"updated":"2016-05-25 14:50:26.000000000","message":"Just curious, is the format intended to be universal among all the drivers (not that it could be enforced)?","commit_id":"f339a8a3c84c51d7a77faf011228c4fd1f4b2e9b"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"c17387ac58f77e2827400110d086fb4be17c8a1e","unresolved":false,"context_lines":[{"line_number":210,"context_line":"           all communication log of this VM for further troubleshooting process."},{"line_number":211,"context_line":""},{"line_number":212,"context_line":""},{"line_number":213,"context_line":"Example logging format"},{"line_number":214,"context_line":"----------------------"},{"line_number":215,"context_line":""},{"line_number":216,"context_line":"The example logging out format can be shown as below. The official one"}],"source_content_type":"text/x-rst","patch_set":40,"id":"bab6814e_98d4ab20","line":213,"in_reply_to":"bab6814e_b0128960","updated":"2016-05-26 10:40:20.000000000","message":"We recommend format like this. However vendor can customize it to be convenient. The logging output format common standard can be discussed in next spec.","commit_id":"f339a8a3c84c51d7a77faf011228c4fd1f4b2e9b"},{"author":{"_account_id":6854,"name":"YAMAMOTO Takashi","email":"yamamoto@midokura.com","username":"yamamoto"},"change_message_id":"0be5709a80c51c6f82096364459fc93a1198a089","unresolved":false,"context_lines":[{"line_number":214,"context_line":"----------------------"},{"line_number":215,"context_line":""},{"line_number":216,"context_line":"The example logging out format can be shown as below. The official one"},{"line_number":217,"context_line":"will be discussed in next spec:"},{"line_number":218,"context_line":""},{"line_number":219,"context_line":"* The logging output format includes timestamp observering (start:end),"},{"line_number":220,"context_line":"  resource log, secuirty_group_rule_uuid only for ACCEPT event,"}],"source_content_type":"text/x-rst","patch_set":40,"id":"bab6814e_d6020209","line":217,"range":{"start_line":217,"start_character":21,"end_line":217,"end_character":30},"updated":"2016-05-24 07:02:03.000000000","message":"next spec?","commit_id":"f339a8a3c84c51d7a77faf011228c4fd1f4b2e9b"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"941a5b5d13b0f393873c6a52a964c75189fb2302","unresolved":false,"context_lines":[{"line_number":214,"context_line":"----------------------"},{"line_number":215,"context_line":""},{"line_number":216,"context_line":"The example logging out format can be shown as below. The official one"},{"line_number":217,"context_line":"will be discussed in next spec:"},{"line_number":218,"context_line":""},{"line_number":219,"context_line":"* The logging output format includes timestamp observering (start:end),"},{"line_number":220,"context_line":"  resource log, secuirty_group_rule_uuid only for ACCEPT event,"}],"source_content_type":"text/x-rst","patch_set":40,"id":"bab6814e_000c0493","line":217,"range":{"start_line":217,"start_character":21,"end_line":217,"end_character":30},"in_reply_to":"bab6814e_d6020209","updated":"2016-05-25 09:45:53.000000000","message":"This spec proposes a way to enable logging for security group for operator only.\nMy next spec will do:\n1. expose the logging API for tenant\n2. logging output format and other ways to consume log","commit_id":"f339a8a3c84c51d7a77faf011228c4fd1f4b2e9b"},{"author":{"_account_id":156,"name":"Ryu Ishimoto","email":"ryu@midokura.com","username":"ryu-midokura"},"change_message_id":"326ea708cbce341945b1339beddd528be17f5499","unresolved":false,"context_lines":[{"line_number":216,"context_line":"The example logging out format can be shown as below. The official one"},{"line_number":217,"context_line":"will be discussed in next spec:"},{"line_number":218,"context_line":""},{"line_number":219,"context_line":"* The logging output format includes timestamp observering (start:end),"},{"line_number":220,"context_line":"  resource log, secuirty_group_rule_uuid only for ACCEPT event,"},{"line_number":221,"context_line":"  L3 \u0026 L4 information (address, protocol, port, etc), event infomation."},{"line_number":222,"context_line":""}],"source_content_type":"text/x-rst","patch_set":40,"id":"bab6814e_b64f22bd","line":219,"updated":"2016-05-25 14:50:26.000000000","message":"Could you explain what \u0027start\u0027 and \u0027end\u0027 are determined?  From the API point of view, the logging starts once enabled. Is there a way to specify a specific window of time to capture logs?","commit_id":"f339a8a3c84c51d7a77faf011228c4fd1f4b2e9b"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"c17387ac58f77e2827400110d086fb4be17c8a1e","unresolved":false,"context_lines":[{"line_number":216,"context_line":"The example logging out format can be shown as below. The official one"},{"line_number":217,"context_line":"will be discussed in next spec:"},{"line_number":218,"context_line":""},{"line_number":219,"context_line":"* The logging output format includes timestamp observering (start:end),"},{"line_number":220,"context_line":"  resource log, secuirty_group_rule_uuid only for ACCEPT event,"},{"line_number":221,"context_line":"  L3 \u0026 L4 information (address, protocol, port, etc), event infomation."},{"line_number":222,"context_line":""}],"source_content_type":"text/x-rst","patch_set":40,"id":"bab6814e_98c82b24","line":219,"in_reply_to":"bab6814e_b64f22bd","updated":"2016-05-26 10:40:20.000000000","message":"Definitely, \u0027start\u0027 time, \u0027end\u0027 time, are specific by consume log API. This api looks like: get-sg-log-event --logging-resource-id --timestamp \u003cstart:end\u003e. This API will perform filtering data and show it. As I mentioned on spec: logging output format and other ways to consume log-data can be discussed on next spec. Sorry for confusing you. Logging output data(raw data) after collecting by logging API will has format:\n\nAccept event:\n\nTIMESTAMP\u003dOct 21 13:10:51.857297 TENANT_ID\u003d8d4c70a21fed4aeba121a1a429ba0d04 RESOURCE\u003dsecurity_groups SGR\u003debf52237-336b-4c58-a5a4-5992ab54b90e VM_PORT\u003dtapf316e55d-51 SRC\u003d10.164.176.134 DST\u003d10.164.176.230 SPT\u003d55919 DPT\u003d12865 PROTO\u003dTCP LEN\u003d84 ALLOW\n\nwith \"LEN\" is length of packet.\n\nDrop event:\n\nTIMESTAMP\u003dOct 21 13:10:51.857297 TENANT_ID\u003d8d4c70a21fed4aeba121a1a429ba0d04 RESOURCE\u003dsecurity_groups\nVM_PORT\u003dtapf316e55d-51 SRC\u003d10.164.176.230 DST\u003d10.164.176.134 SPT\u003d128 DPT\u003d559 PROTO\u003dTCP LEN\u003d84 DROP\n\nI will update L223-L224 as above. How do you think?","commit_id":"f339a8a3c84c51d7a77faf011228c4fd1f4b2e9b"},{"author":{"_account_id":6854,"name":"YAMAMOTO Takashi","email":"yamamoto@midokura.com","username":"yamamoto"},"change_message_id":"0be5709a80c51c6f82096364459fc93a1198a089","unresolved":false,"context_lines":[{"line_number":224,"context_line":""},{"line_number":225,"context_line":"    START\u003dOct 21 13:10:51.857297 END\u003dOct 21 13:10:52.934767 RESOURCE\u003dsecurity_groups"},{"line_number":226,"context_line":"    SGR\u003debf52237-336b-4c58-a5a4-5992ab54b90e VM_PORT\u003dtapf316e55d-51"},{"line_number":227,"context_line":"    SRC\u003d10.164.176.134 DST\u003d10.164.176.230 SPT\u003d55919 DPT\u003d12865 PROTO\u003dTCP PKTS\u003d88 BYTES\u003d1832 ALLOW"},{"line_number":228,"context_line":""},{"line_number":229,"context_line":"* DROP event sample::"},{"line_number":230,"context_line":""}],"source_content_type":"text/x-rst","patch_set":40,"id":"bab6814e_563d72ba","line":227,"range":{"start_line":227,"start_character":72,"end_line":227,"end_character":79},"updated":"2016-05-24 07:02:03.000000000","message":"what\u0027s PKTS?","commit_id":"f339a8a3c84c51d7a77faf011228c4fd1f4b2e9b"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"941a5b5d13b0f393873c6a52a964c75189fb2302","unresolved":false,"context_lines":[{"line_number":224,"context_line":""},{"line_number":225,"context_line":"    START\u003dOct 21 13:10:51.857297 END\u003dOct 21 13:10:52.934767 RESOURCE\u003dsecurity_groups"},{"line_number":226,"context_line":"    SGR\u003debf52237-336b-4c58-a5a4-5992ab54b90e VM_PORT\u003dtapf316e55d-51"},{"line_number":227,"context_line":"    SRC\u003d10.164.176.134 DST\u003d10.164.176.230 SPT\u003d55919 DPT\u003d12865 PROTO\u003dTCP PKTS\u003d88 BYTES\u003d1832 ALLOW"},{"line_number":228,"context_line":""},{"line_number":229,"context_line":"* DROP event sample::"},{"line_number":230,"context_line":""}],"source_content_type":"text/x-rst","patch_set":40,"id":"bab6814e_204f88bf","line":227,"range":{"start_line":227,"start_character":72,"end_line":227,"end_character":79},"in_reply_to":"bab6814e_563d72ba","updated":"2016-05-25 09:45:53.000000000","message":"It is the number of packets transferred during the capture time.","commit_id":"f339a8a3c84c51d7a77faf011228c4fd1f4b2e9b"},{"author":{"_account_id":156,"name":"Ryu Ishimoto","email":"ryu@midokura.com","username":"ryu-midokura"},"change_message_id":"326ea708cbce341945b1339beddd528be17f5499","unresolved":false,"context_lines":[{"line_number":296,"context_line":""},{"line_number":297,"context_line":"    LOGGING_PREFIX \u003d \u0027/logging\u0027"},{"line_number":298,"context_line":"    SG_EVENT \u003d [\u0027ALLOW\u0027, \u0027DROP\u0027, \u0027ALL\u0027]"},{"line_number":299,"context_line":"    LOG_COMMON_FIELDS \u003d {"},{"line_number":300,"context_line":"        \u0027id\u0027: {\u0027allow_post\u0027: False, \u0027allow_put\u0027: False,"},{"line_number":301,"context_line":"               \u0027validate\u0027: {\u0027type:uuid\u0027: None},"},{"line_number":302,"context_line":"               \u0027is_visible\u0027: True, \u0027primary_key\u0027: True},"}],"source_content_type":"text/x-rst","patch_set":40,"id":"bab6814e_108f15cd","line":299,"updated":"2016-05-25 14:50:26.000000000","message":"Why was this separated?  Will there be other resources in the future that will have these fields?  Might be clearer in the context of this spec to just merge these with logging_resources.","commit_id":"f339a8a3c84c51d7a77faf011228c4fd1f4b2e9b"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"c17387ac58f77e2827400110d086fb4be17c8a1e","unresolved":false,"context_lines":[{"line_number":296,"context_line":""},{"line_number":297,"context_line":"    LOGGING_PREFIX \u003d \u0027/logging\u0027"},{"line_number":298,"context_line":"    SG_EVENT \u003d [\u0027ALLOW\u0027, \u0027DROP\u0027, \u0027ALL\u0027]"},{"line_number":299,"context_line":"    LOG_COMMON_FIELDS \u003d {"},{"line_number":300,"context_line":"        \u0027id\u0027: {\u0027allow_post\u0027: False, \u0027allow_put\u0027: False,"},{"line_number":301,"context_line":"               \u0027validate\u0027: {\u0027type:uuid\u0027: None},"},{"line_number":302,"context_line":"               \u0027is_visible\u0027: True, \u0027primary_key\u0027: True},"}],"source_content_type":"text/x-rst","patch_set":40,"id":"bab6814e_5b1b5d73","line":299,"in_reply_to":"bab6814e_108f15cd","updated":"2016-05-26 10:40:20.000000000","message":"Yes, I expect other resources, e.g firewall log can be extended.","commit_id":"f339a8a3c84c51d7a77faf011228c4fd1f4b2e9b"},{"author":{"_account_id":156,"name":"Ryu Ishimoto","email":"ryu@midokura.com","username":"ryu-midokura"},"change_message_id":"326ea708cbce341945b1339beddd528be17f5499","unresolved":false,"context_lines":[{"line_number":327,"context_line":"                              \u0027is_visible\u0027: True}"},{"line_number":328,"context_line":"        },"},{"line_number":329,"context_line":""},{"line_number":330,"context_line":"        \u0027logging_types\u0027:{"},{"line_number":331,"context_line":"            \u0027type\u0027: {\u0027allow_post\u0027: False, \u0027allow_put\u0027: False,"},{"line_number":332,"context_line":"                     \u0027is_visible\u0027: True}"},{"line_number":333,"context_line":"        }"}],"source_content_type":"text/x-rst","patch_set":40,"id":"bab6814e_7012e1b5","line":330,"updated":"2016-05-25 14:50:26.000000000","message":"What are these?","commit_id":"f339a8a3c84c51d7a77faf011228c4fd1f4b2e9b"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"c17387ac58f77e2827400110d086fb4be17c8a1e","unresolved":false,"context_lines":[{"line_number":327,"context_line":"                              \u0027is_visible\u0027: True}"},{"line_number":328,"context_line":"        },"},{"line_number":329,"context_line":""},{"line_number":330,"context_line":"        \u0027logging_types\u0027:{"},{"line_number":331,"context_line":"            \u0027type\u0027: {\u0027allow_post\u0027: False, \u0027allow_put\u0027: False,"},{"line_number":332,"context_line":"                     \u0027is_visible\u0027: True}"},{"line_number":333,"context_line":"        }"}],"source_content_type":"text/x-rst","patch_set":40,"id":"bab6814e_180efb3a","line":330,"in_reply_to":"bab6814e_7012e1b5","updated":"2016-05-26 10:40:20.000000000","message":"This is a mechanism to expose the logging resources supported by core plugin. It can be \"security_group_log\" or \"firewall_log\"...","commit_id":"f339a8a3c84c51d7a77faf011228c4fd1f4b2e9b"},{"author":{"_account_id":6854,"name":"YAMAMOTO Takashi","email":"yamamoto@midokura.com","username":"yamamoto"},"change_message_id":"3b66c9ea58f5cd59c1d4e74dba59cd201f7e6de1","unresolved":false,"context_lines":[{"line_number":80,"context_line":"        no need to specify security group uuid and neutron port uuid in"},{"line_number":81,"context_line":"        security_group_log resource."},{"line_number":82,"context_line":""},{"line_number":83,"context_line":"Firstly, security events will be logged to \u0027syslog_path\u0027. Then, these events"},{"line_number":84,"context_line":"will be collected/processed and filed to \u0027location\u0027. The configuration file"},{"line_number":85,"context_line":"would look like::"},{"line_number":86,"context_line":""},{"line_number":87,"context_line":"    LOGGER_CONFIG_OPTS\u003d ["}],"source_content_type":"text/x-rst","patch_set":41,"id":"9abb7d3a_aa7c3021","line":84,"range":{"start_line":83,"start_character":0,"end_line":84,"end_character":52},"updated":"2016-05-27 14:45:32.000000000","message":"this means to have some agent which reads the log and copies relevant records to another log file?\n\ni don\u0027t understand why you need another log file.","commit_id":"b4084ab3f167d21031759ec0b121377b6ab3e6d4"},{"author":{"_account_id":841,"name":"Akihiro Motoki","email":"amotoki@gmail.com","username":"amotoki"},"change_message_id":"b1515628b88b7d59c73872ab01e085a145cc01b5","unresolved":false,"context_lines":[{"line_number":80,"context_line":"        no need to specify security group uuid and neutron port uuid in"},{"line_number":81,"context_line":"        security_group_log resource."},{"line_number":82,"context_line":""},{"line_number":83,"context_line":"Firstly, security events will be logged to \u0027syslog_path\u0027. Then, these events"},{"line_number":84,"context_line":"will be collected/processed and filed to \u0027location\u0027. The configuration file"},{"line_number":85,"context_line":"would look like::"},{"line_number":86,"context_line":""},{"line_number":87,"context_line":"    LOGGER_CONFIG_OPTS\u003d ["}],"source_content_type":"text/x-rst","patch_set":41,"id":"7aa08908_5f7754d4","line":84,"range":{"start_line":83,"start_character":0,"end_line":84,"end_character":52},"in_reply_to":"9abb7d3a_357fcb67","updated":"2016-06-06 08:57:06.000000000","message":"This is not an API behavior. I think the expected \"API\" behavior is that such events will be logged depending on a configured logging driver.\nYou should not mix the API behavior and implementation behavior.","commit_id":"b4084ab3f167d21031759ec0b121377b6ab3e6d4"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"383a9d396be6e2125aa340e7b8417d0782382396","unresolved":false,"context_lines":[{"line_number":80,"context_line":"        no need to specify security group uuid and neutron port uuid in"},{"line_number":81,"context_line":"        security_group_log resource."},{"line_number":82,"context_line":""},{"line_number":83,"context_line":"Firstly, security events will be logged to \u0027syslog_path\u0027. Then, these events"},{"line_number":84,"context_line":"will be collected/processed and filed to \u0027location\u0027. The configuration file"},{"line_number":85,"context_line":"would look like::"},{"line_number":86,"context_line":""},{"line_number":87,"context_line":"    LOGGER_CONFIG_OPTS\u003d ["}],"source_content_type":"text/x-rst","patch_set":41,"id":"9abb7d3a_357fcb67","line":84,"range":{"start_line":83,"start_character":0,"end_line":84,"end_character":52},"in_reply_to":"9abb7d3a_aa7c3021","updated":"2016-06-03 10:31:56.000000000","message":"You are right. Logging-agents collect records in \u0027syslog_path\u0027, process and file them to xxxlogging associated files (e.g sg-\u003csg-log-id\u003e.log). These file then can be transferred to \u0027central logging server\u0027 or used for \u0027monasca\u0027 service to consume. In addition, these files can be rotated for long-time storing.","commit_id":"b4084ab3f167d21031759ec0b121377b6ab3e6d4"},{"author":{"_account_id":841,"name":"Akihiro Motoki","email":"amotoki@gmail.com","username":"amotoki"},"change_message_id":"b1515628b88b7d59c73872ab01e085a145cc01b5","unresolved":false,"context_lines":[{"line_number":82,"context_line":""},{"line_number":83,"context_line":"Firstly, security events will be logged to \u0027syslog_path\u0027. Then, these events"},{"line_number":84,"context_line":"will be collected/processed and filed to \u0027location\u0027. The configuration file"},{"line_number":85,"context_line":"would look like::"},{"line_number":86,"context_line":""},{"line_number":87,"context_line":"    LOGGER_CONFIG_OPTS\u003d ["},{"line_number":88,"context_line":"        cfg.StrOpt(\u0027driver\u0027,"}],"source_content_type":"text/x-rst","patch_set":41,"id":"7aa08908_3f7408ce","line":85,"updated":"2016-06-06 08:57:06.000000000","message":"This section is \"API behavior\". How is this configuration related to the API behavior? Could you consider the section?","commit_id":"b4084ab3f167d21031759ec0b121377b6ab3e6d4"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"804a5bdbca5aec7d971833821cd966950c7fd0bf","unresolved":false,"context_lines":[{"line_number":82,"context_line":""},{"line_number":83,"context_line":"Firstly, security events will be logged to \u0027syslog_path\u0027. Then, these events"},{"line_number":84,"context_line":"will be collected/processed and filed to \u0027location\u0027. The configuration file"},{"line_number":85,"context_line":"would look like::"},{"line_number":86,"context_line":""},{"line_number":87,"context_line":"    LOGGER_CONFIG_OPTS\u003d ["},{"line_number":88,"context_line":"        cfg.StrOpt(\u0027driver\u0027,"}],"source_content_type":"text/x-rst","patch_set":41,"id":"7aa08908_b815204a","line":85,"in_reply_to":"7aa08908_0fe8acb3","updated":"2016-06-08 02:43:09.000000000","message":"That\u0027s very kind of you. I will update as your suggestion. Thanks.","commit_id":"b4084ab3f167d21031759ec0b121377b6ab3e6d4"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"b350875e99f01df57b06e5a7373ea05d73384c04","unresolved":false,"context_lines":[{"line_number":82,"context_line":""},{"line_number":83,"context_line":"Firstly, security events will be logged to \u0027syslog_path\u0027. Then, these events"},{"line_number":84,"context_line":"will be collected/processed and filed to \u0027location\u0027. The configuration file"},{"line_number":85,"context_line":"would look like::"},{"line_number":86,"context_line":""},{"line_number":87,"context_line":"    LOGGER_CONFIG_OPTS\u003d ["},{"line_number":88,"context_line":"        cfg.StrOpt(\u0027driver\u0027,"}],"source_content_type":"text/x-rst","patch_set":41,"id":"7aa08908_c65b6653","line":85,"in_reply_to":"7aa08908_3f7408ce","updated":"2016-06-06 10:06:15.000000000","message":"Thanks for your comments. I will place it in \u0027Configuration\u0027 section. Could you please give me some advices?","commit_id":"b4084ab3f167d21031759ec0b121377b6ab3e6d4"},{"author":{"_account_id":841,"name":"Akihiro Motoki","email":"amotoki@gmail.com","username":"amotoki"},"change_message_id":"eed03c98bc64b3800b22812c00d92033311f0bfb","unresolved":false,"context_lines":[{"line_number":82,"context_line":""},{"line_number":83,"context_line":"Firstly, security events will be logged to \u0027syslog_path\u0027. Then, these events"},{"line_number":84,"context_line":"will be collected/processed and filed to \u0027location\u0027. The configuration file"},{"line_number":85,"context_line":"would look like::"},{"line_number":86,"context_line":""},{"line_number":87,"context_line":"    LOGGER_CONFIG_OPTS\u003d ["},{"line_number":88,"context_line":"        cfg.StrOpt(\u0027driver\u0027,"}],"source_content_type":"text/x-rst","patch_set":41,"id":"7aa08908_0fe8acb3","line":85,"in_reply_to":"7aa08908_c65b6653","updated":"2016-06-07 05:30:31.000000000","message":"\u0027Configuration\u0027 section is not sufficient. Before describing the configuration, you need to explain the logging mechanism or logging driver first.","commit_id":"b4084ab3f167d21031759ec0b121377b6ab3e6d4"},{"author":{"_account_id":6854,"name":"YAMAMOTO Takashi","email":"yamamoto@midokura.com","username":"yamamoto"},"change_message_id":"ee7274d1ba60effa8718f9ef3b997781aff4e9e1","unresolved":false,"context_lines":[{"line_number":84,"context_line":"will be collected/processed and filed to \u0027location\u0027. The configuration file"},{"line_number":85,"context_line":"would look like::"},{"line_number":86,"context_line":""},{"line_number":87,"context_line":"    LOGGER_CONFIG_OPTS\u003d ["},{"line_number":88,"context_line":"        cfg.StrOpt(\u0027driver\u0027,"},{"line_number":89,"context_line":"                   default\u003d\u0027neutron.services.logaas.drivers.noop.\u0027"},{"line_number":90,"context_line":"                   \u0027noop_driver.NoopCollectorDriver\u0027,"}],"source_content_type":"text/x-rst","patch_set":41,"id":"9abb7d3a_eb945645","line":87,"range":{"start_line":87,"start_character":4,"end_line":87,"end_character":22},"updated":"2016-06-03 05:23:21.000000000","message":"on irc, annp said this is consumed by \"logging-agent\"","commit_id":"b4084ab3f167d21031759ec0b121377b6ab3e6d4"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"383a9d396be6e2125aa340e7b8417d0782382396","unresolved":false,"context_lines":[{"line_number":84,"context_line":"will be collected/processed and filed to \u0027location\u0027. The configuration file"},{"line_number":85,"context_line":"would look like::"},{"line_number":86,"context_line":""},{"line_number":87,"context_line":"    LOGGER_CONFIG_OPTS\u003d ["},{"line_number":88,"context_line":"        cfg.StrOpt(\u0027driver\u0027,"},{"line_number":89,"context_line":"                   default\u003d\u0027neutron.services.logaas.drivers.noop.\u0027"},{"line_number":90,"context_line":"                   \u0027noop_driver.NoopCollectorDriver\u0027,"}],"source_content_type":"text/x-rst","patch_set":41,"id":"9abb7d3a_3a7058dc","line":87,"range":{"start_line":87,"start_character":4,"end_line":87,"end_character":22},"in_reply_to":"9abb7d3a_eb945645","updated":"2016-06-03 10:31:56.000000000","message":"Yes, it is.","commit_id":"b4084ab3f167d21031759ec0b121377b6ab3e6d4"},{"author":{"_account_id":6854,"name":"YAMAMOTO Takashi","email":"yamamoto@midokura.com","username":"yamamoto"},"change_message_id":"3b66c9ea58f5cd59c1d4e74dba59cd201f7e6de1","unresolved":false,"context_lines":[{"line_number":89,"context_line":"                   default\u003d\u0027neutron.services.logaas.drivers.noop.\u0027"},{"line_number":90,"context_line":"                   \u0027noop_driver.NoopCollectorDriver\u0027,"},{"line_number":91,"context_line":"                   help\u003d_(\"Logger driver.\")),"},{"line_number":92,"context_line":"        cfg.StrOpt(\u0027syslog_path\u0027,"},{"line_number":93,"context_line":"                   default\u003d\u0027/var/log/syslog\u0027,"},{"line_number":94,"context_line":"                   help\u003d_(\"Where security events are logged to.\")),"},{"line_number":95,"context_line":"        cfg.StrOpt(\u0027central_server\u0027,"}],"source_content_type":"text/x-rst","patch_set":41,"id":"9abb7d3a_caaa5470","line":92,"range":{"start_line":92,"start_character":20,"end_line":92,"end_character":31},"updated":"2016-05-27 14:45:32.000000000","message":"what to do for non-traditional implementations like journald?","commit_id":"b4084ab3f167d21031759ec0b121377b6ab3e6d4"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"383a9d396be6e2125aa340e7b8417d0782382396","unresolved":false,"context_lines":[{"line_number":89,"context_line":"                   default\u003d\u0027neutron.services.logaas.drivers.noop.\u0027"},{"line_number":90,"context_line":"                   \u0027noop_driver.NoopCollectorDriver\u0027,"},{"line_number":91,"context_line":"                   help\u003d_(\"Logger driver.\")),"},{"line_number":92,"context_line":"        cfg.StrOpt(\u0027syslog_path\u0027,"},{"line_number":93,"context_line":"                   default\u003d\u0027/var/log/syslog\u0027,"},{"line_number":94,"context_line":"                   help\u003d_(\"Where security events are logged to.\")),"},{"line_number":95,"context_line":"        cfg.StrOpt(\u0027central_server\u0027,"}],"source_content_type":"text/x-rst","patch_set":41,"id":"9abb7d3a_1abc746b","line":92,"range":{"start_line":92,"start_character":20,"end_line":92,"end_character":31},"in_reply_to":"9abb7d3a_caaa5470","updated":"2016-06-03 10:31:56.000000000","message":"In my understanding, journald can be configured to file, e.g /var/log/messages.","commit_id":"b4084ab3f167d21031759ec0b121377b6ab3e6d4"},{"author":{"_account_id":6854,"name":"YAMAMOTO Takashi","email":"yamamoto@midokura.com","username":"yamamoto"},"change_message_id":"3b66c9ea58f5cd59c1d4e74dba59cd201f7e6de1","unresolved":false,"context_lines":[{"line_number":107,"context_line":"                   help\u003d_(\"Security group logging driver\"))"},{"line_number":108,"context_line":"    ]"},{"line_number":109,"context_line":""},{"line_number":110,"context_line":"These options are defined by cloud deployer. Operators can retrieve log-data by"},{"line_number":111,"context_line":"directly accessing to the files in \u0027location\u0027."},{"line_number":112,"context_line":""},{"line_number":113,"context_line":"* Other ways to consume log-data more effectively such as:"},{"line_number":114,"context_line":""}],"source_content_type":"text/x-rst","patch_set":41,"id":"9abb7d3a_2aee808b","line":111,"range":{"start_line":110,"start_character":45,"end_line":111,"end_character":46},"updated":"2016-05-27 14:45:32.000000000","message":"if an operator needs to know this kind of details,\nwhy he don\u0027t use tools like tcpdump in the first place?","commit_id":"b4084ab3f167d21031759ec0b121377b6ab3e6d4"},{"author":{"_account_id":6854,"name":"YAMAMOTO Takashi","email":"yamamoto@midokura.com","username":"yamamoto"},"change_message_id":"3b66c9ea58f5cd59c1d4e74dba59cd201f7e6de1","unresolved":false,"context_lines":[{"line_number":115,"context_line":"    (1) Expose a REST API/CLI API"},{"line_number":116,"context_line":"    (2) Deploy a Central logging server (\u0027central_server\u0027) to analyze, visualize..."},{"line_number":117,"context_line":""},{"line_number":118,"context_line":"  These ways will be discussed in next spec."},{"line_number":119,"context_line":""},{"line_number":120,"context_line":"API operation sample"},{"line_number":121,"context_line":"--------------------"}],"source_content_type":"text/x-rst","patch_set":41,"id":"9abb7d3a_0a4f3c93","line":118,"range":{"start_line":118,"start_character":34,"end_line":118,"end_character":43},"updated":"2016-05-27 14:45:32.000000000","message":"when the next spec will be available?\n\nmy impression is without \"collector\" part this is not a complete functionality.","commit_id":"b4084ab3f167d21031759ec0b121377b6ab3e6d4"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"b350875e99f01df57b06e5a7373ea05d73384c04","unresolved":false,"context_lines":[{"line_number":115,"context_line":"    (1) Expose a REST API/CLI API"},{"line_number":116,"context_line":"    (2) Deploy a Central logging server (\u0027central_server\u0027) to analyze, visualize..."},{"line_number":117,"context_line":""},{"line_number":118,"context_line":"  These ways will be discussed in next spec."},{"line_number":119,"context_line":""},{"line_number":120,"context_line":"API operation sample"},{"line_number":121,"context_line":"--------------------"}],"source_content_type":"text/x-rst","patch_set":41,"id":"7aa08908_81b948ec","line":118,"range":{"start_line":118,"start_character":34,"end_line":118,"end_character":43},"in_reply_to":"7aa08908_9f81bc92","updated":"2016-06-06 10:06:15.000000000","message":"Yes, I do. We will implement the driver mechanism such as:\n- A file base mechanism transfer to forward log-data to central logging server.\n- A pub/sub subscription mechanism, e.g Kafka.","commit_id":"b4084ab3f167d21031759ec0b121377b6ab3e6d4"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"383a9d396be6e2125aa340e7b8417d0782382396","unresolved":false,"context_lines":[{"line_number":115,"context_line":"    (1) Expose a REST API/CLI API"},{"line_number":116,"context_line":"    (2) Deploy a Central logging server (\u0027central_server\u0027) to analyze, visualize..."},{"line_number":117,"context_line":""},{"line_number":118,"context_line":"  These ways will be discussed in next spec."},{"line_number":119,"context_line":""},{"line_number":120,"context_line":"API operation sample"},{"line_number":121,"context_line":"--------------------"}],"source_content_type":"text/x-rst","patch_set":41,"id":"9abb7d3a_dae5cca8","line":118,"range":{"start_line":118,"start_character":34,"end_line":118,"end_character":43},"in_reply_to":"9abb7d3a_0a4f3c93","updated":"2016-06-03 10:31:56.000000000","message":"Base on our IRC discussion. log-data can be transferred to \u0027central logging sever\u0027 or used for monasca service to consume it. So we don\u0027t need next spec.","commit_id":"b4084ab3f167d21031759ec0b121377b6ab3e6d4"},{"author":{"_account_id":841,"name":"Akihiro Motoki","email":"amotoki@gmail.com","username":"amotoki"},"change_message_id":"b1515628b88b7d59c73872ab01e085a145cc01b5","unresolved":false,"context_lines":[{"line_number":115,"context_line":"    (1) Expose a REST API/CLI API"},{"line_number":116,"context_line":"    (2) Deploy a Central logging server (\u0027central_server\u0027) to analyze, visualize..."},{"line_number":117,"context_line":""},{"line_number":118,"context_line":"  These ways will be discussed in next spec."},{"line_number":119,"context_line":""},{"line_number":120,"context_line":"API operation sample"},{"line_number":121,"context_line":"--------------------"}],"source_content_type":"text/x-rst","patch_set":41,"id":"7aa08908_9f81bc92","line":118,"range":{"start_line":118,"start_character":34,"end_line":118,"end_character":43},"in_reply_to":"9abb7d3a_dae5cca8","updated":"2016-06-06 08:57:06.000000000","message":"Do you mean some driver mechanism will be implemented?","commit_id":"b4084ab3f167d21031759ec0b121377b6ab3e6d4"},{"author":{"_account_id":841,"name":"Akihiro Motoki","email":"amotoki@gmail.com","username":"amotoki"},"change_message_id":"b1515628b88b7d59c73872ab01e085a145cc01b5","unresolved":false,"context_lines":[{"line_number":153,"context_line":""},{"line_number":154,"context_line":"            Response:"},{"line_number":155,"context_line":"            {"},{"line_number":156,"context_line":"              \"type\": [\"security_group_log\"]"},{"line_number":157,"context_line":"            }"},{"line_number":158,"context_line":""},{"line_number":159,"context_line":"    step4: Define events related to security groups need collecting for this"}],"source_content_type":"text/x-rst","patch_set":41,"id":"7aa08908_b822bdb7","line":156,"range":{"start_line":156,"start_character":40,"end_line":156,"end_character":42},"updated":"2016-06-06 08:57:06.000000000","message":"(perhaps) log -\u003e logging","commit_id":"b4084ab3f167d21031759ec0b121377b6ab3e6d4"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"b350875e99f01df57b06e5a7373ea05d73384c04","unresolved":false,"context_lines":[{"line_number":153,"context_line":""},{"line_number":154,"context_line":"            Response:"},{"line_number":155,"context_line":"            {"},{"line_number":156,"context_line":"              \"type\": [\"security_group_log\"]"},{"line_number":157,"context_line":"            }"},{"line_number":158,"context_line":""},{"line_number":159,"context_line":"    step4: Define events related to security groups need collecting for this"}],"source_content_type":"text/x-rst","patch_set":41,"id":"7aa08908_418da030","line":156,"range":{"start_line":156,"start_character":40,"end_line":156,"end_character":42},"in_reply_to":"7aa08908_b822bdb7","updated":"2016-06-06 10:06:15.000000000","message":"It makes sense. I will update it.","commit_id":"b4084ab3f167d21031759ec0b121377b6ab3e6d4"},{"author":{"_account_id":6854,"name":"YAMAMOTO Takashi","email":"yamamoto@midokura.com","username":"yamamoto"},"change_message_id":"277fb3335968857a8b311067bf6ab4b9ffbb4ff3","unresolved":false,"context_lines":[{"line_number":215,"context_line":"    step6: When operator suspects that there is a security issue related to tenant"},{"line_number":216,"context_line":"           demo\u0027s network, e.g, a VM has illegally communicated. At this point,"},{"line_number":217,"context_line":"           operator retrieves log-data by accessing to file:"},{"line_number":218,"context_line":"           /var/log/neutron/sg-8d4c70a21fed4aeba121a1a429ba0d04.log"},{"line_number":219,"context_line":"           on compute host to specify VM which has illegally communicated and submit"},{"line_number":220,"context_line":"           all communication log of this VM for further troubleshooting process."},{"line_number":221,"context_line":""}],"source_content_type":"text/x-rst","patch_set":41,"id":"9abb7d3a_cb6eb295","line":218,"range":{"start_line":218,"start_character":31,"end_line":218,"end_character":63},"updated":"2016-06-03 05:07:25.000000000","message":"on irc, annp said this should be the id of security-group-log,\nnot tenant-id.","commit_id":"b4084ab3f167d21031759ec0b121377b6ab3e6d4"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"383a9d396be6e2125aa340e7b8417d0782382396","unresolved":false,"context_lines":[{"line_number":215,"context_line":"    step6: When operator suspects that there is a security issue related to tenant"},{"line_number":216,"context_line":"           demo\u0027s network, e.g, a VM has illegally communicated. At this point,"},{"line_number":217,"context_line":"           operator retrieves log-data by accessing to file:"},{"line_number":218,"context_line":"           /var/log/neutron/sg-8d4c70a21fed4aeba121a1a429ba0d04.log"},{"line_number":219,"context_line":"           on compute host to specify VM which has illegally communicated and submit"},{"line_number":220,"context_line":"           all communication log of this VM for further troubleshooting process."},{"line_number":221,"context_line":""}],"source_content_type":"text/x-rst","patch_set":41,"id":"9abb7d3a_9a4b442b","line":218,"range":{"start_line":218,"start_character":31,"end_line":218,"end_character":63},"in_reply_to":"9abb7d3a_cb6eb295","updated":"2016-06-03 10:31:56.000000000","message":"sorry,it\u0027s my mistake. I will update it.","commit_id":"b4084ab3f167d21031759ec0b121377b6ab3e6d4"},{"author":{"_account_id":6854,"name":"YAMAMOTO Takashi","email":"yamamoto@midokura.com","username":"yamamoto"},"change_message_id":"ee7274d1ba60effa8718f9ef3b997781aff4e9e1","unresolved":false,"context_lines":[{"line_number":263,"context_line":"-----------------"},{"line_number":264,"context_line":""},{"line_number":265,"context_line":""},{"line_number":266,"context_line":"The LoggingResource model has the following attributes:"},{"line_number":267,"context_line":""},{"line_number":268,"context_line":"+------------+-------+--------+----------+-----------+----------------------------+"},{"line_number":269,"context_line":"|Attribute   |Type   |Access  |Default   |Validation/|Description                 |"}],"source_content_type":"text/x-rst","patch_set":41,"id":"9abb7d3a_6741ba39","line":266,"range":{"start_line":266,"start_character":4,"end_line":266,"end_character":19},"updated":"2016-06-03 05:23:21.000000000","message":"is this just a container of xxxLogging for operator\u0027s convenience?\n\nif so, can you consider tags (in sense of [1]) as an alternative?\n\n[1] http://docs.openstack.org/developer/neutron/devref/tag.html","commit_id":"b4084ab3f167d21031759ec0b121377b6ab3e6d4"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"383a9d396be6e2125aa340e7b8417d0782382396","unresolved":false,"context_lines":[{"line_number":263,"context_line":"-----------------"},{"line_number":264,"context_line":""},{"line_number":265,"context_line":""},{"line_number":266,"context_line":"The LoggingResource model has the following attributes:"},{"line_number":267,"context_line":""},{"line_number":268,"context_line":"+------------+-------+--------+----------+-----------+----------------------------+"},{"line_number":269,"context_line":"|Attribute   |Type   |Access  |Default   |Validation/|Description                 |"}],"source_content_type":"text/x-rst","patch_set":41,"id":"9abb7d3a_9f77b6d3","line":266,"range":{"start_line":266,"start_character":4,"end_line":266,"end_character":19},"in_reply_to":"9abb7d3a_6741ba39","updated":"2016-06-03 10:31:56.000000000","message":"I intend to design LoggingResource as a container to manage logging object. LoggingResource model defines policy for logging, e.g how log-data is stored?. Currently, logger-backend is configured on configuration file. In future, we can extend LoggingResource so that each tenant can choose logger-backend.","commit_id":"b4084ab3f167d21031759ec0b121377b6ab3e6d4"},{"author":{"_account_id":156,"name":"Ryu Ishimoto","email":"ryu@midokura.com","username":"ryu-midokura"},"change_message_id":"14104c6589b532877099b196e7f236a5ab44ce53","unresolved":false,"context_lines":[{"line_number":278,"context_line":"+------------+-------+--------+----------+-----------+----------------------------+"},{"line_number":279,"context_line":"|description |string |RW      |N/A       |none       |LoggingResource description |"},{"line_number":280,"context_line":"+------------+-------+--------+----------+-----------+----------------------------+"},{"line_number":281,"context_line":"|enabled     |bool   |RW      |False     |Boolean    |Enable/disable log          |"},{"line_number":282,"context_line":"+------------+-------+--------+----------+-----------+----------------------------+"},{"line_number":283,"context_line":""},{"line_number":284,"context_line":"The Logging object, which composes LoggingResource, has the following attributes:"}],"source_content_type":"text/x-rst","patch_set":41,"id":"9abb7d3a_93733780","line":281,"updated":"2016-05-30 07:05:19.000000000","message":"I am probably just be missing a use-case, but why is \u0027enabled\u0027 here instead of \u0027Logging\u0027 object?  This prevents you from toggling logging per resource (ex. SG or FW).","commit_id":"b4084ab3f167d21031759ec0b121377b6ab3e6d4"},{"author":{"_account_id":6598,"name":"Berezovsky Irena","email":"irenab.dev@gmail.com","username":"irenab"},"change_message_id":"5f092a32303a2ad0e665582ff02640fae2436d13","unresolved":false,"context_lines":[{"line_number":278,"context_line":"+------------+-------+--------+----------+-----------+----------------------------+"},{"line_number":279,"context_line":"|description |string |RW      |N/A       |none       |LoggingResource description |"},{"line_number":280,"context_line":"+------------+-------+--------+----------+-----------+----------------------------+"},{"line_number":281,"context_line":"|enabled     |bool   |RW      |False     |Boolean    |Enable/disable log          |"},{"line_number":282,"context_line":"+------------+-------+--------+----------+-----------+----------------------------+"},{"line_number":283,"context_line":""},{"line_number":284,"context_line":"The Logging object, which composes LoggingResource, has the following attributes:"}],"source_content_type":"text/x-rst","patch_set":41,"id":"9abb7d3a_adc42140","line":281,"in_reply_to":"9abb7d3a_0bf9da4d","updated":"2016-06-03 06:40:08.000000000","message":"Ni, it makes sense for me for LoggingResource but not for SecurityGroupLogging as I thought Ruy was suggesting.","commit_id":"b4084ab3f167d21031759ec0b121377b6ab3e6d4"},{"author":{"_account_id":6598,"name":"Berezovsky Irena","email":"irenab.dev@gmail.com","username":"irenab"},"change_message_id":"50689162decf06885c646ee6e60b9177dd91b911","unresolved":false,"context_lines":[{"line_number":278,"context_line":"+------------+-------+--------+----------+-----------+----------------------------+"},{"line_number":279,"context_line":"|description |string |RW      |N/A       |none       |LoggingResource description |"},{"line_number":280,"context_line":"+------------+-------+--------+----------+-----------+----------------------------+"},{"line_number":281,"context_line":"|enabled     |bool   |RW      |False     |Boolean    |Enable/disable log          |"},{"line_number":282,"context_line":"+------------+-------+--------+----------+-----------+----------------------------+"},{"line_number":283,"context_line":""},{"line_number":284,"context_line":"The Logging object, which composes LoggingResource, has the following attributes:"}],"source_content_type":"text/x-rst","patch_set":41,"id":"9abb7d3a_c532a3f1","line":281,"in_reply_to":"9abb7d3a_93733780","updated":"2016-06-01 08:16:12.000000000","message":"I think it makes sense just to delete the logging object if the to log is not required anymore","commit_id":"b4084ab3f167d21031759ec0b121377b6ab3e6d4"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"383a9d396be6e2125aa340e7b8417d0782382396","unresolved":false,"context_lines":[{"line_number":278,"context_line":"+------------+-------+--------+----------+-----------+----------------------------+"},{"line_number":279,"context_line":"|description |string |RW      |N/A       |none       |LoggingResource description |"},{"line_number":280,"context_line":"+------------+-------+--------+----------+-----------+----------------------------+"},{"line_number":281,"context_line":"|enabled     |bool   |RW      |False     |Boolean    |Enable/disable log          |"},{"line_number":282,"context_line":"+------------+-------+--------+----------+-----------+----------------------------+"},{"line_number":283,"context_line":""},{"line_number":284,"context_line":"The Logging object, which composes LoggingResource, has the following attributes:"}],"source_content_type":"text/x-rst","patch_set":41,"id":"9abb7d3a_e4f2bb99","line":281,"in_reply_to":"9abb7d3a_adc42140","updated":"2016-06-03 10:31:56.000000000","message":"Ms.Irena\u0027s idea is the same with my idea.Thanks.","commit_id":"b4084ab3f167d21031759ec0b121377b6ab3e6d4"},{"author":{"_account_id":156,"name":"Ryu Ishimoto","email":"ryu@midokura.com","username":"ryu-midokura"},"change_message_id":"e026cf083a3fa4df9ac1fc0cb269dcbcce3addd7","unresolved":false,"context_lines":[{"line_number":278,"context_line":"+------------+-------+--------+----------+-----------+----------------------------+"},{"line_number":279,"context_line":"|description |string |RW      |N/A       |none       |LoggingResource description |"},{"line_number":280,"context_line":"+------------+-------+--------+----------+-----------+----------------------------+"},{"line_number":281,"context_line":"|enabled     |bool   |RW      |False     |Boolean    |Enable/disable log          |"},{"line_number":282,"context_line":"+------------+-------+--------+----------+-----------+----------------------------+"},{"line_number":283,"context_line":""},{"line_number":284,"context_line":"The Logging object, which composes LoggingResource, has the following attributes:"}],"source_content_type":"text/x-rst","patch_set":41,"id":"9abb7d3a_f7f562cb","line":281,"in_reply_to":"9abb7d3a_c532a3f1","updated":"2016-06-02 23:40:09.000000000","message":"I see, that makes sense","commit_id":"b4084ab3f167d21031759ec0b121377b6ab3e6d4"},{"author":{"_account_id":6854,"name":"YAMAMOTO Takashi","email":"yamamoto@midokura.com","username":"yamamoto"},"change_message_id":"ee7274d1ba60effa8718f9ef3b997781aff4e9e1","unresolved":false,"context_lines":[{"line_number":278,"context_line":"+------------+-------+--------+----------+-----------+----------------------------+"},{"line_number":279,"context_line":"|description |string |RW      |N/A       |none       |LoggingResource description |"},{"line_number":280,"context_line":"+------------+-------+--------+----------+-----------+----------------------------+"},{"line_number":281,"context_line":"|enabled     |bool   |RW      |False     |Boolean    |Enable/disable log          |"},{"line_number":282,"context_line":"+------------+-------+--------+----------+-----------+----------------------------+"},{"line_number":283,"context_line":""},{"line_number":284,"context_line":"The Logging object, which composes LoggingResource, has the following attributes:"}],"source_content_type":"text/x-rst","patch_set":41,"id":"9abb7d3a_0bf9da4d","line":281,"in_reply_to":"9abb7d3a_c532a3f1","updated":"2016-06-03 05:23:21.000000000","message":"irena,\n\nare you suggesting this \"enabled\" field is nonsense?","commit_id":"b4084ab3f167d21031759ec0b121377b6ab3e6d4"},{"author":{"_account_id":841,"name":"Akihiro Motoki","email":"amotoki@gmail.com","username":"amotoki"},"change_message_id":"b1515628b88b7d59c73872ab01e085a145cc01b5","unresolved":false,"context_lines":[{"line_number":281,"context_line":"|enabled     |bool   |RW      |False     |Boolean    |Enable/disable log          |"},{"line_number":282,"context_line":"+------------+-------+--------+----------+-----------+----------------------------+"},{"line_number":283,"context_line":""},{"line_number":284,"context_line":"The Logging object, which composes LoggingResource, has the following attributes:"},{"line_number":285,"context_line":""},{"line_number":286,"context_line":"+-------------------+------+------+---------+-----------+-------------------------+"},{"line_number":287,"context_line":"|Attribute          |Type  |Access|Default  |Validation/|Description              |"}],"source_content_type":"text/x-rst","patch_set":41,"id":"7aa08908_5be9131a","line":284,"updated":"2016-06-06 08:57:06.000000000","message":"Why do we need both Logging and LoggingResource object?","commit_id":"b4084ab3f167d21031759ec0b121377b6ab3e6d4"},{"author":{"_account_id":156,"name":"Ryu Ishimoto","email":"ryu@midokura.com","username":"ryu-midokura"},"change_message_id":"3ec32837057c14752d4a0f049f25077201de2e79","unresolved":false,"context_lines":[{"line_number":281,"context_line":"|enabled     |bool   |RW      |False     |Boolean    |Enable/disable log          |"},{"line_number":282,"context_line":"+------------+-------+--------+----------+-----------+----------------------------+"},{"line_number":283,"context_line":""},{"line_number":284,"context_line":"The Logging object, which composes LoggingResource, has the following attributes:"},{"line_number":285,"context_line":""},{"line_number":286,"context_line":"+-------------------+------+------+---------+-----------+-------------------------+"},{"line_number":287,"context_line":"|Attribute          |Type  |Access|Default  |Validation/|Description              |"}],"source_content_type":"text/x-rst","patch_set":41,"id":"7aa08908_f5354aa8","line":284,"in_reply_to":"7aa08908_0c68d686","updated":"2016-06-16 10:17:53.000000000","message":"My comment was for the \u0027Logging\u0027 model below, not LoggingResources.  As I understand it, it represents common base fields among different Logging objects (SGLogging, VPNLogging, FWLogging, etc).  I was stating that perhaps this particular table is unnecessary (I\u0027m assuming this is how you want to model the DB tables).","commit_id":"b4084ab3f167d21031759ec0b121377b6ab3e6d4"},{"author":{"_account_id":841,"name":"Akihiro Motoki","email":"amotoki@gmail.com","username":"amotoki"},"change_message_id":"eed03c98bc64b3800b22812c00d92033311f0bfb","unresolved":false,"context_lines":[{"line_number":281,"context_line":"|enabled     |bool   |RW      |False     |Boolean    |Enable/disable log          |"},{"line_number":282,"context_line":"+------------+-------+--------+----------+-----------+----------------------------+"},{"line_number":283,"context_line":""},{"line_number":284,"context_line":"The Logging object, which composes LoggingResource, has the following attributes:"},{"line_number":285,"context_line":""},{"line_number":286,"context_line":"+-------------------+------+------+---------+-----------+-------------------------+"},{"line_number":287,"context_line":"|Attribute          |Type  |Access|Default  |Validation/|Description              |"}],"source_content_type":"text/x-rst","patch_set":41,"id":"7aa08908_afb998cd","line":284,"in_reply_to":"7aa08908_419ac015","updated":"2016-06-07 05:30:31.000000000","message":"I still cannot understand why Logging object is required. It add no value now.","commit_id":"b4084ab3f167d21031759ec0b121377b6ab3e6d4"},{"author":{"_account_id":156,"name":"Ryu Ishimoto","email":"ryu@midokura.com","username":"ryu-midokura"},"change_message_id":"465ea7d06d054e5fa6237ef3f5724b182c3f474b","unresolved":false,"context_lines":[{"line_number":281,"context_line":"|enabled     |bool   |RW      |False     |Boolean    |Enable/disable log          |"},{"line_number":282,"context_line":"+------------+-------+--------+----------+-----------+----------------------------+"},{"line_number":283,"context_line":""},{"line_number":284,"context_line":"The Logging object, which composes LoggingResource, has the following attributes:"},{"line_number":285,"context_line":""},{"line_number":286,"context_line":"+-------------------+------+------+---------+-----------+-------------------------+"},{"line_number":287,"context_line":"|Attribute          |Type  |Access|Default  |Validation/|Description              |"}],"source_content_type":"text/x-rst","patch_set":41,"id":"7aa08908_86caf018","line":284,"in_reply_to":"7aa08908_427b6628","updated":"2016-06-16 00:46:48.000000000","message":"I understand that this is just the way you\u0027d like to design the DB models.  I\u0027m thinking, however, that considering Logging table has only few fields, it doesn\u0027t seem to buy us much by separating it as a different table.  Doesn\u0027t seem like such a bad thing that when a new Logging object is defined (say VpnLogging) you just simply define a new table that directly references LoggingResource.  Adding this table increases complexity in the code with little value gained IMO.  But this is strictly my opinion.","commit_id":"b4084ab3f167d21031759ec0b121377b6ab3e6d4"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"b350875e99f01df57b06e5a7373ea05d73384c04","unresolved":false,"context_lines":[{"line_number":281,"context_line":"|enabled     |bool   |RW      |False     |Boolean    |Enable/disable log          |"},{"line_number":282,"context_line":"+------------+-------+--------+----------+-----------+----------------------------+"},{"line_number":283,"context_line":""},{"line_number":284,"context_line":"The Logging object, which composes LoggingResource, has the following attributes:"},{"line_number":285,"context_line":""},{"line_number":286,"context_line":"+-------------------+------+------+---------+-----------+-------------------------+"},{"line_number":287,"context_line":"|Attribute          |Type  |Access|Default  |Validation/|Description              |"}],"source_content_type":"text/x-rst","patch_set":41,"id":"7aa08908_419ac015","line":284,"in_reply_to":"7aa08908_5be9131a","updated":"2016-06-06 10:06:15.000000000","message":"LoggingResource intends a container for logging. Its describes how log-data is stored. Currently, logger-backend is chosen by cloud deployer. In future, we can extend it to support different logger-backends for different tenants.\n\nLoggingResource is composed with logging objects. Only security group logging is supported at the moment. In future, we can consider supporting firewall logging. So I think we need both.","commit_id":"b4084ab3f167d21031759ec0b121377b6ab3e6d4"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"570c9c3ef0510d01fbb1ff4af38d12a6b1ea69f9","unresolved":false,"context_lines":[{"line_number":281,"context_line":"|enabled     |bool   |RW      |False     |Boolean    |Enable/disable log          |"},{"line_number":282,"context_line":"+------------+-------+--------+----------+-----------+----------------------------+"},{"line_number":283,"context_line":""},{"line_number":284,"context_line":"The Logging object, which composes LoggingResource, has the following attributes:"},{"line_number":285,"context_line":""},{"line_number":286,"context_line":"+-------------------+------+------+---------+-----------+-------------------------+"},{"line_number":287,"context_line":"|Attribute          |Type  |Access|Default  |Validation/|Description              |"}],"source_content_type":"text/x-rst","patch_set":41,"id":"7aa08908_0c68d686","line":284,"in_reply_to":"7aa08908_86caf018","updated":"2016-06-16 09:25:33.000000000","message":"Do you mean when we have new logging object (like Vpn logging) we should inherit LoggingResource not Logging object? \n\nActually, LoggingResource is not base object of resource logging(VpnLogging). It is the container of one or more logging objects. Their relationship is the same as QoSPolicy and QosRule. \n\nLogging object is base class(including common fields of all resource logging type(security_group_log, firewall_log, ..)), that is then inherited into specific resource logging type implementation that, ideally, only define additional fields and some other minor things.\n\nPlease review that my understanding and my answer are satisfying you or not.","commit_id":"b4084ab3f167d21031759ec0b121377b6ab3e6d4"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"804a5bdbca5aec7d971833821cd966950c7fd0bf","unresolved":false,"context_lines":[{"line_number":281,"context_line":"|enabled     |bool   |RW      |False     |Boolean    |Enable/disable log          |"},{"line_number":282,"context_line":"+------------+-------+--------+----------+-----------+----------------------------+"},{"line_number":283,"context_line":""},{"line_number":284,"context_line":"The Logging object, which composes LoggingResource, has the following attributes:"},{"line_number":285,"context_line":""},{"line_number":286,"context_line":"+-------------------+------+------+---------+-----------+-------------------------+"},{"line_number":287,"context_line":"|Attribute          |Type  |Access|Default  |Validation/|Description              |"}],"source_content_type":"text/x-rst","patch_set":41,"id":"7aa08908_427b6628","line":284,"in_reply_to":"7aa08908_afb998cd","updated":"2016-06-08 02:43:09.000000000","message":"I think we are misunderstanding about Logging object. Logging object only a way to describe \u0027common\u0027 part (abstract model) for each resource logging such as security group logging or firewall logging. When we develop a resource logging object, we can easily extend from logging object.This implementation looks like:\n\n @six.add_metaclass(abc.ABCMeta)\nclass LoggingObject(base.NeutronDbObject):\n\n    fields \u003d {\n        \u0027id\u0027: obj_fields.UUIDField(),\n        \u0027tenant_id\u0027: obj_fields.UUIDField(),\n        \u0027logging_resource_id\u0027: obj_fields.UUIDField(nullable\u003dFalse),\n    }\n\n    fields_no_update \u003d [\u0027id\u0027, \u0027tenant_id\u0027, \u0027logging_resource_id\u0027]\n    resource_type \u003d None\n\n    def to_dict(self):\n        dict_ \u003d super(LoggingObject, self).to_dict()\n        dict_[\u0027type\u0027] \u003d self.resource_type\n        return dict_\n\n\n@obj_base.VersionedObjectRegistry.register\nclass SecurityGroupLogging(LoggingObject):\n    db_model \u003d log_db_model.SecurityGroupRuleLogging\n\n    fields \u003d {\n        \u0027description\u0027: obj_fields.StringField(),\n        \u0027port_id\u0027: obj_fields.UUIDField(nullable\u003dTrue),\n        \u0027security_group_id\u0027: obj_fields.UUIDField(nullable\u003dTrue),\n        \u0027sg_event\u0027: obj_fields.EnumField(valid_values\u003dSECURITY_EVENT)\n    }\n    resource_type \u003d constants.SECURITY_GROUP_LOG\n\n\nIn implementation for security group logging, we only create two tables \"logging_resource\" and \"security_group_log\" in database. Below is my draft implementation:\n\nclass LoggingResource(model_base.BASEV2, models_v2.HasId,\n                  models_v2.HasTenant):\n    \"\"\"Represents neutron logging resource database\"\"\"\n\n    __tablename__ \u003d \u0027logging_resource\u0027\n    name \u003d sa.Column(sa.String(attrs.NAME_MAX_LEN))\n    description \u003d sa.Column(sa.String(attrs.DESCRIPTION_MAX_LEN))\n    enabled \u003d sa.Column(sa.Boolean())\n\n\nclass SecurityGroupLogging(model_base.BASEV2, models_v2.HasId,\n                           models_v2.HasTenant):\n    \"\"\"Represents neutron security group logging database\"\"\"\n\n    __tablename__ \u003d \u0027security_group_log\u0027\n    logging_resource_id \u003d sa.Column(sa.String(36),\n                    sa.ForeignKey(\u0027logging_resource.id\u0027, ondelete\u003d\u0027CASCADE\u0027),\n                    nullable\u003dFalse,\n                    unique\u003dTrue)\n    description \u003d sa.Column(sa.String(attrs.DESCRIPTION_MAX_LEN))\n    port_id \u003d sa.Column(sa.String(36),\n                    sa.ForeignKey(\u0027ports.id\u0027, ondelete\u003d\u0027CASCADE\u0027),\n                    nullable\u003dTrue,\n                    unique\u003dTrue)\n    security_group_id \u003d sa.Column(sa.String(36),\n                    sa.ForeignKey(\u0027securitygroups.id\u0027, ondelete\u003d\u0027CASCADE\u0027),\n                    nullable\u003dTrue,\n                    unique\u003dTrue)\n    sg_event \u003d sa.Column(sa.Enum(\u0027ACCEPT\u0027, \u0027DROP\u0027, \u0027ALL\u0027,\n                                 name\u003d\u0027securitygroup_event\u0027))\n\n\nI\u0027m not sure I fully understand your question as my answer can satisfy you. Could you please show me your opinion?","commit_id":"b4084ab3f167d21031759ec0b121377b6ab3e6d4"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"6d3f82a0f25ed9c773d3b819d0f38e411a3aeb4d","unresolved":false,"context_lines":[{"line_number":281,"context_line":"|enabled     |bool   |RW      |False     |Boolean    |Enable/disable log          |"},{"line_number":282,"context_line":"+------------+-------+--------+----------+-----------+----------------------------+"},{"line_number":283,"context_line":""},{"line_number":284,"context_line":"The Logging object, which composes LoggingResource, has the following attributes:"},{"line_number":285,"context_line":""},{"line_number":286,"context_line":"+-------------------+------+------+---------+-----------+-------------------------+"},{"line_number":287,"context_line":"|Attribute          |Type  |Access|Default  |Validation/|Description              |"}],"source_content_type":"text/x-rst","patch_set":41,"id":"7aa08908_f5ba6a70","line":284,"in_reply_to":"7aa08908_f5354aa8","updated":"2016-06-16 10:30:30.000000000","message":"Actually, I won\u0027t create \u0027Logging\u0027 model (real \u0027Logging\u0027 table). I only create logging object as a abstract class when I support oslo versioned object database implementation.","commit_id":"b4084ab3f167d21031759ec0b121377b6ab3e6d4"},{"author":{"_account_id":156,"name":"Ryu Ishimoto","email":"ryu@midokura.com","username":"ryu-midokura"},"change_message_id":"94e711295fb9bd33fba9db453c5d8feba2a835ab","unresolved":false,"context_lines":[{"line_number":281,"context_line":"|enabled     |bool   |RW      |False     |Boolean    |Enable/disable log          |"},{"line_number":282,"context_line":"+------------+-------+--------+----------+-----------+----------------------------+"},{"line_number":283,"context_line":""},{"line_number":284,"context_line":"The Logging object, which composes LoggingResource, has the following attributes:"},{"line_number":285,"context_line":""},{"line_number":286,"context_line":"+-------------------+------+------+---------+-----------+-------------------------+"},{"line_number":287,"context_line":"|Attribute          |Type  |Access|Default  |Validation/|Description              |"}],"source_content_type":"text/x-rst","patch_set":41,"id":"7aa08908_1439ee3f","line":284,"in_reply_to":"7aa08908_f5ba6a70","updated":"2016-06-16 13:32:49.000000000","message":"Ok got it, thanks for the explanation.  Perhaps clarifying it as such or simply defining the models exactly as they would be seems helpful here.","commit_id":"b4084ab3f167d21031759ec0b121377b6ab3e6d4"},{"author":{"_account_id":156,"name":"Ryu Ishimoto","email":"ryu@midokura.com","username":"ryu-midokura"},"change_message_id":"dee6f2e4533592b157997bbd10087189a545245a","unresolved":false,"context_lines":[{"line_number":302,"context_line":"+\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d+\u003d\u003d\u003d\u003d\u003d\u003d\u003d+\u003d\u003d\u003d\u003d\u003d\u003d\u003d+\u003d\u003d\u003d\u003d\u003d\u003d\u003d+\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d+\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d+"},{"line_number":303,"context_line":"|logging_id        |uuid   |RO     |N/A    |uuid       |Logging we extend         |"},{"line_number":304,"context_line":"+------------------+-------+-------+-------+-----------+--------------------------+"},{"line_number":305,"context_line":"|description       |string |RW(No  |N/A    |none       |SecurityGroupLogging      |"},{"line_number":306,"context_line":"|                  |       |update)|       |           |description               |"},{"line_number":307,"context_line":"+------------------+-------+-------+-------+-----------+--------------------------+"},{"line_number":308,"context_line":"|sg_event          |enum   |RW(No  |N/A    |enum       |ACCEPT/DROP or ALL (both  |"}],"source_content_type":"text/x-rst","patch_set":41,"id":"9abb7d3a_5e919446","line":305,"updated":"2016-06-01 02:02:17.000000000","message":"Shouldn\u0027t this be part of Logging model?","commit_id":"b4084ab3f167d21031759ec0b121377b6ab3e6d4"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"383a9d396be6e2125aa340e7b8417d0782382396","unresolved":false,"context_lines":[{"line_number":302,"context_line":"+\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d+\u003d\u003d\u003d\u003d\u003d\u003d\u003d+\u003d\u003d\u003d\u003d\u003d\u003d\u003d+\u003d\u003d\u003d\u003d\u003d\u003d\u003d+\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d+\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d+"},{"line_number":303,"context_line":"|logging_id        |uuid   |RO     |N/A    |uuid       |Logging we extend         |"},{"line_number":304,"context_line":"+------------------+-------+-------+-------+-----------+--------------------------+"},{"line_number":305,"context_line":"|description       |string |RW(No  |N/A    |none       |SecurityGroupLogging      |"},{"line_number":306,"context_line":"|                  |       |update)|       |           |description               |"},{"line_number":307,"context_line":"+------------------+-------+-------+-------+-----------+--------------------------+"},{"line_number":308,"context_line":"|sg_event          |enum   |RW(No  |N/A    |enum       |ACCEPT/DROP or ALL (both  |"}],"source_content_type":"text/x-rst","patch_set":41,"id":"9abb7d3a_84776f3a","line":305,"in_reply_to":"9abb7d3a_17f906c9","updated":"2016-06-03 10:31:56.000000000","message":"it\u0027s OK.","commit_id":"b4084ab3f167d21031759ec0b121377b6ab3e6d4"},{"author":{"_account_id":156,"name":"Ryu Ishimoto","email":"ryu@midokura.com","username":"ryu-midokura"},"change_message_id":"e026cf083a3fa4df9ac1fc0cb269dcbcce3addd7","unresolved":false,"context_lines":[{"line_number":302,"context_line":"+\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d+\u003d\u003d\u003d\u003d\u003d\u003d\u003d+\u003d\u003d\u003d\u003d\u003d\u003d\u003d+\u003d\u003d\u003d\u003d\u003d\u003d\u003d+\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d+\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d+"},{"line_number":303,"context_line":"|logging_id        |uuid   |RO     |N/A    |uuid       |Logging we extend         |"},{"line_number":304,"context_line":"+------------------+-------+-------+-------+-----------+--------------------------+"},{"line_number":305,"context_line":"|description       |string |RW(No  |N/A    |none       |SecurityGroupLogging      |"},{"line_number":306,"context_line":"|                  |       |update)|       |           |description               |"},{"line_number":307,"context_line":"+------------------+-------+-------+-------+-----------+--------------------------+"},{"line_number":308,"context_line":"|sg_event          |enum   |RW(No  |N/A    |enum       |ACCEPT/DROP or ALL (both  |"}],"source_content_type":"text/x-rst","patch_set":41,"id":"9abb7d3a_17f906c9","line":305,"in_reply_to":"9abb7d3a_5e919446","updated":"2016-06-02 23:40:09.000000000","message":"Never mind, I guess you want to have separate descriptions.","commit_id":"b4084ab3f167d21031759ec0b121377b6ab3e6d4"},{"author":{"_account_id":156,"name":"Ryu Ishimoto","email":"ryu@midokura.com","username":"ryu-midokura"},"change_message_id":"78ef6c498afbc893e0e341a966aa3e12ba0dd767","unresolved":false,"context_lines":[{"line_number":334,"context_line":"    }"},{"line_number":335,"context_line":""},{"line_number":336,"context_line":"    RESOURCE_ATTRIBUTE_MAP \u003d {"},{"line_number":337,"context_line":"        \u0027logging_resources\u0027: {"},{"line_number":338,"context_line":"            \u0027id\u0027: {\u0027allow_post\u0027: False, \u0027allow_put\u0027: False,"},{"line_number":339,"context_line":"                   \u0027validate\u0027: {\u0027type:uuid\u0027: None}, \u0027is_visible\u0027: True,"},{"line_number":340,"context_line":"                   \u0027primary_key\u0027: True},"}],"source_content_type":"text/x-rst","patch_set":41,"id":"9abb7d3a_8176d8d4","line":337,"updated":"2016-06-01 02:58:43.000000000","message":"I guess the intention is that in the future you want to add some operations on a group of logging objects?  Do we plan to allow multiple Logging objects of different resource types? (SG and VPN for example?)  If not, then perhaps this object needs a \u0027type\u0027 field which is a well-defined resource types (SG, VPN, FW, etc) where only one resource type Logging objects can be part of the same logging resource?","commit_id":"b4084ab3f167d21031759ec0b121377b6ab3e6d4"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"383a9d396be6e2125aa340e7b8417d0782382396","unresolved":false,"context_lines":[{"line_number":334,"context_line":"    }"},{"line_number":335,"context_line":""},{"line_number":336,"context_line":"    RESOURCE_ATTRIBUTE_MAP \u003d {"},{"line_number":337,"context_line":"        \u0027logging_resources\u0027: {"},{"line_number":338,"context_line":"            \u0027id\u0027: {\u0027allow_post\u0027: False, \u0027allow_put\u0027: False,"},{"line_number":339,"context_line":"                   \u0027validate\u0027: {\u0027type:uuid\u0027: None}, \u0027is_visible\u0027: True,"},{"line_number":340,"context_line":"                   \u0027primary_key\u0027: True},"}],"source_content_type":"text/x-rst","patch_set":41,"id":"9abb7d3a_04a41fb7","line":337,"in_reply_to":"9abb7d3a_571a6e18","updated":"2016-06-03 10:31:56.000000000","message":"I got it.Thanks.","commit_id":"b4084ab3f167d21031759ec0b121377b6ab3e6d4"},{"author":{"_account_id":156,"name":"Ryu Ishimoto","email":"ryu@midokura.com","username":"ryu-midokura"},"change_message_id":"e026cf083a3fa4df9ac1fc0cb269dcbcce3addd7","unresolved":false,"context_lines":[{"line_number":334,"context_line":"    }"},{"line_number":335,"context_line":""},{"line_number":336,"context_line":"    RESOURCE_ATTRIBUTE_MAP \u003d {"},{"line_number":337,"context_line":"        \u0027logging_resources\u0027: {"},{"line_number":338,"context_line":"            \u0027id\u0027: {\u0027allow_post\u0027: False, \u0027allow_put\u0027: False,"},{"line_number":339,"context_line":"                   \u0027validate\u0027: {\u0027type:uuid\u0027: None}, \u0027is_visible\u0027: True,"},{"line_number":340,"context_line":"                   \u0027primary_key\u0027: True},"}],"source_content_type":"text/x-rst","patch_set":41,"id":"9abb7d3a_571a6e18","line":337,"in_reply_to":"9abb7d3a_8176d8d4","updated":"2016-06-02 23:40:09.000000000","message":"After thinking about it more, this design works just fine so I think it\u0027s fine to keep it as is.","commit_id":"b4084ab3f167d21031759ec0b121377b6ab3e6d4"},{"author":{"_account_id":6854,"name":"YAMAMOTO Takashi","email":"yamamoto@midokura.com","username":"yamamoto"},"change_message_id":"7de0595e4fc78344dfb712af31425d370baf2db8","unresolved":false,"context_lines":[{"line_number":366,"context_line":"            \u0027parameters\u0027: dict((LOG_COMMON_FIELDS),"},{"line_number":367,"context_line":"                          **{"},{"line_number":368,"context_line":"                            \u0027description\u0027: {"},{"line_number":369,"context_line":"                                \u0027allow_post\u0027: True, \u0027allow_put\u0027: False,"},{"line_number":370,"context_line":"                                \u0027validate\u0027: {\u0027type:string\u0027: None},"},{"line_number":371,"context_line":"                                \u0027default\u0027: None, \u0027is_visible\u0027: True},"},{"line_number":372,"context_line":"                            \u0027security_group_id\u0027: {"}],"source_content_type":"text/x-rst","patch_set":41,"id":"9abb7d3a_de4ab6ab","line":369,"range":{"start_line":369,"start_character":52,"end_line":369,"end_character":70},"updated":"2016-05-31 06:47:13.000000000","message":"why?","commit_id":"b4084ab3f167d21031759ec0b121377b6ab3e6d4"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"383a9d396be6e2125aa340e7b8417d0782382396","unresolved":false,"context_lines":[{"line_number":366,"context_line":"            \u0027parameters\u0027: dict((LOG_COMMON_FIELDS),"},{"line_number":367,"context_line":"                          **{"},{"line_number":368,"context_line":"                            \u0027description\u0027: {"},{"line_number":369,"context_line":"                                \u0027allow_post\u0027: True, \u0027allow_put\u0027: False,"},{"line_number":370,"context_line":"                                \u0027validate\u0027: {\u0027type:string\u0027: None},"},{"line_number":371,"context_line":"                                \u0027default\u0027: None, \u0027is_visible\u0027: True},"},{"line_number":372,"context_line":"                            \u0027security_group_id\u0027: {"}],"source_content_type":"text/x-rst","patch_set":41,"id":"9abb7d3a_c4ecd7f5","line":369,"range":{"start_line":369,"start_character":52,"end_line":369,"end_character":70},"in_reply_to":"9abb7d3a_de4ab6ab","updated":"2016-06-03 10:31:56.000000000","message":"It should be \u0027True\u0027. Because \u0027description\u0027 can be updated. I will correct it in next revision.","commit_id":"b4084ab3f167d21031759ec0b121377b6ab3e6d4"},{"author":{"_account_id":6854,"name":"YAMAMOTO Takashi","email":"yamamoto@midokura.com","username":"yamamoto"},"change_message_id":"283ebd1b6fa97f986e802acfa24b131a1b0c7ace","unresolved":false,"context_lines":[{"line_number":482,"context_line":"Other Deployer Impact"},{"line_number":483,"context_line":"---------------------"},{"line_number":484,"context_line":""},{"line_number":485,"context_line":"None"},{"line_number":486,"context_line":""},{"line_number":487,"context_line":""},{"line_number":488,"context_line":"Developer Impact"}],"source_content_type":"text/x-rst","patch_set":41,"id":"9abb7d3a_2bb93e2f","line":485,"updated":"2016-06-03 05:01:23.000000000","message":"configure the \"logging agent\" on each compute nodes?","commit_id":"b4084ab3f167d21031759ec0b121377b6ab3e6d4"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"383a9d396be6e2125aa340e7b8417d0782382396","unresolved":false,"context_lines":[{"line_number":482,"context_line":"Other Deployer Impact"},{"line_number":483,"context_line":"---------------------"},{"line_number":484,"context_line":""},{"line_number":485,"context_line":"None"},{"line_number":486,"context_line":""},{"line_number":487,"context_line":""},{"line_number":488,"context_line":"Developer Impact"}],"source_content_type":"text/x-rst","patch_set":41,"id":"9abb7d3a_c4b4d736","line":485,"in_reply_to":"9abb7d3a_2bb93e2f","updated":"2016-06-03 10:31:56.000000000","message":"Yes, I will update in next revision.Thanks for your advices","commit_id":"b4084ab3f167d21031759ec0b121377b6ab3e6d4"},{"author":{"_account_id":841,"name":"Akihiro Motoki","email":"amotoki@gmail.com","username":"amotoki"},"change_message_id":"b1515628b88b7d59c73872ab01e085a145cc01b5","unresolved":false,"context_lines":[{"line_number":531,"context_line":"  * Database model \u0026 database migrations"},{"line_number":532,"context_line":"  * Oslo versioned object database implementation"},{"line_number":533,"context_line":"  * Iptables based reference implementation"},{"line_number":534,"context_line":"  * Python-neutronclient support"},{"line_number":535,"context_line":""},{"line_number":536,"context_line":""},{"line_number":537,"context_line":"Dependencies"}],"source_content_type":"text/x-rst","patch_set":41,"id":"7aa08908_1b6dcb98","line":534,"updated":"2016-06-06 08:57:06.000000000","message":"OSC support must be documented.\nneutronclient support is now optional.","commit_id":"b4084ab3f167d21031759ec0b121377b6ab3e6d4"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"b350875e99f01df57b06e5a7373ea05d73384c04","unresolved":false,"context_lines":[{"line_number":531,"context_line":"  * Database model \u0026 database migrations"},{"line_number":532,"context_line":"  * Oslo versioned object database implementation"},{"line_number":533,"context_line":"  * Iptables based reference implementation"},{"line_number":534,"context_line":"  * Python-neutronclient support"},{"line_number":535,"context_line":""},{"line_number":536,"context_line":""},{"line_number":537,"context_line":"Dependencies"}],"source_content_type":"text/x-rst","patch_set":41,"id":"7aa08908_8172e8e3","line":534,"in_reply_to":"7aa08908_1b6dcb98","updated":"2016-06-06 10:06:15.000000000","message":"Yes, I will update it. Thanks.","commit_id":"b4084ab3f167d21031759ec0b121377b6ab3e6d4"},{"author":{"_account_id":6788,"name":"Rossella Sblendido","email":"rsblendido@suse.com","username":"rossella-o"},"change_message_id":"2d5f33f7b7996f64a8ca12bea07a552736d41411","unresolved":false,"context_lines":[{"line_number":12,"context_line":""},{"line_number":13,"context_line":"This spec defines a way to enable logging for security groups."},{"line_number":14,"context_line":""},{"line_number":15,"context_line":"Problem Description"},{"line_number":16,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":17,"context_line":""},{"line_number":18,"context_line":"In some case, *operator* (including cloud admin and developer) wants to"}],"source_content_type":"text/x-rst","patch_set":42,"id":"7aa08908_34e7b1b1","line":15,"updated":"2016-06-07 10:11:54.000000000","message":"I think that the problem description is a bit confusing. Can you state clearly that this feature address two problems:\n1) store the network traffic for compliance\n2) these logs can also be used for debugging security groups but this is not the main goal since other approaches exists to fix the same problem.","commit_id":"b94ba662fccead0e4cd310f3769a4f9d279ed06a"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"60ee39180b0be88ca8b5c3c9d744480505079c1d","unresolved":false,"context_lines":[{"line_number":12,"context_line":""},{"line_number":13,"context_line":"This spec defines a way to enable logging for security groups."},{"line_number":14,"context_line":""},{"line_number":15,"context_line":"Problem Description"},{"line_number":16,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":17,"context_line":""},{"line_number":18,"context_line":"In some case, *operator* (including cloud admin and developer) wants to"}],"source_content_type":"text/x-rst","patch_set":42,"id":"7aa08908_d5012e06","line":15,"in_reply_to":"7aa08908_34e7b1b1","updated":"2016-06-10 10:45:03.000000000","message":"That\u0027s very kind of you. I\u0027ve updated my spec as your advice.","commit_id":"b94ba662fccead0e4cd310f3769a4f9d279ed06a"},{"author":{"_account_id":6788,"name":"Rossella Sblendido","email":"rsblendido@suse.com","username":"rossella-o"},"change_message_id":"2d5f33f7b7996f64a8ca12bea07a552736d41411","unresolved":false,"context_lines":[{"line_number":16,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":17,"context_line":""},{"line_number":18,"context_line":"In some case, *operator* (including cloud admin and developer) wants to"},{"line_number":19,"context_line":"monitor network traffic flows of:"},{"line_number":20,"context_line":""},{"line_number":21,"context_line":"  * North-south network traffic travels between an instance and external"},{"line_number":22,"context_line":"    network."}],"source_content_type":"text/x-rst","patch_set":42,"id":"7aa08908_54ba3dc1","line":19,"range":{"start_line":19,"start_character":0,"end_line":19,"end_character":7},"updated":"2016-06-07 10:11:54.000000000","message":"monitor I don\u0027t think is the right term, because again is related to debugging and to detect some malfunctioning. I\u0027d say \"store logs of network traffic\"","commit_id":"b94ba662fccead0e4cd310f3769a4f9d279ed06a"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"60ee39180b0be88ca8b5c3c9d744480505079c1d","unresolved":false,"context_lines":[{"line_number":16,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":17,"context_line":""},{"line_number":18,"context_line":"In some case, *operator* (including cloud admin and developer) wants to"},{"line_number":19,"context_line":"monitor network traffic flows of:"},{"line_number":20,"context_line":""},{"line_number":21,"context_line":"  * North-south network traffic travels between an instance and external"},{"line_number":22,"context_line":"    network."}],"source_content_type":"text/x-rst","patch_set":42,"id":"7aa08908_75131a5d","line":19,"range":{"start_line":19,"start_character":0,"end_line":19,"end_character":7},"in_reply_to":"7aa08908_54ba3dc1","updated":"2016-06-10 10:45:03.000000000","message":"Done","commit_id":"b94ba662fccead0e4cd310f3769a4f9d279ed06a"},{"author":{"_account_id":6788,"name":"Rossella Sblendido","email":"rsblendido@suse.com","username":"rossella-o"},"change_message_id":"2d5f33f7b7996f64a8ca12bea07a552736d41411","unresolved":false,"context_lines":[{"line_number":40,"context_line":"Proposed Change"},{"line_number":41,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":42,"context_line":""},{"line_number":43,"context_line":"Today when traffic doesn\u0027t flow the way it is supposed to (as prescribed by"},{"line_number":44,"context_line":"security-group-rules), learning what happened can be achieved by painstakingly"},{"line_number":45,"context_line":"browsing distributed logs. To improve the situation, we\u0027d do the following:"},{"line_number":46,"context_line":""}],"source_content_type":"text/x-rst","patch_set":42,"id":"7aa08908_749659f1","line":43,"updated":"2016-06-07 10:11:54.000000000","message":"this paragraph is not related to the proposed change, it should be moved to the previous section","commit_id":"b94ba662fccead0e4cd310f3769a4f9d279ed06a"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"60ee39180b0be88ca8b5c3c9d744480505079c1d","unresolved":false,"context_lines":[{"line_number":40,"context_line":"Proposed Change"},{"line_number":41,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":42,"context_line":""},{"line_number":43,"context_line":"Today when traffic doesn\u0027t flow the way it is supposed to (as prescribed by"},{"line_number":44,"context_line":"security-group-rules), learning what happened can be achieved by painstakingly"},{"line_number":45,"context_line":"browsing distributed logs. To improve the situation, we\u0027d do the following:"},{"line_number":46,"context_line":""}],"source_content_type":"text/x-rst","patch_set":42,"id":"7aa08908_95184677","line":43,"in_reply_to":"7aa08908_749659f1","updated":"2016-06-10 10:45:03.000000000","message":"Done","commit_id":"b94ba662fccead0e4cd310f3769a4f9d279ed06a"},{"author":{"_account_id":6788,"name":"Rossella Sblendido","email":"rsblendido@suse.com","username":"rossella-o"},"change_message_id":"2d5f33f7b7996f64a8ca12bea07a552736d41411","unresolved":false,"context_lines":[{"line_number":78,"context_line":""},{"line_number":79,"context_line":"    (4) collect events related to security groups in a tenant: in this case"},{"line_number":80,"context_line":"        operators do not need to specify security group uuid or neutron port uuid"},{"line_number":81,"context_line":"        in security_group_log resource. Note that if a new security group or a new"},{"line_number":82,"context_line":"        security group rule is created in this tenant after the security_group_log"},{"line_number":83,"context_line":"        is created, it will not be logged. However, if a new VM is launched in"},{"line_number":84,"context_line":"        this tenant, events related to security groups applied on this VM will be"},{"line_number":85,"context_line":"        collected."},{"line_number":86,"context_line":""}],"source_content_type":"text/x-rst","patch_set":42,"id":"7aa08908_b413a165","line":83,"range":{"start_line":81,"start_character":40,"end_line":83,"end_character":41},"updated":"2016-06-07 10:11:54.000000000","message":"any idea how to fix this limitation...we could get a notification when a security group is created and update the log collector","commit_id":"b94ba662fccead0e4cd310f3769a4f9d279ed06a"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"60ee39180b0be88ca8b5c3c9d744480505079c1d","unresolved":false,"context_lines":[{"line_number":78,"context_line":""},{"line_number":79,"context_line":"    (4) collect events related to security groups in a tenant: in this case"},{"line_number":80,"context_line":"        operators do not need to specify security group uuid or neutron port uuid"},{"line_number":81,"context_line":"        in security_group_log resource. Note that if a new security group or a new"},{"line_number":82,"context_line":"        security group rule is created in this tenant after the security_group_log"},{"line_number":83,"context_line":"        is created, it will not be logged. However, if a new VM is launched in"},{"line_number":84,"context_line":"        this tenant, events related to security groups applied on this VM will be"},{"line_number":85,"context_line":"        collected."},{"line_number":86,"context_line":""}],"source_content_type":"text/x-rst","patch_set":42,"id":"7aa08908_d59daebc","line":83,"range":{"start_line":81,"start_character":40,"end_line":83,"end_character":41},"in_reply_to":"7aa08908_b413a165","updated":"2016-06-10 10:45:03.000000000","message":"Thanks for your idea. I think it makes sense, so I\u0027ve removed it in my spec.","commit_id":"b94ba662fccead0e4cd310f3769a4f9d279ed06a"},{"author":{"_account_id":6854,"name":"YAMAMOTO Takashi","email":"yamamoto@midokura.com","username":"yamamoto"},"change_message_id":"2dbe874013ab0ad3ddfeece257632aa6b82b1842","unresolved":false,"context_lines":[{"line_number":99,"context_line":"        cfg.StrOpt(\u0027central_server\u0027,"},{"line_number":100,"context_line":"                   default\u003d\u0027127.0.0.1\u0027,"},{"line_number":101,"context_line":"                   help\u003d_(\u0027Server address where log-data will be forwarded to.\u0027)),"},{"line_number":102,"context_line":"        cfg.StrOpt(\u0027location\u0027,"},{"line_number":103,"context_line":"                   default\u003d\u0027/var/log/neutron\u0027,"},{"line_number":104,"context_line":"                   help\u003d_(\u0027Location where stores log-data at local host\u0027))"},{"line_number":105,"context_line":"    ]"}],"source_content_type":"text/x-rst","patch_set":42,"id":"7aa08908_45cf337f","line":102,"range":{"start_line":102,"start_character":20,"end_line":102,"end_character":28},"updated":"2016-06-07 06:36:14.000000000","message":"do you mean that one of central_server and location will be used, depending on the above driver?","commit_id":"b94ba662fccead0e4cd310f3769a4f9d279ed06a"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"bc05a5b963acc1aef074da09c0252eb5aee9e105","unresolved":false,"context_lines":[{"line_number":99,"context_line":"        cfg.StrOpt(\u0027central_server\u0027,"},{"line_number":100,"context_line":"                   default\u003d\u0027127.0.0.1\u0027,"},{"line_number":101,"context_line":"                   help\u003d_(\u0027Server address where log-data will be forwarded to.\u0027)),"},{"line_number":102,"context_line":"        cfg.StrOpt(\u0027location\u0027,"},{"line_number":103,"context_line":"                   default\u003d\u0027/var/log/neutron\u0027,"},{"line_number":104,"context_line":"                   help\u003d_(\u0027Location where stores log-data at local host\u0027))"},{"line_number":105,"context_line":"    ]"}],"source_content_type":"text/x-rst","patch_set":42,"id":"5a9d85d2_d9eafdab","line":102,"range":{"start_line":102,"start_character":20,"end_line":102,"end_character":28},"in_reply_to":"5a9d85d2_7bb0618c","updated":"2016-06-21 10:04:11.000000000","message":"I\u0027ve updated it in patch-set 44. Could you please review it. Thanks for your idea.","commit_id":"b94ba662fccead0e4cd310f3769a4f9d279ed06a"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"e05afdefb2ed9f886df7ad4dcdbcf4da92e9a246","unresolved":false,"context_lines":[{"line_number":99,"context_line":"        cfg.StrOpt(\u0027central_server\u0027,"},{"line_number":100,"context_line":"                   default\u003d\u0027127.0.0.1\u0027,"},{"line_number":101,"context_line":"                   help\u003d_(\u0027Server address where log-data will be forwarded to.\u0027)),"},{"line_number":102,"context_line":"        cfg.StrOpt(\u0027location\u0027,"},{"line_number":103,"context_line":"                   default\u003d\u0027/var/log/neutron\u0027,"},{"line_number":104,"context_line":"                   help\u003d_(\u0027Location where stores log-data at local host\u0027))"},{"line_number":105,"context_line":"    ]"}],"source_content_type":"text/x-rst","patch_set":42,"id":"7aa08908_97674ab6","line":102,"range":{"start_line":102,"start_character":20,"end_line":102,"end_character":28},"in_reply_to":"7aa08908_45cf337f","updated":"2016-06-08 09:33:44.000000000","message":"These configuration options are for logger-backend (collector). They depend on driver support. If the driver supports both \u0027central_sever\u0027 and \u0027location\u0027 and cloud deployer configured both options then we can use both methods to consume log.","commit_id":"b94ba662fccead0e4cd310f3769a4f9d279ed06a"},{"author":{"_account_id":6854,"name":"YAMAMOTO Takashi","email":"yamamoto@midokura.com","username":"yamamoto"},"change_message_id":"67ed35f7f0c8b24acdd3973f42702e43f39f25c5","unresolved":false,"context_lines":[{"line_number":99,"context_line":"        cfg.StrOpt(\u0027central_server\u0027,"},{"line_number":100,"context_line":"                   default\u003d\u0027127.0.0.1\u0027,"},{"line_number":101,"context_line":"                   help\u003d_(\u0027Server address where log-data will be forwarded to.\u0027)),"},{"line_number":102,"context_line":"        cfg.StrOpt(\u0027location\u0027,"},{"line_number":103,"context_line":"                   default\u003d\u0027/var/log/neutron\u0027,"},{"line_number":104,"context_line":"                   help\u003d_(\u0027Location where stores log-data at local host\u0027))"},{"line_number":105,"context_line":"    ]"}],"source_content_type":"text/x-rst","patch_set":42,"id":"5a9d85d2_7bb0618c","line":102,"range":{"start_line":102,"start_character":20,"end_line":102,"end_character":28},"in_reply_to":"7aa08908_97674ab6","updated":"2016-06-20 06:43:16.000000000","message":"i can\u0027t think of any reason to have a driver supporting both of these.\n\nit\u0027s clearer to move driver-specific options somewhere else.\neg. separate groups for each drivers","commit_id":"b94ba662fccead0e4cd310f3769a4f9d279ed06a"},{"author":{"_account_id":6854,"name":"YAMAMOTO Takashi","email":"yamamoto@midokura.com","username":"yamamoto"},"change_message_id":"2dbe874013ab0ad3ddfeece257632aa6b82b1842","unresolved":false,"context_lines":[{"line_number":105,"context_line":"    ]"},{"line_number":106,"context_line":""},{"line_number":107,"context_line":"    SG_LOG_CONFIG_OPTS \u003d ["},{"line_number":108,"context_line":"        cfg.StrOpt(\u0027driver\u0027,"},{"line_number":109,"context_line":"                   default\u003d\u0027neutron.services.logaas.drivers.noop.\u0027"},{"line_number":110,"context_line":"                   \u0027noop_driver.NoopSecurityGroupLogDriver\u0027,"},{"line_number":111,"context_line":"                   help\u003d_(\"Security group logging driver\"))"}],"source_content_type":"text/x-rst","patch_set":42,"id":"7aa08908_45e8d3e2","line":108,"range":{"start_line":108,"start_character":20,"end_line":108,"end_character":26},"updated":"2016-06-07 06:36:14.000000000","message":"how is this different from \"Logger driver\" above?","commit_id":"b94ba662fccead0e4cd310f3769a4f9d279ed06a"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"e05afdefb2ed9f886df7ad4dcdbcf4da92e9a246","unresolved":false,"context_lines":[{"line_number":105,"context_line":"    ]"},{"line_number":106,"context_line":""},{"line_number":107,"context_line":"    SG_LOG_CONFIG_OPTS \u003d ["},{"line_number":108,"context_line":"        cfg.StrOpt(\u0027driver\u0027,"},{"line_number":109,"context_line":"                   default\u003d\u0027neutron.services.logaas.drivers.noop.\u0027"},{"line_number":110,"context_line":"                   \u0027noop_driver.NoopSecurityGroupLogDriver\u0027,"},{"line_number":111,"context_line":"                   help\u003d_(\"Security group logging driver\"))"}],"source_content_type":"text/x-rst","patch_set":42,"id":"7aa08908_b7c6c665","line":108,"range":{"start_line":108,"start_character":20,"end_line":108,"end_character":26},"in_reply_to":"7aa08908_45e8d3e2","updated":"2016-06-08 09:33:44.000000000","message":"SG_LOG_CONFIG_OPTS is configuration option for security group logging driver. This driver perform logging for security groups (e.g iptbales LOG) and write log to \u0027syslog_path\u0027. Then logger-backend driver will collect \u0026 process and files them to \u0027location\u0027 or forwards to \u0027central_server\u0027.","commit_id":"b94ba662fccead0e4cd310f3769a4f9d279ed06a"},{"author":{"_account_id":6788,"name":"Rossella Sblendido","email":"rsblendido@suse.com","username":"rossella-o"},"change_message_id":"2d5f33f7b7996f64a8ca12bea07a552736d41411","unresolved":false,"context_lines":[{"line_number":155,"context_line":""},{"line_number":156,"context_line":"            Response:"},{"line_number":157,"context_line":"            {"},{"line_number":158,"context_line":"              \"type\": [\"security_group_log\"]"},{"line_number":159,"context_line":"            }"},{"line_number":160,"context_line":""},{"line_number":161,"context_line":"    step4: Define events related to security groups need collecting for this"}],"source_content_type":"text/x-rst","patch_set":42,"id":"7aa08908_c7cddd5e","line":158,"updated":"2016-06-07 10:11:54.000000000","message":"how will this info be generated? I mean where/how will you store/generate the list of supported logging?","commit_id":"b94ba662fccead0e4cd310f3769a4f9d279ed06a"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"60ee39180b0be88ca8b5c3c9d744480505079c1d","unresolved":false,"context_lines":[{"line_number":155,"context_line":""},{"line_number":156,"context_line":"            Response:"},{"line_number":157,"context_line":"            {"},{"line_number":158,"context_line":"              \"type\": [\"security_group_log\"]"},{"line_number":159,"context_line":"            }"},{"line_number":160,"context_line":""},{"line_number":161,"context_line":"    step4: Define events related to security groups need collecting for this"}],"source_content_type":"text/x-rst","patch_set":42,"id":"7aa08908_35b072dd","line":158,"in_reply_to":"7aa08908_c7cddd5e","updated":"2016-06-10 10:45:03.000000000","message":"Any plugin or Ml2 mechanism driver can claim support for some logging-types by providing a plugin/driver class property called ‘supported_logging_types’ that should return a list of strings that correspond to logging-types. The property can be generated by a simple python list defined on class. It is the same mechanism \u0027Support QoS rule types\u0027 [1].\n[1] http://docs.openstack.org/developer/neutron/devref/quality_of_service.html#supported-qos-rule-types","commit_id":"b94ba662fccead0e4cd310f3769a4f9d279ed06a"},{"author":{"_account_id":6854,"name":"YAMAMOTO Takashi","email":"yamamoto@midokura.com","username":"yamamoto"},"change_message_id":"2dbe874013ab0ad3ddfeece257632aa6b82b1842","unresolved":false,"context_lines":[{"line_number":225,"context_line":"Example logging format"},{"line_number":226,"context_line":"----------------------"},{"line_number":227,"context_line":""},{"line_number":228,"context_line":"Log-data is collected by logger-backend so that its format depends on logger-backend"},{"line_number":229,"context_line":"implementation. However, log-data format should include fields such as timestamp,"},{"line_number":230,"context_line":"resource log uuid, security_group_rule_uuid (only for ACCEPT event), L3 \u0026 L4"},{"line_number":231,"context_line":"information (address, protocol, port, etc) and action (ACCEPT or DROP)."}],"source_content_type":"text/x-rst","patch_set":42,"id":"7aa08908_c537a3ae","line":228,"range":{"start_line":228,"start_character":25,"end_line":228,"end_character":39},"updated":"2016-06-07 06:36:14.000000000","message":"what\u0027s logger-backend?\nis it different from \"Logger driver\" and \"Security group logging driver\"?","commit_id":"b94ba662fccead0e4cd310f3769a4f9d279ed06a"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"e05afdefb2ed9f886df7ad4dcdbcf4da92e9a246","unresolved":false,"context_lines":[{"line_number":225,"context_line":"Example logging format"},{"line_number":226,"context_line":"----------------------"},{"line_number":227,"context_line":""},{"line_number":228,"context_line":"Log-data is collected by logger-backend so that its format depends on logger-backend"},{"line_number":229,"context_line":"implementation. However, log-data format should include fields such as timestamp,"},{"line_number":230,"context_line":"resource log uuid, security_group_rule_uuid (only for ACCEPT event), L3 \u0026 L4"},{"line_number":231,"context_line":"information (address, protocol, port, etc) and action (ACCEPT or DROP)."}],"source_content_type":"text/x-rst","patch_set":42,"id":"7aa08908_17851a06","line":228,"range":{"start_line":228,"start_character":25,"end_line":228,"end_character":39},"in_reply_to":"7aa08908_c537a3ae","updated":"2016-06-08 09:33:44.000000000","message":"logger-backend means \u0027Logger driver\u0027, it performs collecting \u0026 processing events log from \"Security group logging driver\".","commit_id":"b94ba662fccead0e4cd310f3769a4f9d279ed06a"},{"author":{"_account_id":6854,"name":"YAMAMOTO Takashi","email":"yamamoto@midokura.com","username":"yamamoto"},"change_message_id":"2dbe874013ab0ad3ddfeece257632aa6b82b1842","unresolved":false,"context_lines":[{"line_number":225,"context_line":"Example logging format"},{"line_number":226,"context_line":"----------------------"},{"line_number":227,"context_line":""},{"line_number":228,"context_line":"Log-data is collected by logger-backend so that its format depends on logger-backend"},{"line_number":229,"context_line":"implementation. However, log-data format should include fields such as timestamp,"},{"line_number":230,"context_line":"resource log uuid, security_group_rule_uuid (only for ACCEPT event), L3 \u0026 L4"},{"line_number":231,"context_line":"information (address, protocol, port, etc) and action (ACCEPT or DROP)."},{"line_number":232,"context_line":""}],"source_content_type":"text/x-rst","patch_set":42,"id":"7aa08908_e55bbff4","line":229,"range":{"start_line":228,"start_character":48,"end_line":229,"end_character":14},"updated":"2016-06-07 06:36:14.000000000","message":"does this mean it isn\u0027t supposed to be machine-readable?","commit_id":"b94ba662fccead0e4cd310f3769a4f9d279ed06a"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"e05afdefb2ed9f886df7ad4dcdbcf4da92e9a246","unresolved":false,"context_lines":[{"line_number":225,"context_line":"Example logging format"},{"line_number":226,"context_line":"----------------------"},{"line_number":227,"context_line":""},{"line_number":228,"context_line":"Log-data is collected by logger-backend so that its format depends on logger-backend"},{"line_number":229,"context_line":"implementation. However, log-data format should include fields such as timestamp,"},{"line_number":230,"context_line":"resource log uuid, security_group_rule_uuid (only for ACCEPT event), L3 \u0026 L4"},{"line_number":231,"context_line":"information (address, protocol, port, etc) and action (ACCEPT or DROP)."},{"line_number":232,"context_line":""}],"source_content_type":"text/x-rst","patch_set":42,"id":"7aa08908_370ad679","line":229,"range":{"start_line":228,"start_character":48,"end_line":229,"end_character":14},"in_reply_to":"7aa08908_e55bbff4","updated":"2016-06-08 09:33:44.000000000","message":"Do you mean the log-data format needs to be standardized? I also think about that.\nBut now there is not any common security log standard, so I only propose the log-data format as a reference logger-backend implementation.\nIn addition, I think log-data format is out-of-scope this spec. It should be discussed in other spec (expose logging API for tenant).\nIf you have any idea about log-data format standard, could you please recommend for us.","commit_id":"b94ba662fccead0e4cd310f3769a4f9d279ed06a"},{"author":{"_account_id":6788,"name":"Rossella Sblendido","email":"rsblendido@suse.com","username":"rossella-o"},"change_message_id":"2d5f33f7b7996f64a8ca12bea07a552736d41411","unresolved":false,"context_lines":[{"line_number":250,"context_line":"This model is consist of two main parts: LoggingResource and Logging object."},{"line_number":251,"context_line":""},{"line_number":252,"context_line":"LoggingResource is a container for logging, it describes how log-data is stored."},{"line_number":253,"context_line":"Currently, logger-backend is chosen by cloud deployer. In future we extend it"},{"line_number":254,"context_line":"to support different logger-backends for different tenants."},{"line_number":255,"context_line":""},{"line_number":256,"context_line":"LoggingResource model has the following attributes:"},{"line_number":257,"context_line":""}],"source_content_type":"text/x-rst","patch_set":42,"id":"7aa08908_67efc987","line":254,"range":{"start_line":253,"start_character":55,"end_line":254,"end_character":58},"updated":"2016-06-07 10:11:54.000000000","message":"I don\u0027t see this in the model. How do you plan to define logger-backends and to associate them to LoggingResource ?","commit_id":"b94ba662fccead0e4cd310f3769a4f9d279ed06a"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"60ee39180b0be88ca8b5c3c9d744480505079c1d","unresolved":false,"context_lines":[{"line_number":250,"context_line":"This model is consist of two main parts: LoggingResource and Logging object."},{"line_number":251,"context_line":""},{"line_number":252,"context_line":"LoggingResource is a container for logging, it describes how log-data is stored."},{"line_number":253,"context_line":"Currently, logger-backend is chosen by cloud deployer. In future we extend it"},{"line_number":254,"context_line":"to support different logger-backends for different tenants."},{"line_number":255,"context_line":""},{"line_number":256,"context_line":"LoggingResource model has the following attributes:"},{"line_number":257,"context_line":""}],"source_content_type":"text/x-rst","patch_set":42,"id":"7aa08908_b5e582a9","line":254,"range":{"start_line":253,"start_character":55,"end_line":254,"end_character":58},"in_reply_to":"7aa08908_67efc987","updated":"2016-06-10 10:45:03.000000000","message":"Thanks for your comment. I\u0027ve updated on patch-set 43 from L263-L287. Could you please review it and give me some feedback?","commit_id":"b94ba662fccead0e4cd310f3769a4f9d279ed06a"},{"author":{"_account_id":17133,"name":"Kengo Hobo","email":"hobo.kengo@jp.fujitsu.com","username":"hobo.kengo"},"change_message_id":"2a904faeed7ef87a3dbf8979d21fff51dff51914","unresolved":false,"context_lines":[{"line_number":271,"context_line":"|enabled     |bool   |RW      |False     |Boolean    |Enable/disable log          |"},{"line_number":272,"context_line":"+------------+-------+--------+----------+-----------+----------------------------+"},{"line_number":273,"context_line":""},{"line_number":274,"context_line":"Logging object, which composes LoggingResource, has the following attributes:"},{"line_number":275,"context_line":""},{"line_number":276,"context_line":"+-------------------+------+------+---------+-----------+-------------------------+"},{"line_number":277,"context_line":"|Attribute          |Type  |Access|Default  |Validation/|Description              |"}],"source_content_type":"text/x-rst","patch_set":42,"id":"7aa08908_94c9537b","line":274,"range":{"start_line":274,"start_character":0,"end_line":274,"end_character":14},"updated":"2016-06-07 04:39:00.000000000","message":"Is there any strong reason for separating this table from resource(e.g. security-group) specific table?","commit_id":"b94ba662fccead0e4cd310f3769a4f9d279ed06a"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"9938bbc53ee893ec4790ffb00ecc609d3c53e9f3","unresolved":false,"context_lines":[{"line_number":271,"context_line":"|enabled     |bool   |RW      |False     |Boolean    |Enable/disable log          |"},{"line_number":272,"context_line":"+------------+-------+--------+----------+-----------+----------------------------+"},{"line_number":273,"context_line":""},{"line_number":274,"context_line":"Logging object, which composes LoggingResource, has the following attributes:"},{"line_number":275,"context_line":""},{"line_number":276,"context_line":"+-------------------+------+------+---------+-----------+-------------------------+"},{"line_number":277,"context_line":"|Attribute          |Type  |Access|Default  |Validation/|Description              |"}],"source_content_type":"text/x-rst","patch_set":42,"id":"7aa08908_36c81ca8","line":274,"range":{"start_line":274,"start_character":0,"end_line":274,"end_character":14},"in_reply_to":"7aa08908_94c9537b","updated":"2016-06-08 04:38:42.000000000","message":"I think we are misunderstanding about Logging object. Logging object is just a way to describe \u0027common\u0027 part for each resource logging such as security group logging or firewall logging. So we only have to create\u0027security_group_log\u0027 table not \u0027logging_object\u0027 table.","commit_id":"b94ba662fccead0e4cd310f3769a4f9d279ed06a"},{"author":{"_account_id":6854,"name":"YAMAMOTO Takashi","email":"yamamoto@midokura.com","username":"yamamoto"},"change_message_id":"cf6c2dcf1279f754c19388d64b6d56a16e8c1c1a","unresolved":false,"context_lines":[{"line_number":30,"context_line":"In addition, these logs can also be used for debugging security groups (help"},{"line_number":31,"context_line":"tenant make sure security group rules work as expected or not). However"},{"line_number":32,"context_line":"this is not the main goal since other approaches existed (e.g Taas) to fix"},{"line_number":33,"context_line":"the same problem."},{"line_number":34,"context_line":""},{"line_number":35,"context_line":"In Neutron, all traffic allowed/dropped on instances are managed by security"},{"line_number":36,"context_line":"groups. However, logging is currently a missing feature in security groups."}],"source_content_type":"text/x-rst","patch_set":43,"id":"5a9d85d2_1bb5ddcc","line":33,"updated":"2016-06-20 06:43:03.000000000","message":"FYI, IDS is also one of use cases of TaaS.","commit_id":"5ee55b21246f590c7ad22a8a3214e1baea943233"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"c13a0a53d6c7ecfd244a3ecc453734a77eb6f036","unresolved":false,"context_lines":[{"line_number":30,"context_line":"In addition, these logs can also be used for debugging security groups (help"},{"line_number":31,"context_line":"tenant make sure security group rules work as expected or not). However"},{"line_number":32,"context_line":"this is not the main goal since other approaches existed (e.g Taas) to fix"},{"line_number":33,"context_line":"the same problem."},{"line_number":34,"context_line":""},{"line_number":35,"context_line":"In Neutron, all traffic allowed/dropped on instances are managed by security"},{"line_number":36,"context_line":"groups. However, logging is currently a missing feature in security groups."}],"source_content_type":"text/x-rst","patch_set":43,"id":"5a9d85d2_b62c604b","line":33,"in_reply_to":"5a9d85d2_1bb5ddcc","updated":"2016-06-21 09:58:55.000000000","message":"I got it. Thanks for your information. :)","commit_id":"5ee55b21246f590c7ad22a8a3214e1baea943233"},{"author":{"_account_id":6854,"name":"YAMAMOTO Takashi","email":"yamamoto@midokura.com","username":"yamamoto"},"change_message_id":"cf6c2dcf1279f754c19388d64b6d56a16e8c1c1a","unresolved":false,"context_lines":[{"line_number":47,"context_line":"    (1) ACCEPT event"},{"line_number":48,"context_line":"    (2) DROP event."},{"line_number":49,"context_line":""},{"line_number":50,"context_line":"This spec focuses on supporting logging API for *operator only*. After that we"},{"line_number":51,"context_line":"will expose the logging API for tenants which need more specific requirement:"},{"line_number":52,"context_line":""},{"line_number":53,"context_line":"    * a mechanism to expose logging API for tenant (e.g by using RBAC)."}],"source_content_type":"text/x-rst","patch_set":43,"id":"5a9d85d2_bbf2c998","line":50,"range":{"start_line":50,"start_character":44,"end_line":50,"end_character":63},"updated":"2016-06-20 06:43:03.000000000","message":"why do you emphasis this?","commit_id":"5ee55b21246f590c7ad22a8a3214e1baea943233"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"c13a0a53d6c7ecfd244a3ecc453734a77eb6f036","unresolved":false,"context_lines":[{"line_number":47,"context_line":"    (1) ACCEPT event"},{"line_number":48,"context_line":"    (2) DROP event."},{"line_number":49,"context_line":""},{"line_number":50,"context_line":"This spec focuses on supporting logging API for *operator only*. After that we"},{"line_number":51,"context_line":"will expose the logging API for tenants which need more specific requirement:"},{"line_number":52,"context_line":""},{"line_number":53,"context_line":"    * a mechanism to expose logging API for tenant (e.g by using RBAC)."}],"source_content_type":"text/x-rst","patch_set":43,"id":"5a9d85d2_f699c86f","line":50,"range":{"start_line":50,"start_character":44,"end_line":50,"end_character":63},"in_reply_to":"5a9d85d2_bbf2c998","updated":"2016-06-21 09:58:55.000000000","message":"It\u0027s the scope of this spec. However, we are also considering about expose logging API for tenant.","commit_id":"5ee55b21246f590c7ad22a8a3214e1baea943233"},{"author":{"_account_id":6854,"name":"YAMAMOTO Takashi","email":"yamamoto@midokura.com","username":"yamamoto"},"change_message_id":"cf6c2dcf1279f754c19388d64b6d56a16e8c1c1a","unresolved":false,"context_lines":[{"line_number":51,"context_line":"will expose the logging API for tenants which need more specific requirement:"},{"line_number":52,"context_line":""},{"line_number":53,"context_line":"    * a mechanism to expose logging API for tenant (e.g by using RBAC)."},{"line_number":54,"context_line":"    * standardized logging output format for tenant"},{"line_number":55,"context_line":"    * a way to consume log more effectively for tenant."},{"line_number":56,"context_line":""},{"line_number":57,"context_line":"Logging mechanism"}],"source_content_type":"text/x-rst","patch_set":43,"id":"5a9d85d2_5b5be554","line":54,"updated":"2016-06-20 06:43:03.000000000","message":"does this imply this spec is about human intervention only?","commit_id":"5ee55b21246f590c7ad22a8a3214e1baea943233"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"c13a0a53d6c7ecfd244a3ecc453734a77eb6f036","unresolved":false,"context_lines":[{"line_number":51,"context_line":"will expose the logging API for tenants which need more specific requirement:"},{"line_number":52,"context_line":""},{"line_number":53,"context_line":"    * a mechanism to expose logging API for tenant (e.g by using RBAC)."},{"line_number":54,"context_line":"    * standardized logging output format for tenant"},{"line_number":55,"context_line":"    * a way to consume log more effectively for tenant."},{"line_number":56,"context_line":""},{"line_number":57,"context_line":"Logging mechanism"}],"source_content_type":"text/x-rst","patch_set":43,"id":"5a9d85d2_1650d45d","line":54,"in_reply_to":"5a9d85d2_5b5be554","updated":"2016-06-21 09:58:55.000000000","message":"Yes, it does.\n\nwe expect standardize logging output format will be discussed in tenant-supported logging API spec. However, I also raise my idea in \u0027Example logging format\u0027 section. Could you please review it and leave your comment.","commit_id":"5ee55b21246f590c7ad22a8a3214e1baea943233"},{"author":{"_account_id":6854,"name":"YAMAMOTO Takashi","email":"yamamoto@midokura.com","username":"yamamoto"},"change_message_id":"cf6c2dcf1279f754c19388d64b6d56a16e8c1c1a","unresolved":false,"context_lines":[{"line_number":69,"context_line":"Expected implementation"},{"line_number":70,"context_line":"-----------------------"},{"line_number":71,"context_line":""},{"line_number":72,"context_line":"Firstly, security events will be logged to \u0027syslog_path\u0027 by SecurityGroupLogExt."},{"line_number":73,"context_line":"Then, these events will be collected, processed and filed to \u0027location\u0027 by"},{"line_number":74,"context_line":"CollectorExt. These files (sg-\u003csg-log-uuid\u003e.log) can be forwarded to central logging"},{"line_number":75,"context_line":"server for further process."}],"source_content_type":"text/x-rst","patch_set":43,"id":"5a9d85d2_1beddd8b","line":72,"updated":"2016-06-20 06:43:03.000000000","message":"while it might be straightforward to use syslog for iptable based SG, it sounds strange for other implementations.","commit_id":"5ee55b21246f590c7ad22a8a3214e1baea943233"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"c13a0a53d6c7ecfd244a3ecc453734a77eb6f036","unresolved":false,"context_lines":[{"line_number":69,"context_line":"Expected implementation"},{"line_number":70,"context_line":"-----------------------"},{"line_number":71,"context_line":""},{"line_number":72,"context_line":"Firstly, security events will be logged to \u0027syslog_path\u0027 by SecurityGroupLogExt."},{"line_number":73,"context_line":"Then, these events will be collected, processed and filed to \u0027location\u0027 by"},{"line_number":74,"context_line":"CollectorExt. These files (sg-\u003csg-log-uuid\u003e.log) can be forwarded to central logging"},{"line_number":75,"context_line":"server for further process."}],"source_content_type":"text/x-rst","patch_set":43,"id":"5a9d85d2_f6d1c8ce","line":72,"in_reply_to":"5a9d85d2_1beddd8b","updated":"2016-06-21 09:58:55.000000000","message":"Done","commit_id":"5ee55b21246f590c7ad22a8a3214e1baea943233"},{"author":{"_account_id":6854,"name":"YAMAMOTO Takashi","email":"yamamoto@midokura.com","username":"yamamoto"},"change_message_id":"cf6c2dcf1279f754c19388d64b6d56a16e8c1c1a","unresolved":false,"context_lines":[{"line_number":72,"context_line":"Firstly, security events will be logged to \u0027syslog_path\u0027 by SecurityGroupLogExt."},{"line_number":73,"context_line":"Then, these events will be collected, processed and filed to \u0027location\u0027 by"},{"line_number":74,"context_line":"CollectorExt. These files (sg-\u003csg-log-uuid\u003e.log) can be forwarded to central logging"},{"line_number":75,"context_line":"server for further process."},{"line_number":76,"context_line":""},{"line_number":77,"context_line":"The configuration of logging API would look like::"},{"line_number":78,"context_line":""}],"source_content_type":"text/x-rst","patch_set":43,"id":"5a9d85d2_3b3b79ed","line":75,"updated":"2016-06-20 06:43:03.000000000","message":"the forwarder needs to control (or at least know) when these files are rotated etc, doesn\u0027t it?","commit_id":"5ee55b21246f590c7ad22a8a3214e1baea943233"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"c13a0a53d6c7ecfd244a3ecc453734a77eb6f036","unresolved":false,"context_lines":[{"line_number":72,"context_line":"Firstly, security events will be logged to \u0027syslog_path\u0027 by SecurityGroupLogExt."},{"line_number":73,"context_line":"Then, these events will be collected, processed and filed to \u0027location\u0027 by"},{"line_number":74,"context_line":"CollectorExt. These files (sg-\u003csg-log-uuid\u003e.log) can be forwarded to central logging"},{"line_number":75,"context_line":"server for further process."},{"line_number":76,"context_line":""},{"line_number":77,"context_line":"The configuration of logging API would look like::"},{"line_number":78,"context_line":""}],"source_content_type":"text/x-rst","patch_set":43,"id":"5a9d85d2_1673b4e8","line":75,"in_reply_to":"5a9d85d2_3b3b79ed","updated":"2016-06-21 09:58:55.000000000","message":"Yes, it does. I\u0027ve updated in patch-set 44 from L88-L93. Thanks for your suggestion.","commit_id":"5ee55b21246f590c7ad22a8a3214e1baea943233"},{"author":{"_account_id":6854,"name":"YAMAMOTO Takashi","email":"yamamoto@midokura.com","username":"yamamoto"},"change_message_id":"cf6c2dcf1279f754c19388d64b6d56a16e8c1c1a","unresolved":false,"context_lines":[{"line_number":105,"context_line":"    (1) directly accessing to the files in \u0027location\u0027."},{"line_number":106,"context_line":"    (2) through a central logging server if log-data is set to be forwarded to"},{"line_number":107,"context_line":"        \u0027central_server\u0027."},{"line_number":108,"context_line":"    (3) using third-party services such as Monasca service, ..."},{"line_number":109,"context_line":""},{"line_number":110,"context_line":"Expected API behavior"},{"line_number":111,"context_line":"---------------------"}],"source_content_type":"text/x-rst","patch_set":43,"id":"5a9d85d2_5b092531","line":108,"updated":"2016-06-20 06:43:03.000000000","message":"for the reference implementation, i\u0027d suggest to concentrate into one of \"central server\" options and drop the \"location\" thing.  how do you think?","commit_id":"5ee55b21246f590c7ad22a8a3214e1baea943233"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"c13a0a53d6c7ecfd244a3ecc453734a77eb6f036","unresolved":false,"context_lines":[{"line_number":105,"context_line":"    (1) directly accessing to the files in \u0027location\u0027."},{"line_number":106,"context_line":"    (2) through a central logging server if log-data is set to be forwarded to"},{"line_number":107,"context_line":"        \u0027central_server\u0027."},{"line_number":108,"context_line":"    (3) using third-party services such as Monasca service, ..."},{"line_number":109,"context_line":""},{"line_number":110,"context_line":"Expected API behavior"},{"line_number":111,"context_line":"---------------------"}],"source_content_type":"text/x-rst","patch_set":43,"id":"5a9d85d2_3626b0ce","line":108,"in_reply_to":"5a9d85d2_5b092531","updated":"2016-06-21 09:58:55.000000000","message":"I think so. Thanks for your idea.","commit_id":"5ee55b21246f590c7ad22a8a3214e1baea943233"},{"author":{"_account_id":156,"name":"Ryu Ishimoto","email":"ryu@midokura.com","username":"ryu-midokura"},"change_message_id":"f26d7eeb34b5a3c505f65d1d223a8787b2861dbb","unresolved":false,"context_lines":[{"line_number":372,"context_line":"            \u0027enabled\u0027: {\u0027allow_post\u0027: True, \u0027allow_put\u0027: True,"},{"line_number":373,"context_line":"                        \u0027is_visible\u0027: True, \u0027default\u0027: False,"},{"line_number":374,"context_line":"                        \u0027convert_to\u0027: attr.convert_to_boolean},"},{"line_number":375,"context_line":"            \u0027resource_logs\u0027: {\u0027allow_post\u0027: False, \u0027allow_put\u0027: False,"},{"line_number":376,"context_line":"                              \u0027is_visible\u0027: True}"},{"line_number":377,"context_line":"        },"},{"line_number":378,"context_line":""}],"source_content_type":"text/x-rst","patch_set":43,"id":"7aa08908_c615184a","line":375,"updated":"2016-06-16 00:53:23.000000000","message":"What does this field include when you have a mix of logging types?  How does client differentiate them?  Or should this be \u0027security_group_logs\u0027 instead?","commit_id":"5ee55b21246f590c7ad22a8a3214e1baea943233"},{"author":{"_account_id":156,"name":"Ryu Ishimoto","email":"ryu@midokura.com","username":"ryu-midokura"},"change_message_id":"0afcee512519af39bb22609f34f73d2f52f00abb","unresolved":false,"context_lines":[{"line_number":372,"context_line":"            \u0027enabled\u0027: {\u0027allow_post\u0027: True, \u0027allow_put\u0027: True,"},{"line_number":373,"context_line":"                        \u0027is_visible\u0027: True, \u0027default\u0027: False,"},{"line_number":374,"context_line":"                        \u0027convert_to\u0027: attr.convert_to_boolean},"},{"line_number":375,"context_line":"            \u0027resource_logs\u0027: {\u0027allow_post\u0027: False, \u0027allow_put\u0027: False,"},{"line_number":376,"context_line":"                              \u0027is_visible\u0027: True}"},{"line_number":377,"context_line":"        },"},{"line_number":378,"context_line":""}],"source_content_type":"text/x-rst","patch_set":43,"id":"5a9d85d2_efa930e1","line":375,"in_reply_to":"7aa08908_7543e56c","updated":"2016-06-19 23:42:57.000000000","message":"Ok so there is no actual field called \u0027resource_logs\u0027.  It would be good to clarify this.  Your example makes it clear.","commit_id":"5ee55b21246f590c7ad22a8a3214e1baea943233"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"2dbd8684adf8eee77baa89619d1b165740348324","unresolved":false,"context_lines":[{"line_number":372,"context_line":"            \u0027enabled\u0027: {\u0027allow_post\u0027: True, \u0027allow_put\u0027: True,"},{"line_number":373,"context_line":"                        \u0027is_visible\u0027: True, \u0027default\u0027: False,"},{"line_number":374,"context_line":"                        \u0027convert_to\u0027: attr.convert_to_boolean},"},{"line_number":375,"context_line":"            \u0027resource_logs\u0027: {\u0027allow_post\u0027: False, \u0027allow_put\u0027: False,"},{"line_number":376,"context_line":"                              \u0027is_visible\u0027: True}"},{"line_number":377,"context_line":"        },"},{"line_number":378,"context_line":""}],"source_content_type":"text/x-rst","patch_set":43,"id":"7aa08908_7543e56c","line":375,"in_reply_to":"7aa08908_c615184a","updated":"2016-06-17 07:00:50.000000000","message":"In case mixin of logging types (e.g security_group_logs \u0026 firewall_logs), I expect responses of list logging-resources API as below:\n\n{\n  \"logging_resource\": \n    {\n        \"id\": \"46ebaec0-0570-43ac-82f6-60d2b03168c4\",\n        \"tenant_id\": \"8d4c70a21fed4aeba121a1a429ba0d04\",\n        \"name\": \"log-resource-tenant-demo\",\n        \"description\": \"Get traffic flow of tenant demo\",\n        \"enabled\": True,\n        \"security_group_logs\": [\n            {\n                \"id\": \"5f126d84-551a-4dcf-bb01-0e9c0df0c793\",\n                \"logging-resources-id\": \"46ebaec0-0570-43ac-82f6-60d2b03168c4\",\n                ...\n            },\n            ...\n        ]\n        \"firewall-logs\": [\n            {\n                \"id\": \"21aeda2a-a52f-4e81-9e64-7edeb59fa25b\",\n                \"logging-resources-id\": \"46ebaec0-0570-43ac-82f6-60d2b03168c4\",\n                ...\n            },\n            ...\n        ]\n    }\n}","commit_id":"5ee55b21246f590c7ad22a8a3214e1baea943233"},{"author":{"_account_id":9656,"name":"Ihar Hrachyshka","email":"ihrachys@redhat.com","username":"ihrachys","status":"Red Hat Networking Systems Engineer"},"change_message_id":"9659ae45db31a9a671a0be2ad619316ac0d00528","unresolved":false,"context_lines":[{"line_number":456,"context_line":"Operators CLI Impact"},{"line_number":457,"context_line":"--------------------"},{"line_number":458,"context_line":""},{"line_number":459,"context_line":"Additional methods will be added to python-neutronclient to create, update,"},{"line_number":460,"context_line":"delete, list, get logging resource and security groups logging."},{"line_number":461,"context_line":""},{"line_number":462,"context_line":"Checking support resource logging"}],"source_content_type":"text/x-rst","patch_set":43,"id":"5a9d85d2_356d4205","line":459,"range":{"start_line":459,"start_character":36,"end_line":459,"end_character":56},"updated":"2016-06-20 10:02:37.000000000","message":"Since Neutron, all new CLI features must be implemented in OSC, and neutronclient is optional. How does it fit to your spec?","commit_id":"5ee55b21246f590c7ad22a8a3214e1baea943233"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"c13a0a53d6c7ecfd244a3ecc453734a77eb6f036","unresolved":false,"context_lines":[{"line_number":456,"context_line":"Operators CLI Impact"},{"line_number":457,"context_line":"--------------------"},{"line_number":458,"context_line":""},{"line_number":459,"context_line":"Additional methods will be added to python-neutronclient to create, update,"},{"line_number":460,"context_line":"delete, list, get logging resource and security groups logging."},{"line_number":461,"context_line":""},{"line_number":462,"context_line":"Checking support resource logging"}],"source_content_type":"text/x-rst","patch_set":43,"id":"5a9d85d2_f96ed9c7","line":459,"range":{"start_line":459,"start_character":36,"end_line":459,"end_character":56},"in_reply_to":"5a9d85d2_356d4205","updated":"2016-06-21 09:58:55.000000000","message":"Thanks for your comment. I\u0027ve updated it in patch-set 44 in \u0027Operators CLI Impact\u0027 section.","commit_id":"5ee55b21246f590c7ad22a8a3214e1baea943233"},{"author":{"_account_id":17133,"name":"Kengo Hobo","email":"hobo.kengo@jp.fujitsu.com","username":"hobo.kengo"},"change_message_id":"e965b1acebbed0e59235a7ea418cccd4d162b9be","unresolved":false,"context_lines":[{"line_number":464,"context_line":"For logging resource::"},{"line_number":465,"context_line":""},{"line_number":466,"context_line":"    neutron logging-create --name \u003clogging-resource-name\u003e"},{"line_number":467,"context_line":"                           --log-type \u003clogging-resource-type\u003e"},{"line_number":468,"context_line":"                           [--enable \u003cTrue/False\u003e]"},{"line_number":469,"context_line":"                           [--description \u003clogging-resource-description\u003e]"},{"line_number":470,"context_line":"    neutron logging-list"}],"source_content_type":"text/x-rst","patch_set":43,"id":"7aa08908_47d28235","line":467,"range":{"start_line":467,"start_character":27,"end_line":467,"end_character":37},"updated":"2016-06-17 03:36:39.000000000","message":"I think this should be removed.","commit_id":"5ee55b21246f590c7ad22a8a3214e1baea943233"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"5cdc9e046a111fe94c33f67d3da29ad5945fdf1e","unresolved":false,"context_lines":[{"line_number":464,"context_line":"For logging resource::"},{"line_number":465,"context_line":""},{"line_number":466,"context_line":"    neutron logging-create --name \u003clogging-resource-name\u003e"},{"line_number":467,"context_line":"                           --log-type \u003clogging-resource-type\u003e"},{"line_number":468,"context_line":"                           [--enable \u003cTrue/False\u003e]"},{"line_number":469,"context_line":"                           [--description \u003clogging-resource-description\u003e]"},{"line_number":470,"context_line":"    neutron logging-list"}],"source_content_type":"text/x-rst","patch_set":43,"id":"7aa08908_07587a55","line":467,"range":{"start_line":467,"start_character":27,"end_line":467,"end_character":37},"in_reply_to":"7aa08908_47d28235","updated":"2016-06-17 03:52:14.000000000","message":"Yes, I will remove it. Thanks.","commit_id":"5ee55b21246f590c7ad22a8a3214e1baea943233"},{"author":{"_account_id":8788,"name":"Miguel Angel Ajo","email":"mangelajo@redhat.com","username":"mangelajo"},"change_message_id":"72d32a0f53ec3264779ef92d3d31f8e338a11f1a","unresolved":false,"context_lines":[{"line_number":45,"context_line":"The events related to security groups will be collected:"},{"line_number":46,"context_line":""},{"line_number":47,"context_line":"    (1) ACCEPT event"},{"line_number":48,"context_line":"    (2) DROP event."},{"line_number":49,"context_line":""},{"line_number":50,"context_line":"This spec focuses on supporting logging API for *operator only*. After that we"},{"line_number":51,"context_line":"will expose the logging API for tenants which need more specific requirement:"}],"source_content_type":"text/x-rst","patch_set":44,"id":"3aaa91ec_1dabe675","line":48,"updated":"2016-06-22 14:51:41.000000000","message":"Please note this is currently not possible with the openvswitch firewall, may be in the future when openvswitch supports this kind of thing.\n\nMay be we could have calls to the controller on accept/drop... but I wonder how slow would that be.","commit_id":"e2167a127f7968ca42ce4ec634e2cf97ab47e158"},{"author":{"_account_id":6854,"name":"YAMAMOTO Takashi","email":"yamamoto@midokura.com","username":"yamamoto"},"change_message_id":"35516a1f2e5efccee8d98e4c6c410aff2de34a1f","unresolved":false,"context_lines":[{"line_number":45,"context_line":"The events related to security groups will be collected:"},{"line_number":46,"context_line":""},{"line_number":47,"context_line":"    (1) ACCEPT event"},{"line_number":48,"context_line":"    (2) DROP event."},{"line_number":49,"context_line":""},{"line_number":50,"context_line":"This spec focuses on supporting logging API for *operator only*. After that we"},{"line_number":51,"context_line":"will expose the logging API for tenants which need more specific requirement:"}],"source_content_type":"text/x-rst","patch_set":44,"id":"3aaa91ec_a2b9adcd","line":48,"in_reply_to":"3aaa91ec_1dabe675","updated":"2016-06-23 03:29:27.000000000","message":"i guess packet-in based solution is acceptable as producing a log line to a file per packet is inherently slow in the first place.\n\ni agree this spec is assuming iptables based implementation too much though.","commit_id":"e2167a127f7968ca42ce4ec634e2cf97ab47e158"},{"author":{"_account_id":841,"name":"Akihiro Motoki","email":"amotoki@gmail.com","username":"amotoki"},"change_message_id":"c70fe48f65b41c6ddd74e90f9f29b798a91570ba","unresolved":false,"context_lines":[{"line_number":45,"context_line":"The events related to security groups will be collected:"},{"line_number":46,"context_line":""},{"line_number":47,"context_line":"    (1) ACCEPT event"},{"line_number":48,"context_line":"    (2) DROP event."},{"line_number":49,"context_line":""},{"line_number":50,"context_line":"This spec focuses on supporting logging API for *operator only*. After that we"},{"line_number":51,"context_line":"will expose the logging API for tenants which need more specific requirement:"}],"source_content_type":"text/x-rst","patch_set":44,"id":"3aaa91ec_53980f6a","line":48,"in_reply_to":"3aaa91ec_38391ba5","updated":"2016-06-27 03:12:41.000000000","message":"I cannot understand your logic too. What Miguel pointed is we have two implementation of OVS security group: OVS native firewall and the legacy hybrid version. Could you explain how your feature is supported in OVS native firewall? If there is a limitation it should be noted as a limitation.","commit_id":"e2167a127f7968ca42ce4ec634e2cf97ab47e158"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"1cd6c14036391322edd428e41e37578b32527db3","unresolved":false,"context_lines":[{"line_number":45,"context_line":"The events related to security groups will be collected:"},{"line_number":46,"context_line":""},{"line_number":47,"context_line":"    (1) ACCEPT event"},{"line_number":48,"context_line":"    (2) DROP event."},{"line_number":49,"context_line":""},{"line_number":50,"context_line":"This spec focuses on supporting logging API for *operator only*. After that we"},{"line_number":51,"context_line":"will expose the logging API for tenants which need more specific requirement:"}],"source_content_type":"text/x-rst","patch_set":44,"id":"3aaa91ec_09c9b378","line":48,"in_reply_to":"3aaa91ec_53980f6a","updated":"2016-06-29 09:07:50.000000000","message":"\u003e I cannot understand your logic too\nPlease do not mind it.\n \n\u003e Could you explain how your feature is supported in OVS native firewall? If there is a limitation it should be noted as a limitation.\n\nCurrently, I have not had solution yet. I will note it as a limitation. Thanks for your recommend.","commit_id":"e2167a127f7968ca42ce4ec634e2cf97ab47e158"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"ce0de9bbd31ca43728ec7d1f5bd55067206b45f9","unresolved":false,"context_lines":[{"line_number":45,"context_line":"The events related to security groups will be collected:"},{"line_number":46,"context_line":""},{"line_number":47,"context_line":"    (1) ACCEPT event"},{"line_number":48,"context_line":"    (2) DROP event."},{"line_number":49,"context_line":""},{"line_number":50,"context_line":"This spec focuses on supporting logging API for *operator only*. After that we"},{"line_number":51,"context_line":"will expose the logging API for tenants which need more specific requirement:"}],"source_content_type":"text/x-rst","patch_set":44,"id":"3aaa91ec_f10e938a","line":48,"in_reply_to":"3aaa91ec_a2b9adcd","updated":"2016-06-24 09:21:41.000000000","message":"My understanding, security group is a stateful firewall. So I think logging feature for a stateful firewall should be able to get DROP/ACCEPT event. How do you think? BTW, packet-in solution is great. I\u0027m investigating about it. Many thanks.","commit_id":"e2167a127f7968ca42ce4ec634e2cf97ab47e158"},{"author":{"_account_id":6854,"name":"YAMAMOTO Takashi","email":"yamamoto@midokura.com","username":"yamamoto"},"change_message_id":"67663962bc9eb325e8b33baf768d03b2f1a8bdfd","unresolved":false,"context_lines":[{"line_number":45,"context_line":"The events related to security groups will be collected:"},{"line_number":46,"context_line":""},{"line_number":47,"context_line":"    (1) ACCEPT event"},{"line_number":48,"context_line":"    (2) DROP event."},{"line_number":49,"context_line":""},{"line_number":50,"context_line":"This spec focuses on supporting logging API for *operator only*. After that we"},{"line_number":51,"context_line":"will expose the logging API for tenants which need more specific requirement:"}],"source_content_type":"text/x-rst","patch_set":44,"id":"3aaa91ec_38391ba5","line":48,"in_reply_to":"3aaa91ec_f10e938a","updated":"2016-06-24 10:29:19.000000000","message":"i don\u0027t understand your logic. (\"So I think logging feature for a stateful firewall should be able to get DROP/ACCEPT event\")\ncan you explain?","commit_id":"e2167a127f7968ca42ce4ec634e2cf97ab47e158"},{"author":{"_account_id":8788,"name":"Miguel Angel Ajo","email":"mangelajo@redhat.com","username":"mangelajo"},"change_message_id":"72d32a0f53ec3264779ef92d3d31f8e338a11f1a","unresolved":false,"context_lines":[{"line_number":47,"context_line":"    (1) ACCEPT event"},{"line_number":48,"context_line":"    (2) DROP event."},{"line_number":49,"context_line":""},{"line_number":50,"context_line":"This spec focuses on supporting logging API for *operator only*. After that we"},{"line_number":51,"context_line":"will expose the logging API for tenants which need more specific requirement:"},{"line_number":52,"context_line":""},{"line_number":53,"context_line":"    * a mechanism to expose logging API for tenant (e.g by using RBAC)."}],"source_content_type":"text/x-rst","patch_set":44,"id":"3aaa91ec_fd953a40","line":50,"updated":"2016-06-22 14:51:41.000000000","message":"may be this can be moved into a future work section/subsection.","commit_id":"e2167a127f7968ca42ce4ec634e2cf97ab47e158"},{"author":{"_account_id":841,"name":"Akihiro Motoki","email":"amotoki@gmail.com","username":"amotoki"},"change_message_id":"c70fe48f65b41c6ddd74e90f9f29b798a91570ba","unresolved":false,"context_lines":[{"line_number":47,"context_line":"    (1) ACCEPT event"},{"line_number":48,"context_line":"    (2) DROP event."},{"line_number":49,"context_line":""},{"line_number":50,"context_line":"This spec focuses on supporting logging API for *operator only*. After that we"},{"line_number":51,"context_line":"will expose the logging API for tenants which need more specific requirement:"},{"line_number":52,"context_line":""},{"line_number":53,"context_line":"    * a mechanism to expose logging API for tenant (e.g by using RBAC)."}],"source_content_type":"text/x-rst","patch_set":44,"id":"3aaa91ec_b3be93ab","line":50,"in_reply_to":"3aaa91ec_767c59b5","updated":"2016-06-27 03:12:41.000000000","message":"I agree with Miguel. \"After that ...\" should be moved to a future work section.","commit_id":"e2167a127f7968ca42ce4ec634e2cf97ab47e158"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"1cd6c14036391322edd428e41e37578b32527db3","unresolved":false,"context_lines":[{"line_number":47,"context_line":"    (1) ACCEPT event"},{"line_number":48,"context_line":"    (2) DROP event."},{"line_number":49,"context_line":""},{"line_number":50,"context_line":"This spec focuses on supporting logging API for *operator only*. After that we"},{"line_number":51,"context_line":"will expose the logging API for tenants which need more specific requirement:"},{"line_number":52,"context_line":""},{"line_number":53,"context_line":"    * a mechanism to expose logging API for tenant (e.g by using RBAC)."}],"source_content_type":"text/x-rst","patch_set":44,"id":"3aaa91ec_83f622f7","line":50,"in_reply_to":"3aaa91ec_b3be93ab","updated":"2016-06-29 09:07:50.000000000","message":"I will do. Thanks for your suggestion.","commit_id":"e2167a127f7968ca42ce4ec634e2cf97ab47e158"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"ce0de9bbd31ca43728ec7d1f5bd55067206b45f9","unresolved":false,"context_lines":[{"line_number":47,"context_line":"    (1) ACCEPT event"},{"line_number":48,"context_line":"    (2) DROP event."},{"line_number":49,"context_line":""},{"line_number":50,"context_line":"This spec focuses on supporting logging API for *operator only*. After that we"},{"line_number":51,"context_line":"will expose the logging API for tenants which need more specific requirement:"},{"line_number":52,"context_line":""},{"line_number":53,"context_line":"    * a mechanism to expose logging API for tenant (e.g by using RBAC)."}],"source_content_type":"text/x-rst","patch_set":44,"id":"3aaa91ec_767c59b5","line":50,"in_reply_to":"3aaa91ec_fd953a40","updated":"2016-06-24 09:21:41.000000000","message":"Thanks for your suggestion. I will add subsection as you suggest.","commit_id":"e2167a127f7968ca42ce4ec634e2cf97ab47e158"},{"author":{"_account_id":841,"name":"Akihiro Motoki","email":"amotoki@gmail.com","username":"amotoki"},"change_message_id":"c70fe48f65b41c6ddd74e90f9f29b798a91570ba","unresolved":false,"context_lines":[{"line_number":75,"context_line":"will handle logs rotation and forward logs to central logging server for further"},{"line_number":76,"context_line":"process [1]_."},{"line_number":77,"context_line":""},{"line_number":78,"context_line":"The configuration of logging API would look like::"},{"line_number":79,"context_line":""},{"line_number":80,"context_line":"    LOGGER_CONFIG_OPTS\u003d ["},{"line_number":81,"context_line":"        cfg.StrOpt(\u0027driver\u0027,"}],"source_content_type":"text/x-rst","patch_set":44,"id":"3aaa91ec_f37e5be2","line":78,"updated":"2016-06-27 03:12:41.000000000","message":"I think you define two kinds of drivers. They correspond to the extensions at L.64-67. Could you clarify the mapping from L.64-67 to the option names? Does LOGGER_CONFIG_OPTS mean a logging collector?","commit_id":"e2167a127f7968ca42ce4ec634e2cf97ab47e158"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"1cd6c14036391322edd428e41e37578b32527db3","unresolved":false,"context_lines":[{"line_number":75,"context_line":"will handle logs rotation and forward logs to central logging server for further"},{"line_number":76,"context_line":"process [1]_."},{"line_number":77,"context_line":""},{"line_number":78,"context_line":"The configuration of logging API would look like::"},{"line_number":79,"context_line":""},{"line_number":80,"context_line":"    LOGGER_CONFIG_OPTS\u003d ["},{"line_number":81,"context_line":"        cfg.StrOpt(\u0027driver\u0027,"}],"source_content_type":"text/x-rst","patch_set":44,"id":"3aaa91ec_23c92e79","line":78,"in_reply_to":"3aaa91ec_f37e5be2","updated":"2016-06-29 09:07:50.000000000","message":"Yes, it does. May I rename it to COLLECTOR_CONFIG_OPTS to make more sense. How do you think about it?","commit_id":"e2167a127f7968ca42ce4ec634e2cf97ab47e158"},{"author":{"_account_id":6854,"name":"YAMAMOTO Takashi","email":"yamamoto@midokura.com","username":"yamamoto"},"change_message_id":"35516a1f2e5efccee8d98e4c6c410aff2de34a1f","unresolved":false,"context_lines":[{"line_number":82,"context_line":"                   default\u003d\u0027neutron.services.logaas.drivers.noop.\u0027"},{"line_number":83,"context_line":"                   \u0027noop_driver.NoopCollectorDriver\u0027,"},{"line_number":84,"context_line":"                   help\u003d_(\"Logger driver.\")),"},{"line_number":85,"context_line":"        cfg.StrOpt(\u0027log_path\u0027,"},{"line_number":86,"context_line":"                   default\u003d\u0027/var/log/syslog\u0027,"},{"line_number":87,"context_line":"                   help\u003d_(\"Where security events are logged to.\")),"},{"line_number":88,"context_line":"        cfg.IntOpt(\u0027size\u0027,"}],"source_content_type":"text/x-rst","patch_set":44,"id":"3aaa91ec_c22b19ea","line":85,"range":{"start_line":85,"start_character":20,"end_line":85,"end_character":28},"updated":"2016-06-23 03:29:27.000000000","message":"i\u0027d suggest to remove log_path, size, rotate here,\nas they are implementation details of the specific logger driver.","commit_id":"e2167a127f7968ca42ce4ec634e2cf97ab47e158"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"ce0de9bbd31ca43728ec7d1f5bd55067206b45f9","unresolved":false,"context_lines":[{"line_number":82,"context_line":"                   default\u003d\u0027neutron.services.logaas.drivers.noop.\u0027"},{"line_number":83,"context_line":"                   \u0027noop_driver.NoopCollectorDriver\u0027,"},{"line_number":84,"context_line":"                   help\u003d_(\"Logger driver.\")),"},{"line_number":85,"context_line":"        cfg.StrOpt(\u0027log_path\u0027,"},{"line_number":86,"context_line":"                   default\u003d\u0027/var/log/syslog\u0027,"},{"line_number":87,"context_line":"                   help\u003d_(\"Where security events are logged to.\")),"},{"line_number":88,"context_line":"        cfg.IntOpt(\u0027size\u0027,"}],"source_content_type":"text/x-rst","patch_set":44,"id":"3aaa91ec_7b460450","line":85,"range":{"start_line":85,"start_character":20,"end_line":85,"end_character":28},"in_reply_to":"3aaa91ec_c22b19ea","updated":"2016-06-24 09:21:41.000000000","message":"That\u0027s very kind of you. I\u0027ll move it to specific logger driver as your suggestion. Thank you very much.","commit_id":"e2167a127f7968ca42ce4ec634e2cf97ab47e158"},{"author":{"_account_id":8788,"name":"Miguel Angel Ajo","email":"mangelajo@redhat.com","username":"mangelajo"},"change_message_id":"72d32a0f53ec3264779ef92d3d31f8e338a11f1a","unresolved":false,"context_lines":[{"line_number":83,"context_line":"                   \u0027noop_driver.NoopCollectorDriver\u0027,"},{"line_number":84,"context_line":"                   help\u003d_(\"Logger driver.\")),"},{"line_number":85,"context_line":"        cfg.StrOpt(\u0027log_path\u0027,"},{"line_number":86,"context_line":"                   default\u003d\u0027/var/log/syslog\u0027,"},{"line_number":87,"context_line":"                   help\u003d_(\"Where security events are logged to.\")),"},{"line_number":88,"context_line":"        cfg.IntOpt(\u0027size\u0027,"},{"line_number":89,"context_line":"                   default\u003d1048576,"}],"source_content_type":"text/x-rst","patch_set":44,"id":"3aaa91ec_78baf8e2","line":86,"updated":"2016-06-22 14:51:41.000000000","message":"/var/log/neutron/security.log ?","commit_id":"e2167a127f7968ca42ce4ec634e2cf97ab47e158"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"ce0de9bbd31ca43728ec7d1f5bd55067206b45f9","unresolved":false,"context_lines":[{"line_number":83,"context_line":"                   \u0027noop_driver.NoopCollectorDriver\u0027,"},{"line_number":84,"context_line":"                   help\u003d_(\"Logger driver.\")),"},{"line_number":85,"context_line":"        cfg.StrOpt(\u0027log_path\u0027,"},{"line_number":86,"context_line":"                   default\u003d\u0027/var/log/syslog\u0027,"},{"line_number":87,"context_line":"                   help\u003d_(\"Where security events are logged to.\")),"},{"line_number":88,"context_line":"        cfg.IntOpt(\u0027size\u0027,"},{"line_number":89,"context_line":"                   default\u003d1048576,"}],"source_content_type":"text/x-rst","patch_set":44,"id":"3aaa91ec_bbbcecbb","line":86,"in_reply_to":"3aaa91ec_78baf8e2","updated":"2016-06-24 09:21:41.000000000","message":"May be you\u0027re bit confusing here. Actually, it\u0027s raw log location is generated by security group log driver.(In case iptables log driver, it will generate log to /var/log/syslog). I\u0027ll move this to specific logger driver configuration as Yamamoto-san\u0027s comment.","commit_id":"e2167a127f7968ca42ce4ec634e2cf97ab47e158"},{"author":{"_account_id":7715,"name":"Hirofumi Ichihara","email":"ichihara.hirofumi@gmail.com","username":"Hirofumi-Ichihara"},"change_message_id":"f7ab49b145f06f858bff95878ef59f99b192ae87","unresolved":false,"context_lines":[{"line_number":91,"context_line":"        cfg.IntOpt(\u0027rotate\u0027,"},{"line_number":92,"context_line":"                   default\u003d5,"},{"line_number":93,"context_line":"                   help\u003d_(\"Log files are rotated \u003ccount\u003e times before being removed.\"))"},{"line_number":94,"context_line":"        cfg.StrOpt(\u0027central_server\u0027,"},{"line_number":95,"context_line":"                   default\u003d\u0027127.0.0.1:8900\u0027,"},{"line_number":96,"context_line":"                   required\u003dTrue,"},{"line_number":97,"context_line":"                   help\u003d_(\u0027Server address where log-data will be forwarded to.\u0027)),"}],"source_content_type":"text/x-rst","patch_set":44,"id":"3aaa91ec_44e687e8","line":94,"range":{"start_line":94,"start_character":20,"end_line":94,"end_character":35},"updated":"2016-06-27 08:32:36.000000000","message":"I think that it\u0027s better to remove this option as well. Neutron itself doesn\u0027t have the function to forward log data. I guess that Monasca or external system should deal with such function.","commit_id":"e2167a127f7968ca42ce4ec634e2cf97ab47e158"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"1cd6c14036391322edd428e41e37578b32527db3","unresolved":false,"context_lines":[{"line_number":91,"context_line":"        cfg.IntOpt(\u0027rotate\u0027,"},{"line_number":92,"context_line":"                   default\u003d5,"},{"line_number":93,"context_line":"                   help\u003d_(\"Log files are rotated \u003ccount\u003e times before being removed.\"))"},{"line_number":94,"context_line":"        cfg.StrOpt(\u0027central_server\u0027,"},{"line_number":95,"context_line":"                   default\u003d\u0027127.0.0.1:8900\u0027,"},{"line_number":96,"context_line":"                   required\u003dTrue,"},{"line_number":97,"context_line":"                   help\u003d_(\u0027Server address where log-data will be forwarded to.\u0027)),"}],"source_content_type":"text/x-rst","patch_set":44,"id":"3aaa91ec_695af72b","line":94,"range":{"start_line":94,"start_character":20,"end_line":94,"end_character":35},"in_reply_to":"3aaa91ec_2bbaeec0","updated":"2016-06-29 09:07:50.000000000","message":"You made it more clear. I\u0027ll follow your suggestion.","commit_id":"e2167a127f7968ca42ce4ec634e2cf97ab47e158"},{"author":{"_account_id":841,"name":"Akihiro Motoki","email":"amotoki@gmail.com","username":"amotoki"},"change_message_id":"c5df3febd6b3c91039c21a9bb7480b1649177df9","unresolved":false,"context_lines":[{"line_number":91,"context_line":"        cfg.IntOpt(\u0027rotate\u0027,"},{"line_number":92,"context_line":"                   default\u003d5,"},{"line_number":93,"context_line":"                   help\u003d_(\"Log files are rotated \u003ccount\u003e times before being removed.\"))"},{"line_number":94,"context_line":"        cfg.StrOpt(\u0027central_server\u0027,"},{"line_number":95,"context_line":"                   default\u003d\u0027127.0.0.1:8900\u0027,"},{"line_number":96,"context_line":"                   required\u003dTrue,"},{"line_number":97,"context_line":"                   help\u003d_(\u0027Server address where log-data will be forwarded to.\u0027)),"}],"source_content_type":"text/x-rst","patch_set":44,"id":"3aaa91ec_2bbaeec0","line":94,"range":{"start_line":94,"start_character":20,"end_line":94,"end_character":35},"in_reply_to":"3aaa91ec_44e687e8","updated":"2016-06-28 03:45:32.000000000","message":"Yes. There is a similar comments at L.85. These should be logging(collector?)-driver-specific options.","commit_id":"e2167a127f7968ca42ce4ec634e2cf97ab47e158"},{"author":{"_account_id":8788,"name":"Miguel Angel Ajo","email":"mangelajo@redhat.com","username":"mangelajo"},"change_message_id":"72d32a0f53ec3264779ef92d3d31f8e338a11f1a","unresolved":false,"context_lines":[{"line_number":99,"context_line":""},{"line_number":100,"context_line":"    SG_LOG_CONFIG_OPTS \u003d ["},{"line_number":101,"context_line":"        cfg.StrOpt(\u0027driver\u0027,"},{"line_number":102,"context_line":"                   default\u003d\u0027neutron.services.logaas.drivers.noop.\u0027"},{"line_number":103,"context_line":"                   \u0027noop_driver.NoopSecurityGroupLogDriver\u0027,"},{"line_number":104,"context_line":"                   help\u003d_(\"Security group logging driver\"))"},{"line_number":105,"context_line":"    ]"}],"source_content_type":"text/x-rst","patch_set":44,"id":"3aaa91ec_84ee5eb2","line":102,"updated":"2016-06-22 14:51:41.000000000","message":"Can you give examples of the non noop drivers?. For example we could have one for iptables , another for ovs_firewall, if we find a way..","commit_id":"e2167a127f7968ca42ce4ec634e2cf97ab47e158"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"ce0de9bbd31ca43728ec7d1f5bd55067206b45f9","unresolved":false,"context_lines":[{"line_number":99,"context_line":""},{"line_number":100,"context_line":"    SG_LOG_CONFIG_OPTS \u003d ["},{"line_number":101,"context_line":"        cfg.StrOpt(\u0027driver\u0027,"},{"line_number":102,"context_line":"                   default\u003d\u0027neutron.services.logaas.drivers.noop.\u0027"},{"line_number":103,"context_line":"                   \u0027noop_driver.NoopSecurityGroupLogDriver\u0027,"},{"line_number":104,"context_line":"                   help\u003d_(\"Security group logging driver\"))"},{"line_number":105,"context_line":"    ]"}],"source_content_type":"text/x-rst","patch_set":44,"id":"3aaa91ec_96abc574","line":102,"in_reply_to":"3aaa91ec_84ee5eb2","updated":"2016-06-24 09:21:41.000000000","message":"It can be: neutron.services.logaas.drivers.iptables.IptablesSGLoggingDriver or neutron.services.logaas.drivers.ovs_firewall.OvsSecurityGroupLogDriver","commit_id":"e2167a127f7968ca42ce4ec634e2cf97ab47e158"},{"author":{"_account_id":841,"name":"Akihiro Motoki","email":"amotoki@gmail.com","username":"amotoki"},"change_message_id":"c70fe48f65b41c6ddd74e90f9f29b798a91570ba","unresolved":false,"context_lines":[{"line_number":266,"context_line":"it to support different logger-backends for different tenants as below::"},{"line_number":267,"context_line":""},{"line_number":268,"context_line":"    LOGGER \u003d [\u0027File\u0027, \u0027Splunk\u0027]"},{"line_number":269,"context_line":"    EXTENDED_ATTRIBUTES_2_0 \u003d {"},{"line_number":270,"context_line":"        \u0027logging_resources\u0027: {"},{"line_number":271,"context_line":"            \u0027logger_backend\u0027: {"},{"line_number":272,"context_line":"                \u0027allow_post\u0027: True, \u0027allow_put\u0027: False,"},{"line_number":273,"context_line":"                \u0027validate\u0027: {\u0027type:value\u0027: LOGGER},"},{"line_number":274,"context_line":"                \u0027is_visible\u0027: True,"},{"line_number":275,"context_line":"                \u0027default\u0027: \u0027File\u0027},"},{"line_number":276,"context_line":"        }"},{"line_number":277,"context_line":"    }"},{"line_number":278,"context_line":""},{"line_number":279,"context_line":"    Configuration of logging API look like:"},{"line_number":280,"context_line":""}],"source_content_type":"text/x-rst","patch_set":44,"id":"3aaa91ec_6e6604ee","line":277,"range":{"start_line":269,"start_character":4,"end_line":277,"end_character":5},"updated":"2016-06-27 03:12:41.000000000","message":"I think we don\u0027t allow to specify logging_backend through the API, so it looks unnecessary.","commit_id":"e2167a127f7968ca42ce4ec634e2cf97ab47e158"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"1cd6c14036391322edd428e41e37578b32527db3","unresolved":false,"context_lines":[{"line_number":266,"context_line":"it to support different logger-backends for different tenants as below::"},{"line_number":267,"context_line":""},{"line_number":268,"context_line":"    LOGGER \u003d [\u0027File\u0027, \u0027Splunk\u0027]"},{"line_number":269,"context_line":"    EXTENDED_ATTRIBUTES_2_0 \u003d {"},{"line_number":270,"context_line":"        \u0027logging_resources\u0027: {"},{"line_number":271,"context_line":"            \u0027logger_backend\u0027: {"},{"line_number":272,"context_line":"                \u0027allow_post\u0027: True, \u0027allow_put\u0027: False,"},{"line_number":273,"context_line":"                \u0027validate\u0027: {\u0027type:value\u0027: LOGGER},"},{"line_number":274,"context_line":"                \u0027is_visible\u0027: True,"},{"line_number":275,"context_line":"                \u0027default\u0027: \u0027File\u0027},"},{"line_number":276,"context_line":"        }"},{"line_number":277,"context_line":"    }"},{"line_number":278,"context_line":""},{"line_number":279,"context_line":"    Configuration of logging API look like:"},{"line_number":280,"context_line":""}],"source_content_type":"text/x-rst","patch_set":44,"id":"3aaa91ec_e3d1e6fc","line":277,"range":{"start_line":269,"start_character":4,"end_line":277,"end_character":5},"in_reply_to":"3aaa91ec_6e6604ee","updated":"2016-06-29 09:07:50.000000000","message":"I shouldn\u0027t be in data model section. I\u0027ll move it to future work section.","commit_id":"e2167a127f7968ca42ce4ec634e2cf97ab47e158"},{"author":{"_account_id":841,"name":"Akihiro Motoki","email":"amotoki@gmail.com","username":"amotoki"},"change_message_id":"c70fe48f65b41c6ddd74e90f9f29b798a91570ba","unresolved":false,"context_lines":[{"line_number":276,"context_line":"        }"},{"line_number":277,"context_line":"    }"},{"line_number":278,"context_line":""},{"line_number":279,"context_line":"    Configuration of logging API look like:"},{"line_number":280,"context_line":""},{"line_number":281,"context_line":"    enabled_backend \u003d \u0027File\u0027, \u0027Splunk\u0027"},{"line_number":282,"context_line":"    [File]"}],"source_content_type":"text/x-rst","patch_set":44,"id":"3aaa91ec_0e9e60b8","line":279,"updated":"2016-06-27 03:12:41.000000000","message":"Could you use python entry_points for logging drivers?","commit_id":"e2167a127f7968ca42ce4ec634e2cf97ab47e158"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"1cd6c14036391322edd428e41e37578b32527db3","unresolved":false,"context_lines":[{"line_number":276,"context_line":"        }"},{"line_number":277,"context_line":"    }"},{"line_number":278,"context_line":""},{"line_number":279,"context_line":"    Configuration of logging API look like:"},{"line_number":280,"context_line":""},{"line_number":281,"context_line":"    enabled_backend \u003d \u0027File\u0027, \u0027Splunk\u0027"},{"line_number":282,"context_line":"    [File]"}],"source_content_type":"text/x-rst","patch_set":44,"id":"3aaa91ec_43639a41","line":279,"in_reply_to":"3aaa91ec_0e9e60b8","updated":"2016-06-29 09:07:50.000000000","message":"Yes, I got it. Thanks for teach me.","commit_id":"e2167a127f7968ca42ce4ec634e2cf97ab47e158"},{"author":{"_account_id":6854,"name":"YAMAMOTO Takashi","email":"yamamoto@midokura.com","username":"yamamoto"},"change_message_id":"35516a1f2e5efccee8d98e4c6c410aff2de34a1f","unresolved":false,"context_lines":[{"line_number":278,"context_line":""},{"line_number":279,"context_line":"    Configuration of logging API look like:"},{"line_number":280,"context_line":""},{"line_number":281,"context_line":"    enabled_backend \u003d \u0027File\u0027, \u0027Splunk\u0027"},{"line_number":282,"context_line":"    [File]"},{"line_number":283,"context_line":"    logger_type \u003d File"},{"line_number":284,"context_line":"    driver \u003d neutron.services.logaas.drivers.file_driver"},{"line_number":285,"context_line":"    ..."},{"line_number":286,"context_line":"    [Splunk]"},{"line_number":287,"context_line":"    logger_type \u003d Splunk"},{"line_number":288,"context_line":"    driver \u003d neutron.services.logaas.drivers.splunk_driver"},{"line_number":289,"context_line":"    ..."},{"line_number":290,"context_line":""},{"line_number":291,"context_line":"LoggingResource model has the following attributes:"},{"line_number":292,"context_line":""}],"source_content_type":"text/x-rst","patch_set":44,"id":"3aaa91ec_c2ee798a","line":289,"range":{"start_line":281,"start_character":0,"end_line":289,"end_character":7},"updated":"2016-06-23 03:29:27.000000000","message":"how about:\n\n  driver \u003d file_driver,splunk_driver\n\n  [File]\n  ...file driver specific configuration","commit_id":"e2167a127f7968ca42ce4ec634e2cf97ab47e158"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"ce0de9bbd31ca43728ec7d1f5bd55067206b45f9","unresolved":false,"context_lines":[{"line_number":278,"context_line":""},{"line_number":279,"context_line":"    Configuration of logging API look like:"},{"line_number":280,"context_line":""},{"line_number":281,"context_line":"    enabled_backend \u003d \u0027File\u0027, \u0027Splunk\u0027"},{"line_number":282,"context_line":"    [File]"},{"line_number":283,"context_line":"    logger_type \u003d File"},{"line_number":284,"context_line":"    driver \u003d neutron.services.logaas.drivers.file_driver"},{"line_number":285,"context_line":"    ..."},{"line_number":286,"context_line":"    [Splunk]"},{"line_number":287,"context_line":"    logger_type \u003d Splunk"},{"line_number":288,"context_line":"    driver \u003d neutron.services.logaas.drivers.splunk_driver"},{"line_number":289,"context_line":"    ..."},{"line_number":290,"context_line":""},{"line_number":291,"context_line":"LoggingResource model has the following attributes:"},{"line_number":292,"context_line":""}],"source_content_type":"text/x-rst","patch_set":44,"id":"3aaa91ec_20244bc3","line":289,"range":{"start_line":281,"start_character":0,"end_line":289,"end_character":7},"in_reply_to":"3aaa91ec_c2ee798a","updated":"2016-06-24 09:21:41.000000000","message":"You make it simpler. I\u0027ll follow your idea. Thanks.","commit_id":"e2167a127f7968ca42ce4ec634e2cf97ab47e158"},{"author":{"_account_id":841,"name":"Akihiro Motoki","email":"amotoki@gmail.com","username":"amotoki"},"change_message_id":"c70fe48f65b41c6ddd74e90f9f29b798a91570ba","unresolved":false,"context_lines":[{"line_number":306,"context_line":"|enabled     |bool   |RW      |False     |Boolean    |Enable/disable log          |"},{"line_number":307,"context_line":"+------------+-------+--------+----------+-----------+----------------------------+"},{"line_number":308,"context_line":""},{"line_number":309,"context_line":"Logging object, which composes LoggingResource, has the following attributes:"},{"line_number":310,"context_line":""},{"line_number":311,"context_line":"+-------------------+------+------+---------+-----------+-------------------------+"},{"line_number":312,"context_line":"|Attribute          |Type  |Access|Default  |Validation/|Description              |"}],"source_content_type":"text/x-rst","patch_set":44,"id":"3aaa91ec_0e3ae098","line":309,"updated":"2016-06-27 03:12:41.000000000","message":"I still cannot understand why Logging object is required.\n\nAccording to the API definition, SecurityGroupLogging object always belongs to LoggingResource object. If you change logging_id at L.331 to logging_resource_id, we will no longer need Logging object.\n\nOr do you mean SecurityGroupLogging inherits Logging object?","commit_id":"e2167a127f7968ca42ce4ec634e2cf97ab47e158"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"1cd6c14036391322edd428e41e37578b32527db3","unresolved":false,"context_lines":[{"line_number":306,"context_line":"|enabled     |bool   |RW      |False     |Boolean    |Enable/disable log          |"},{"line_number":307,"context_line":"+------------+-------+--------+----------+-----------+----------------------------+"},{"line_number":308,"context_line":""},{"line_number":309,"context_line":"Logging object, which composes LoggingResource, has the following attributes:"},{"line_number":310,"context_line":""},{"line_number":311,"context_line":"+-------------------+------+------+---------+-----------+-------------------------+"},{"line_number":312,"context_line":"|Attribute          |Type  |Access|Default  |Validation/|Description              |"}],"source_content_type":"text/x-rst","patch_set":44,"id":"3aaa91ec_83b9027c","line":309,"in_reply_to":"3aaa91ec_0e3ae098","updated":"2016-06-29 09:07:50.000000000","message":"\u003e do you mean SecurityGroupLogging inherits Logging object?\n\nYes, you catch my idea. I\u0027ll make it more clear.","commit_id":"e2167a127f7968ca42ce4ec634e2cf97ab47e158"},{"author":{"_account_id":841,"name":"Akihiro Motoki","email":"amotoki@gmail.com","username":"amotoki"},"change_message_id":"c70fe48f65b41c6ddd74e90f9f29b798a91570ba","unresolved":false,"context_lines":[{"line_number":366,"context_line":"            \u0027id\u0027: {\u0027allow_post\u0027: False, \u0027allow_put\u0027: False,"},{"line_number":367,"context_line":"                   \u0027validate\u0027: {\u0027type:uuid\u0027: None}, \u0027is_visible\u0027: True,"},{"line_number":368,"context_line":"                   \u0027primary_key\u0027: True},"},{"line_number":369,"context_line":"            \u0027tenant_id\u0027: {\u0027allow_post\u0027: True, \u0027allow_put\u0027: False,"},{"line_number":370,"context_line":"                          \u0027required_by_policy\u0027: True, \u0027is_visible\u0027: True},"},{"line_number":371,"context_line":"            \u0027name\u0027: {\u0027allow_post\u0027: True, \u0027allow_put\u0027: True,"},{"line_number":372,"context_line":"                     \u0027validate\u0027: {\u0027type:string\u0027: None},"}],"source_content_type":"text/x-rst","patch_set":44,"id":"3aaa91ec_4ef22807","line":369,"updated":"2016-06-27 03:12:41.000000000","message":"\u0027validate\u0027 is required.","commit_id":"e2167a127f7968ca42ce4ec634e2cf97ab47e158"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"1cd6c14036391322edd428e41e37578b32527db3","unresolved":false,"context_lines":[{"line_number":366,"context_line":"            \u0027id\u0027: {\u0027allow_post\u0027: False, \u0027allow_put\u0027: False,"},{"line_number":367,"context_line":"                   \u0027validate\u0027: {\u0027type:uuid\u0027: None}, \u0027is_visible\u0027: True,"},{"line_number":368,"context_line":"                   \u0027primary_key\u0027: True},"},{"line_number":369,"context_line":"            \u0027tenant_id\u0027: {\u0027allow_post\u0027: True, \u0027allow_put\u0027: False,"},{"line_number":370,"context_line":"                          \u0027required_by_policy\u0027: True, \u0027is_visible\u0027: True},"},{"line_number":371,"context_line":"            \u0027name\u0027: {\u0027allow_post\u0027: True, \u0027allow_put\u0027: True,"},{"line_number":372,"context_line":"                     \u0027validate\u0027: {\u0027type:string\u0027: None},"}],"source_content_type":"text/x-rst","patch_set":44,"id":"3aaa91ec_e99a676d","line":369,"in_reply_to":"3aaa91ec_4ef22807","updated":"2016-06-29 09:07:50.000000000","message":"I will do that.","commit_id":"e2167a127f7968ca42ce4ec634e2cf97ab47e158"},{"author":{"_account_id":841,"name":"Akihiro Motoki","email":"amotoki@gmail.com","username":"amotoki"},"change_message_id":"c70fe48f65b41c6ddd74e90f9f29b798a91570ba","unresolved":false,"context_lines":[{"line_number":375,"context_line":"                            \u0027validate\u0027: {\u0027type:string\u0027: None},"},{"line_number":376,"context_line":"                            \u0027default\u0027: None, \u0027is_visible\u0027: True},"},{"line_number":377,"context_line":"            \u0027enabled\u0027: {\u0027allow_post\u0027: True, \u0027allow_put\u0027: True,"},{"line_number":378,"context_line":"                        \u0027is_visible\u0027: True, \u0027default\u0027: False,"},{"line_number":379,"context_line":"                        \u0027convert_to\u0027: attr.convert_to_boolean},"},{"line_number":380,"context_line":"            \u0027resource_logs\u0027: {\u0027allow_post\u0027: False, \u0027allow_put\u0027: False,"},{"line_number":381,"context_line":"                              \u0027is_visible\u0027: True}"}],"source_content_type":"text/x-rst","patch_set":44,"id":"3aaa91ec_6ead64e8","line":378,"range":{"start_line":378,"start_character":44,"end_line":378,"end_character":61},"updated":"2016-06-27 03:12:41.000000000","message":"Why is the default value False? Could you explain the reason?\n\nif there is no resource_logs, no SG logging will be done, so I think we can use True as the default value.","commit_id":"e2167a127f7968ca42ce4ec634e2cf97ab47e158"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"1cd6c14036391322edd428e41e37578b32527db3","unresolved":false,"context_lines":[{"line_number":375,"context_line":"                            \u0027validate\u0027: {\u0027type:string\u0027: None},"},{"line_number":376,"context_line":"                            \u0027default\u0027: None, \u0027is_visible\u0027: True},"},{"line_number":377,"context_line":"            \u0027enabled\u0027: {\u0027allow_post\u0027: True, \u0027allow_put\u0027: True,"},{"line_number":378,"context_line":"                        \u0027is_visible\u0027: True, \u0027default\u0027: False,"},{"line_number":379,"context_line":"                        \u0027convert_to\u0027: attr.convert_to_boolean},"},{"line_number":380,"context_line":"            \u0027resource_logs\u0027: {\u0027allow_post\u0027: False, \u0027allow_put\u0027: False,"},{"line_number":381,"context_line":"                              \u0027is_visible\u0027: True}"}],"source_content_type":"text/x-rst","patch_set":44,"id":"3aaa91ec_e32566c2","line":378,"range":{"start_line":378,"start_character":44,"end_line":378,"end_character":61},"in_reply_to":"3aaa91ec_6ead64e8","updated":"2016-06-29 09:07:50.000000000","message":"I understand, I will change it to True. Thanks.","commit_id":"e2167a127f7968ca42ce4ec634e2cf97ab47e158"},{"author":{"_account_id":6854,"name":"YAMAMOTO Takashi","email":"yamamoto@midokura.com","username":"yamamoto"},"change_message_id":"2ec78b6e11fc20a632eee449c4f120cb79bb76a7","unresolved":false,"context_lines":[{"line_number":396,"context_line":"                            \u0027description\u0027: {"},{"line_number":397,"context_line":"                                \u0027allow_post\u0027: True, \u0027allow_put\u0027: True,"},{"line_number":398,"context_line":"                                \u0027validate\u0027: {\u0027type:string\u0027: None},"},{"line_number":399,"context_line":"                                \u0027default\u0027: None, \u0027is_visible\u0027: True},"},{"line_number":400,"context_line":"                            \u0027security_group_id\u0027: {"},{"line_number":401,"context_line":"                                \u0027allow_post\u0027: True, \u0027allow_put\u0027: False,"},{"line_number":402,"context_line":"                                \u0027is_visible\u0027: True, \u0027default\u0027: None,"}],"source_content_type":"text/x-rst","patch_set":44,"id":"3aaa91ec_e513f85a","line":399,"updated":"2016-06-22 07:42:09.000000000","message":"why description is not in LOG_COMMON_FIELDS?","commit_id":"e2167a127f7968ca42ce4ec634e2cf97ab47e158"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"ce0de9bbd31ca43728ec7d1f5bd55067206b45f9","unresolved":false,"context_lines":[{"line_number":396,"context_line":"                            \u0027description\u0027: {"},{"line_number":397,"context_line":"                                \u0027allow_post\u0027: True, \u0027allow_put\u0027: True,"},{"line_number":398,"context_line":"                                \u0027validate\u0027: {\u0027type:string\u0027: None},"},{"line_number":399,"context_line":"                                \u0027default\u0027: None, \u0027is_visible\u0027: True},"},{"line_number":400,"context_line":"                            \u0027security_group_id\u0027: {"},{"line_number":401,"context_line":"                                \u0027allow_post\u0027: True, \u0027allow_put\u0027: False,"},{"line_number":402,"context_line":"                                \u0027is_visible\u0027: True, \u0027default\u0027: None,"}],"source_content_type":"text/x-rst","patch_set":44,"id":"3aaa91ec_b6efe11c","line":399,"in_reply_to":"3aaa91ec_87c4a05f","updated":"2016-06-24 09:21:41.000000000","message":"I\u0027m considering that this field is redundant. It should be removed. How do you think?","commit_id":"e2167a127f7968ca42ce4ec634e2cf97ab47e158"},{"author":{"_account_id":8788,"name":"Miguel Angel Ajo","email":"mangelajo@redhat.com","username":"mangelajo"},"change_message_id":"72d32a0f53ec3264779ef92d3d31f8e338a11f1a","unresolved":false,"context_lines":[{"line_number":396,"context_line":"                            \u0027description\u0027: {"},{"line_number":397,"context_line":"                                \u0027allow_post\u0027: True, \u0027allow_put\u0027: True,"},{"line_number":398,"context_line":"                                \u0027validate\u0027: {\u0027type:string\u0027: None},"},{"line_number":399,"context_line":"                                \u0027default\u0027: None, \u0027is_visible\u0027: True},"},{"line_number":400,"context_line":"                            \u0027security_group_id\u0027: {"},{"line_number":401,"context_line":"                                \u0027allow_post\u0027: True, \u0027allow_put\u0027: False,"},{"line_number":402,"context_line":"                                \u0027is_visible\u0027: True, \u0027default\u0027: None,"}],"source_content_type":"text/x-rst","patch_set":44,"id":"3aaa91ec_87c4a05f","line":399,"in_reply_to":"3aaa91ec_e513f85a","updated":"2016-06-22 14:51:41.000000000","message":"+1","commit_id":"e2167a127f7968ca42ce4ec634e2cf97ab47e158"},{"author":{"_account_id":7715,"name":"Hirofumi Ichihara","email":"ichihara.hirofumi@gmail.com","username":"Hirofumi-Ichihara"},"change_message_id":"f7ab49b145f06f858bff95878ef59f99b192ae87","unresolved":false,"context_lines":[{"line_number":418,"context_line":"+-------------------+--------------------------------------------------------+-------+"},{"line_number":419,"context_line":"|Object             |URI                                                     |Type   |"},{"line_number":420,"context_line":"+\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d+\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d+\u003d\u003d\u003d\u003d\u003d\u003d\u003d+"},{"line_number":421,"context_line":"|logging-resource   |/logging/logging-resources                              |POST   |"},{"line_number":422,"context_line":"+-------------------+--------------------------------------------------------+-------+"},{"line_number":423,"context_line":"|logging-resource   |/logging/logging-resources                              |GET    |"},{"line_number":424,"context_line":"+-------------------+--------------------------------------------------------+-------+"}],"source_content_type":"text/x-rst","patch_set":44,"id":"3aaa91ec_3e8703b6","line":421,"range":{"start_line":421,"start_character":1,"end_line":421,"end_character":48},"updated":"2016-06-27 08:32:36.000000000","message":"In aspect of REST API, I feel the URI is lengthy because \"logging\" itself is lengthy a little and they are duplicated.","commit_id":"e2167a127f7968ca42ce4ec634e2cf97ab47e158"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"1cd6c14036391322edd428e41e37578b32527db3","unresolved":false,"context_lines":[{"line_number":418,"context_line":"+-------------------+--------------------------------------------------------+-------+"},{"line_number":419,"context_line":"|Object             |URI                                                     |Type   |"},{"line_number":420,"context_line":"+\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d+\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d+\u003d\u003d\u003d\u003d\u003d\u003d\u003d+"},{"line_number":421,"context_line":"|logging-resource   |/logging/logging-resources                              |POST   |"},{"line_number":422,"context_line":"+-------------------+--------------------------------------------------------+-------+"},{"line_number":423,"context_line":"|logging-resource   |/logging/logging-resources                              |GET    |"},{"line_number":424,"context_line":"+-------------------+--------------------------------------------------------+-------+"}],"source_content_type":"text/x-rst","patch_set":44,"id":"3aaa91ec_4edd8113","line":421,"range":{"start_line":421,"start_character":1,"end_line":421,"end_character":48},"in_reply_to":"3aaa91ec_3e8703b6","updated":"2016-06-29 09:07:50.000000000","message":"Your CLI bellow is a bit lengthy too. :). Can you give me suggestion?","commit_id":"e2167a127f7968ca42ce4ec634e2cf97ab47e158"},{"author":{"_account_id":7715,"name":"Hirofumi Ichihara","email":"ichihara.hirofumi@gmail.com","username":"Hirofumi-Ichihara"},"change_message_id":"f7ab49b145f06f858bff95878ef59f99b192ae87","unresolved":false,"context_lines":[{"line_number":484,"context_line":""},{"line_number":485,"context_line":"For security groups logging::"},{"line_number":486,"context_line":""},{"line_number":487,"context_line":"    os logging security group create"},{"line_number":488,"context_line":"                \u003clogging-resource\u003e"},{"line_number":489,"context_line":"                [--description \u003cdescription\u003e]"},{"line_number":490,"context_line":"                [--security-group-id \u003csecurity-group-id\u003e]"},{"line_number":491,"context_line":"                [--port-id \u003cport-uuid\u003e]"},{"line_number":492,"context_line":"                [--sg-event \u003cACCEPT/DROP/ALL\u003e]"},{"line_number":493,"context_line":""},{"line_number":494,"context_line":"    os logging security group list \u003clogging-resource\u003e"},{"line_number":495,"context_line":""},{"line_number":496,"context_line":"    os logging security group set \u003clogging-resource\u003e \u003csecurity-group-log\u003e"},{"line_number":497,"context_line":"                                  [--description \u003cdescription\u003e]"},{"line_number":498,"context_line":""},{"line_number":499,"context_line":"    os logging security group show \u003clogging-resource\u003e \u003csecurity-group-log\u003e"},{"line_number":500,"context_line":"    os logging security group delete \u003clogging-resource\u003e \u003csecurity-group-log\u003e"},{"line_number":501,"context_line":""},{"line_number":502,"context_line":"Check supported logging capabilities::"},{"line_number":503,"context_line":""}],"source_content_type":"text/x-rst","patch_set":44,"id":"3aaa91ec_be301357","line":500,"range":{"start_line":487,"start_character":0,"end_line":500,"end_character":76},"updated":"2016-06-27 08:32:36.000000000","message":"This misses \"network\".\n\n os network logging security group","commit_id":"e2167a127f7968ca42ce4ec634e2cf97ab47e158"},{"author":{"_account_id":6788,"name":"Rossella Sblendido","email":"rsblendido@suse.com","username":"rossella-o"},"change_message_id":"7217285bee47a995953df97bca8593d63ff597b4","unresolved":false,"context_lines":[{"line_number":56,"context_line":"Logging mechanism"},{"line_number":57,"context_line":"-----------------"},{"line_number":58,"context_line":""},{"line_number":59,"context_line":"Logging API is designed as a service plugin. It has logging-agents run on nodes"},{"line_number":60,"context_line":"(e.g compute node) to collect events related to resources logging (e.g"},{"line_number":61,"context_line":"security group or firewall). The logging-agent includes two parts [1]_:"},{"line_number":62,"context_line":""}],"source_content_type":"text/x-rst","patch_set":45,"id":"3aaa91ec_cc99397b","line":59,"range":{"start_line":59,"start_character":52,"end_line":59,"end_character":70},"updated":"2016-06-30 14:43:33.000000000","message":"why do we need extra agents? could that be implemented as an extension of the l2 agent?","commit_id":"0737b4b65a86b1672c46922e363f6b25c2ba872c"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"17670014a573d507b016cf02d4fbd068f25aac24","unresolved":false,"context_lines":[{"line_number":56,"context_line":"Logging mechanism"},{"line_number":57,"context_line":"-----------------"},{"line_number":58,"context_line":""},{"line_number":59,"context_line":"Logging API is designed as a service plugin. It has logging-agents run on nodes"},{"line_number":60,"context_line":"(e.g compute node) to collect events related to resources logging (e.g"},{"line_number":61,"context_line":"security group or firewall). The logging-agent includes two parts [1]_:"},{"line_number":62,"context_line":""}],"source_content_type":"text/x-rst","patch_set":45,"id":"1aa78d24_44338fab","line":59,"range":{"start_line":59,"start_character":52,"end_line":59,"end_character":70},"in_reply_to":"3aaa91ec_cc99397b","updated":"2016-07-06 06:46:51.000000000","message":"Thank for your suggestion. It should be implemented as a L2 agent extension. I\u0027ve changed my architecture as below:\n\nhttps://docs.google.com/presentation/d/1c8WMCVNkvzz-FgGrrzzKL0mHLx30F1xrGPaNRga5uX0/edit?usp\u003dsharing","commit_id":"0737b4b65a86b1672c46922e363f6b25c2ba872c"},{"author":{"_account_id":6788,"name":"Rossella Sblendido","email":"rsblendido@suse.com","username":"rossella-o"},"change_message_id":"7217285bee47a995953df97bca8593d63ff597b4","unresolved":false,"context_lines":[{"line_number":89,"context_line":"A specific drivers configuration looks like::"},{"line_number":90,"context_line":""},{"line_number":91,"context_line":"    SECURITYGROUP_LOG_OPTS \u003d ["},{"line_number":92,"context_line":"        cfg.StrOpt(\u0027driver\u0027,"},{"line_number":93,"context_line":"                   default\u003d\u0027neutron.services.logaas.drivers.noop.\u0027"},{"line_number":94,"context_line":"                   \u0027noop_driver.NoopSecurityGroupLogDriver\u0027,"},{"line_number":95,"context_line":"                   help\u003d_(\"Security group logging driver\")),"}],"source_content_type":"text/x-rst","patch_set":45,"id":"3aaa91ec_27c8d621","line":92,"range":{"start_line":92,"start_character":19,"end_line":92,"end_character":26},"updated":"2016-06-30 14:43:33.000000000","message":"this depends on which firewall driver you are using, why do we need to set this again in the config file? If there\u0027s no log driver compatible with the firewall driver used the API won\u0027t expose it at step3 line 191. I don\u0027t think we will have multiple log drivers compatible with the same firewall driver.","commit_id":"0737b4b65a86b1672c46922e363f6b25c2ba872c"},{"author":{"_account_id":6788,"name":"Rossella Sblendido","email":"rsblendido@suse.com","username":"rossella-o"},"change_message_id":"024927e2421cb0decfe3fe5b9bce280b5ae09085","unresolved":false,"context_lines":[{"line_number":89,"context_line":"A specific drivers configuration looks like::"},{"line_number":90,"context_line":""},{"line_number":91,"context_line":"    SECURITYGROUP_LOG_OPTS \u003d ["},{"line_number":92,"context_line":"        cfg.StrOpt(\u0027driver\u0027,"},{"line_number":93,"context_line":"                   default\u003d\u0027neutron.services.logaas.drivers.noop.\u0027"},{"line_number":94,"context_line":"                   \u0027noop_driver.NoopSecurityGroupLogDriver\u0027,"},{"line_number":95,"context_line":"                   help\u003d_(\"Security group logging driver\")),"}],"source_content_type":"text/x-rst","patch_set":45,"id":"1aa78d24_8570ba41","line":92,"range":{"start_line":92,"start_character":19,"end_line":92,"end_character":26},"in_reply_to":"1aa78d24_84e0d7fb","updated":"2016-07-12 08:58:04.000000000","message":"I like it. We can then dynamically load the logging driver based on the configured firewall driver.","commit_id":"0737b4b65a86b1672c46922e363f6b25c2ba872c"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"17670014a573d507b016cf02d4fbd068f25aac24","unresolved":false,"context_lines":[{"line_number":89,"context_line":"A specific drivers configuration looks like::"},{"line_number":90,"context_line":""},{"line_number":91,"context_line":"    SECURITYGROUP_LOG_OPTS \u003d ["},{"line_number":92,"context_line":"        cfg.StrOpt(\u0027driver\u0027,"},{"line_number":93,"context_line":"                   default\u003d\u0027neutron.services.logaas.drivers.noop.\u0027"},{"line_number":94,"context_line":"                   \u0027noop_driver.NoopSecurityGroupLogDriver\u0027,"},{"line_number":95,"context_line":"                   help\u003d_(\"Security group logging driver\")),"}],"source_content_type":"text/x-rst","patch_set":45,"id":"1aa78d24_84e0d7fb","line":92,"range":{"start_line":92,"start_character":19,"end_line":92,"end_character":26},"in_reply_to":"3aaa91ec_27c8d621","updated":"2016-07-06 06:46:51.000000000","message":"I agree with you that we don\u0027t need \u0027driver\u0027 option if we won\u0027t have multiple log drivers compatible with the same firewall driver. So I must change my implementation direction:\n\n(1) Add abstract function \"security_group_logging\" to FirewallDriver base class(neutron/agent/firewall.py). \n(2) The driver classes(eg. IptablesFirewallDriver) will implement this function if they want to support logging. These driver classes  will implementation as a \u0027Singleton\u0027 class.\n\nHow do you think about that?","commit_id":"0737b4b65a86b1672c46922e363f6b25c2ba872c"},{"author":{"_account_id":8788,"name":"Miguel Angel Ajo","email":"mangelajo@redhat.com","username":"mangelajo"},"change_message_id":"e333b47c6ec1118407d381b9c1c0bf8bd10c8e1d","unresolved":false,"context_lines":[{"line_number":93,"context_line":"                   default\u003d\u0027neutron.services.logaas.drivers.noop.\u0027"},{"line_number":94,"context_line":"                   \u0027noop_driver.NoopSecurityGroupLogDriver\u0027,"},{"line_number":95,"context_line":"                   help\u003d_(\"Security group logging driver\")),"},{"line_number":96,"context_line":"        cfg.StrOpt(\u0027log_path\u0027,"},{"line_number":97,"context_line":"                   default\u003d\u0027/var/log/syslog\u0027"},{"line_number":98,"context_line":"                   help\u003d_(\"Where security events (raw log-data) are logged to.\"))"},{"line_number":99,"context_line":"    ]"}],"source_content_type":"text/x-rst","patch_set":45,"id":"3aaa91ec_d2eeebeb","line":96,"updated":"2016-06-30 11:38:02.000000000","message":"This setting is confusing, and always makes me think it\u0027s something you will be logging.\n\nCould we change it to input_log_path ? to make it clear it\u0027s a log we watch and read?","commit_id":"0737b4b65a86b1672c46922e363f6b25c2ba872c"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"17670014a573d507b016cf02d4fbd068f25aac24","unresolved":false,"context_lines":[{"line_number":93,"context_line":"                   default\u003d\u0027neutron.services.logaas.drivers.noop.\u0027"},{"line_number":94,"context_line":"                   \u0027noop_driver.NoopSecurityGroupLogDriver\u0027,"},{"line_number":95,"context_line":"                   help\u003d_(\"Security group logging driver\")),"},{"line_number":96,"context_line":"        cfg.StrOpt(\u0027log_path\u0027,"},{"line_number":97,"context_line":"                   default\u003d\u0027/var/log/syslog\u0027"},{"line_number":98,"context_line":"                   help\u003d_(\"Where security events (raw log-data) are logged to.\"))"},{"line_number":99,"context_line":"    ]"}],"source_content_type":"text/x-rst","patch_set":45,"id":"1aa78d24_24ac838b","line":96,"in_reply_to":"3aaa91ec_d2eeebeb","updated":"2016-07-06 06:46:51.000000000","message":"I got it. I will change as your suggestion. Thanks.","commit_id":"0737b4b65a86b1672c46922e363f6b25c2ba872c"},{"author":{"_account_id":6788,"name":"Rossella Sblendido","email":"rsblendido@suse.com","username":"rossella-o"},"change_message_id":"7217285bee47a995953df97bca8593d63ff597b4","unresolved":false,"context_lines":[{"line_number":206,"context_line":"            {"},{"line_number":207,"context_line":"                \"security_group_log\": {"},{"line_number":208,"context_line":"                    \"description\": \"Collecting all security events in tenant demo\","},{"line_number":209,"context_line":"                    \"sg_event\": \"ALL\""},{"line_number":210,"context_line":"                }"},{"line_number":211,"context_line":"            }"},{"line_number":212,"context_line":""}],"source_content_type":"text/x-rst","patch_set":45,"id":"3aaa91ec_83b890c9","line":209,"range":{"start_line":209,"start_character":21,"end_line":209,"end_character":29},"updated":"2016-06-30 14:43:33.000000000","message":"we probably need a way to expose which are the available events","commit_id":"0737b4b65a86b1672c46922e363f6b25c2ba872c"},{"author":{"_account_id":6788,"name":"Rossella Sblendido","email":"rsblendido@suse.com","username":"rossella-o"},"change_message_id":"024927e2421cb0decfe3fe5b9bce280b5ae09085","unresolved":false,"context_lines":[{"line_number":206,"context_line":"            {"},{"line_number":207,"context_line":"                \"security_group_log\": {"},{"line_number":208,"context_line":"                    \"description\": \"Collecting all security events in tenant demo\","},{"line_number":209,"context_line":"                    \"sg_event\": \"ALL\""},{"line_number":210,"context_line":"                }"},{"line_number":211,"context_line":"            }"},{"line_number":212,"context_line":""}],"source_content_type":"text/x-rst","patch_set":45,"id":"1aa78d24_85a71aa6","line":209,"range":{"start_line":209,"start_character":21,"end_line":209,"end_character":29},"in_reply_to":"1aa78d24_a70a3577","updated":"2016-07-12 08:58:04.000000000","message":"OK","commit_id":"0737b4b65a86b1672c46922e363f6b25c2ba872c"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"17670014a573d507b016cf02d4fbd068f25aac24","unresolved":false,"context_lines":[{"line_number":206,"context_line":"            {"},{"line_number":207,"context_line":"                \"security_group_log\": {"},{"line_number":208,"context_line":"                    \"description\": \"Collecting all security events in tenant demo\","},{"line_number":209,"context_line":"                    \"sg_event\": \"ALL\""},{"line_number":210,"context_line":"                }"},{"line_number":211,"context_line":"            }"},{"line_number":212,"context_line":""}],"source_content_type":"text/x-rst","patch_set":45,"id":"1aa78d24_a70a3577","line":209,"range":{"start_line":209,"start_character":21,"end_line":209,"end_character":29},"in_reply_to":"3aaa91ec_83b890c9","updated":"2016-07-06 06:46:51.000000000","message":"That makes sense to user. However, I\u0027d like to keep implementation simple at this moment. We will consider about it in future. How do you think?","commit_id":"0737b4b65a86b1672c46922e363f6b25c2ba872c"},{"author":{"_account_id":6788,"name":"Rossella Sblendido","email":"rsblendido@suse.com","username":"rossella-o"},"change_message_id":"7217285bee47a995953df97bca8593d63ff597b4","unresolved":false,"context_lines":[{"line_number":288,"context_line":"This model consists of two main parts: LoggingResource and Logging object."},{"line_number":289,"context_line":""},{"line_number":290,"context_line":"LoggingResource model defines a container for logging objects, it describes"},{"line_number":291,"context_line":"how the log-data will be stored."},{"line_number":292,"context_line":""},{"line_number":293,"context_line":"LoggingResource model has the following attributes:"},{"line_number":294,"context_line":""}],"source_content_type":"text/x-rst","patch_set":45,"id":"3aaa91ec_2348bcb2","line":291,"range":{"start_line":291,"start_character":0,"end_line":291,"end_character":32},"updated":"2016-06-30 14:43:33.000000000","message":"where does it describe it? From my understanding the LoggingResource is mainly a way to specify a collector for several resources, right? TBH this seems over-complicated to me. In most cases operators would use only one collector. If they configure multiple collectors we could use all of them. Do you have a specific use-case in mind to justify all this complexity?\nHere is how I see it.\n1) operator configures collector in config file\n2) he/she might query which are the supported logging capabilities\n3) she/he will create a SecurityGroupLogging to start collecting the logs of a sec group.\nWhy do we need two entities LoggingResource and SecurityGroupLogging? Why do we need this extra step of creating the logging resource?\nI agree we might want to define a base class that all Logging would then implement (Logging) but I don\u0027t see the need of this LoggingResource collector.","commit_id":"0737b4b65a86b1672c46922e363f6b25c2ba872c"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"17670014a573d507b016cf02d4fbd068f25aac24","unresolved":false,"context_lines":[{"line_number":288,"context_line":"This model consists of two main parts: LoggingResource and Logging object."},{"line_number":289,"context_line":""},{"line_number":290,"context_line":"LoggingResource model defines a container for logging objects, it describes"},{"line_number":291,"context_line":"how the log-data will be stored."},{"line_number":292,"context_line":""},{"line_number":293,"context_line":"LoggingResource model has the following attributes:"},{"line_number":294,"context_line":""}],"source_content_type":"text/x-rst","patch_set":45,"id":"1aa78d24_473ef18c","line":291,"range":{"start_line":291,"start_character":0,"end_line":291,"end_character":32},"in_reply_to":"3aaa91ec_2348bcb2","updated":"2016-07-06 06:46:51.000000000","message":"\u003e From my understanding the LoggingResource is mainly a way to specify a collector for several resources, right?\n\nYes it is right, I expect FW and SG logs to be in the same LoggingResource. However, LoggingResource is not simple a set of several resources. It describes the base policy for logging such as format log-data, how the log data will be stored (central logging server, object storage, ...) and a way to consume log-data.\n\nIndeed, if we only support for *operator*, we use only one collector so LoggingResource is redundant.\n\nHowever, in case of supporting Logging API for various tenants, we should support various collectors, LoggingResouce is a clear way to specify collector which defines format and destination of log-data before getting security events log.\n\nI intend to support Logging API for tenant and we want to keep the common Logging API shape. LoggingResouce will become necessary for future beyond spec.\n\nMy idea to support multiple collectors (logging-backend) as below:\n\n    LOGGER \u003d [\u0027File\u0027, \u0027Splunk\u0027]\n    EXTENDED_ATTRIBUTES_2_0 \u003d {\n        \u0027logging_resources\u0027: {\n            \u0027logging_backend\u0027: {\n                \u0027allow_post\u0027: True, \u0027allow_put\u0027: False,\n                \u0027validate\u0027: {\u0027type:value\u0027:LOGGER},\n                \u0027is_visible\u0027: True,\n                \u0027default\u0027: \u0027File\u0027},\n        }\n    }\n\nConfiguration of logging API looks like:\n\n    enabled_backend \u003d \u0027File\u0027, \u0027Splunk\u0027\n    [File]\n    log_type \u003d File\n    driver \u003d neutron.services.logaas.drivers.file_driver.FileDriver\n    # file driver specific configuration\n    ...\n    [Splunk]\n    log_type \u003d Splunk\n    driver \u003d neutron.services.logaas.drivers.splunk_driver.SplunkDriver\n    # splunk driver specific configuration\n    ...\n\nCould you please give me any opinion about that?","commit_id":"0737b4b65a86b1672c46922e363f6b25c2ba872c"},{"author":{"_account_id":6788,"name":"Rossella Sblendido","email":"rsblendido@suse.com","username":"rossella-o"},"change_message_id":"7217285bee47a995953df97bca8593d63ff597b4","unresolved":false,"context_lines":[{"line_number":305,"context_line":"+------------+-------+--------+----------+-----------+----------------------------+"},{"line_number":306,"context_line":"|description |string |RW      |N/A       |none       |LoggingResource description |"},{"line_number":307,"context_line":"+------------+-------+--------+----------+-----------+----------------------------+"},{"line_number":308,"context_line":"|enabled     |bool   |RW      |True      |Boolean    |Enable/disable log          |"},{"line_number":309,"context_line":"+------------+-------+--------+----------+-----------+----------------------------+"},{"line_number":310,"context_line":""},{"line_number":311,"context_line":"Logging object represents common base fields among different kinds of logging"}],"source_content_type":"text/x-rst","patch_set":45,"id":"3aaa91ec_a90acd1d","line":308,"range":{"start_line":308,"start_character":0,"end_line":308,"end_character":8},"updated":"2016-06-30 14:43:33.000000000","message":"from my previous comment I would eliminate this LoggingResource. Anyway enabled should be a property of Logging. If you create a Logging object you want to be able to enable or disable that specific object. If you have 10 Logging under the same LoggingResource I doubt you want to either enable or disable all of them","commit_id":"0737b4b65a86b1672c46922e363f6b25c2ba872c"},{"author":{"_account_id":6788,"name":"Rossella Sblendido","email":"rsblendido@suse.com","username":"rossella-o"},"change_message_id":"024927e2421cb0decfe3fe5b9bce280b5ae09085","unresolved":false,"context_lines":[{"line_number":305,"context_line":"+------------+-------+--------+----------+-----------+----------------------------+"},{"line_number":306,"context_line":"|description |string |RW      |N/A       |none       |LoggingResource description |"},{"line_number":307,"context_line":"+------------+-------+--------+----------+-----------+----------------------------+"},{"line_number":308,"context_line":"|enabled     |bool   |RW      |True      |Boolean    |Enable/disable log          |"},{"line_number":309,"context_line":"+------------+-------+--------+----------+-----------+----------------------------+"},{"line_number":310,"context_line":""},{"line_number":311,"context_line":"Logging object represents common base fields among different kinds of logging"}],"source_content_type":"text/x-rst","patch_set":45,"id":"1aa78d24_456b721e","line":308,"range":{"start_line":308,"start_character":0,"end_line":308,"end_character":8},"in_reply_to":"1aa78d24_a7e515dd","updated":"2016-07-12 08:58:04.000000000","message":"I think it depends on the granularity that you want to have. I\u0027d prefer having it for every Logging object and set it true by default","commit_id":"0737b4b65a86b1672c46922e363f6b25c2ba872c"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"17670014a573d507b016cf02d4fbd068f25aac24","unresolved":false,"context_lines":[{"line_number":305,"context_line":"+------------+-------+--------+----------+-----------+----------------------------+"},{"line_number":306,"context_line":"|description |string |RW      |N/A       |none       |LoggingResource description |"},{"line_number":307,"context_line":"+------------+-------+--------+----------+-----------+----------------------------+"},{"line_number":308,"context_line":"|enabled     |bool   |RW      |True      |Boolean    |Enable/disable log          |"},{"line_number":309,"context_line":"+------------+-------+--------+----------+-----------+----------------------------+"},{"line_number":310,"context_line":""},{"line_number":311,"context_line":"Logging object represents common base fields among different kinds of logging"}],"source_content_type":"text/x-rst","patch_set":45,"id":"1aa78d24_a7e515dd","line":308,"range":{"start_line":308,"start_character":0,"end_line":308,"end_character":8},"in_reply_to":"3aaa91ec_a90acd1d","updated":"2016-07-06 06:46:51.000000000","message":"As Ms.Irena said at patch-set 41 [1]. We just delete the logging object if it is not required anymore, that\u0027s make sense. So I\u0027d like to keep \u0027enabled\u0027 in LoggingResource. \n\n[1] https://review.openstack.org/#/c/203509/41/specs/newton/logging-API-for-security-group-rules.rst@281","commit_id":"0737b4b65a86b1672c46922e363f6b25c2ba872c"},{"author":{"_account_id":6788,"name":"Rossella Sblendido","email":"rsblendido@suse.com","username":"rossella-o"},"change_message_id":"7217285bee47a995953df97bca8593d63ff597b4","unresolved":false,"context_lines":[{"line_number":322,"context_line":"+-------------------+------+------+---------+-----------+-------------------------+"},{"line_number":323,"context_line":"|logging_resource_id|uuid  |RO    |N/A      |uuid       |LoggingResource reference|"},{"line_number":324,"context_line":"+-------------------+------+------+---------+-----------+-------------------------+"},{"line_number":325,"context_line":"|tenant_id          |uuid  |RO    |generated|uuid       |Tenant creates logging   |"},{"line_number":326,"context_line":"+-------------------+------+------+---------+-----------+-------------------------+"},{"line_number":327,"context_line":""},{"line_number":328,"context_line":"SecurityGroupLogging model would look like:"}],"source_content_type":"text/x-rst","patch_set":45,"id":"3aaa91ec_a9212da0","line":325,"range":{"start_line":325,"start_character":1,"end_line":325,"end_character":11},"updated":"2016-06-30 14:43:33.000000000","message":"why do we need it both here and in the LoggingResource?","commit_id":"0737b4b65a86b1672c46922e363f6b25c2ba872c"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"17670014a573d507b016cf02d4fbd068f25aac24","unresolved":false,"context_lines":[{"line_number":322,"context_line":"+-------------------+------+------+---------+-----------+-------------------------+"},{"line_number":323,"context_line":"|logging_resource_id|uuid  |RO    |N/A      |uuid       |LoggingResource reference|"},{"line_number":324,"context_line":"+-------------------+------+------+---------+-----------+-------------------------+"},{"line_number":325,"context_line":"|tenant_id          |uuid  |RO    |generated|uuid       |Tenant creates logging   |"},{"line_number":326,"context_line":"+-------------------+------+------+---------+-----------+-------------------------+"},{"line_number":327,"context_line":""},{"line_number":328,"context_line":"SecurityGroupLogging model would look like:"}],"source_content_type":"text/x-rst","patch_set":45,"id":"1aa78d24_e4271bc8","line":325,"range":{"start_line":325,"start_character":1,"end_line":325,"end_character":11},"in_reply_to":"3aaa91ec_a9212da0","updated":"2016-07-06 06:46:51.000000000","message":"I got it. \u0027tenant_id\u0027 should be removed in logging object.","commit_id":"0737b4b65a86b1672c46922e363f6b25c2ba872c"},{"author":{"_account_id":6788,"name":"Rossella Sblendido","email":"rsblendido@suse.com","username":"rossella-o"},"change_message_id":"7217285bee47a995953df97bca8593d63ff597b4","unresolved":false,"context_lines":[{"line_number":342,"context_line":"|security_group_id |uuid   |RW(No  |N/A    |uuid       |Security-groups UUID      |"},{"line_number":343,"context_line":"|                  |       |update)|       |           |is enabled logging        |"},{"line_number":344,"context_line":"+------------------+-------+-------+-------+-----------+--------------------------+"},{"line_number":345,"context_line":"|port_id           |uuid   |RW(No) |N/A    |uuid       |Port UUID reference       |"},{"line_number":346,"context_line":"|                  |       |update)|       |           |                          |"},{"line_number":347,"context_line":"+------------------+-------+-------+-------+-----------+--------------------------+"},{"line_number":348,"context_line":""}],"source_content_type":"text/x-rst","patch_set":45,"id":"3aaa91ec_834c109f","line":345,"range":{"start_line":345,"start_character":1,"end_line":345,"end_character":8},"updated":"2016-06-30 14:43:33.000000000","message":"I don\u0027t see this used anywhere. Do you plan to enable logging for a specific port only?","commit_id":"0737b4b65a86b1672c46922e363f6b25c2ba872c"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"17670014a573d507b016cf02d4fbd068f25aac24","unresolved":false,"context_lines":[{"line_number":342,"context_line":"|security_group_id |uuid   |RW(No  |N/A    |uuid       |Security-groups UUID      |"},{"line_number":343,"context_line":"|                  |       |update)|       |           |is enabled logging        |"},{"line_number":344,"context_line":"+------------------+-------+-------+-------+-----------+--------------------------+"},{"line_number":345,"context_line":"|port_id           |uuid   |RW(No) |N/A    |uuid       |Port UUID reference       |"},{"line_number":346,"context_line":"|                  |       |update)|       |           |                          |"},{"line_number":347,"context_line":"+------------------+-------+-------+-------+-----------+--------------------------+"},{"line_number":348,"context_line":""}],"source_content_type":"text/x-rst","patch_set":45,"id":"1aa78d24_276125d4","line":345,"range":{"start_line":345,"start_character":1,"end_line":345,"end_character":8},"in_reply_to":"3aaa91ec_834c109f","updated":"2016-07-06 06:46:51.000000000","message":"Yes, I do. I mentioned at line 138: \"Collect events related to security groups applied to a specific VM by giving neutron port uuid in security_group_log resource\".","commit_id":"0737b4b65a86b1672c46922e363f6b25c2ba872c"},{"author":{"_account_id":8788,"name":"Miguel Angel Ajo","email":"mangelajo@redhat.com","username":"mangelajo"},"change_message_id":"e333b47c6ec1118407d381b9c1c0bf8bd10c8e1d","unresolved":false,"context_lines":[{"line_number":357,"context_line":"        \u0027id\u0027: {\u0027allow_post\u0027: False, \u0027allow_put\u0027: False,"},{"line_number":358,"context_line":"               \u0027validate\u0027: {\u0027type:uuid\u0027: None},"},{"line_number":359,"context_line":"               \u0027is_visible\u0027: True, \u0027primary_key\u0027: True},"},{"line_number":360,"context_line":"        \u0027tenant_id\u0027: {\u0027allow_post\u0027: True, \u0027allow_put\u0027: False,"},{"line_number":361,"context_line":"                      \u0027required_by_policy\u0027: True,"},{"line_number":362,"context_line":"                      \u0027validate\u0027: {\u0027type:string\u0027: attr.TENANT_ID_MAX_LEN},"},{"line_number":363,"context_line":"                      \u0027is_visible\u0027: True},"}],"source_content_type":"text/x-rst","patch_set":45,"id":"3aaa91ec_7293b75b","line":360,"updated":"2016-06-30 11:38:02.000000000","message":"shall we start using project_id everywhere?","commit_id":"0737b4b65a86b1672c46922e363f6b25c2ba872c"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"17670014a573d507b016cf02d4fbd068f25aac24","unresolved":false,"context_lines":[{"line_number":357,"context_line":"        \u0027id\u0027: {\u0027allow_post\u0027: False, \u0027allow_put\u0027: False,"},{"line_number":358,"context_line":"               \u0027validate\u0027: {\u0027type:uuid\u0027: None},"},{"line_number":359,"context_line":"               \u0027is_visible\u0027: True, \u0027primary_key\u0027: True},"},{"line_number":360,"context_line":"        \u0027tenant_id\u0027: {\u0027allow_post\u0027: True, \u0027allow_put\u0027: False,"},{"line_number":361,"context_line":"                      \u0027required_by_policy\u0027: True,"},{"line_number":362,"context_line":"                      \u0027validate\u0027: {\u0027type:string\u0027: attr.TENANT_ID_MAX_LEN},"},{"line_number":363,"context_line":"                      \u0027is_visible\u0027: True},"}],"source_content_type":"text/x-rst","patch_set":45,"id":"1aa78d24_e76a7db2","line":360,"in_reply_to":"3aaa91ec_7293b75b","updated":"2016-07-06 06:46:51.000000000","message":"Sure.","commit_id":"0737b4b65a86b1672c46922e363f6b25c2ba872c"},{"author":{"_account_id":8788,"name":"Miguel Angel Ajo","email":"mangelajo@redhat.com","username":"mangelajo"},"change_message_id":"e333b47c6ec1118407d381b9c1c0bf8bd10c8e1d","unresolved":false,"context_lines":[{"line_number":374,"context_line":"            \u0027id\u0027: {\u0027allow_post\u0027: False, \u0027allow_put\u0027: False,"},{"line_number":375,"context_line":"                   \u0027validate\u0027: {\u0027type:uuid\u0027: None}, \u0027is_visible\u0027: True,"},{"line_number":376,"context_line":"                   \u0027primary_key\u0027: True},"},{"line_number":377,"context_line":"            \u0027tenant_id\u0027: {\u0027allow_post\u0027: True, \u0027allow_put\u0027: False,"},{"line_number":378,"context_line":"                          \u0027required_by_policy\u0027: True,"},{"line_number":379,"context_line":"                          \u0027validate\u0027: {\u0027type:string\u0027: attr.TENANT_ID_MAX_LEN},"},{"line_number":380,"context_line":"                          \u0027is_visible\u0027: True},"}],"source_content_type":"text/x-rst","patch_set":45,"id":"3aaa91ec_9296234a","line":377,"updated":"2016-06-30 11:38:02.000000000","message":"Ditto.","commit_id":"0737b4b65a86b1672c46922e363f6b25c2ba872c"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"17670014a573d507b016cf02d4fbd068f25aac24","unresolved":false,"context_lines":[{"line_number":374,"context_line":"            \u0027id\u0027: {\u0027allow_post\u0027: False, \u0027allow_put\u0027: False,"},{"line_number":375,"context_line":"                   \u0027validate\u0027: {\u0027type:uuid\u0027: None}, \u0027is_visible\u0027: True,"},{"line_number":376,"context_line":"                   \u0027primary_key\u0027: True},"},{"line_number":377,"context_line":"            \u0027tenant_id\u0027: {\u0027allow_post\u0027: True, \u0027allow_put\u0027: False,"},{"line_number":378,"context_line":"                          \u0027required_by_policy\u0027: True,"},{"line_number":379,"context_line":"                          \u0027validate\u0027: {\u0027type:string\u0027: attr.TENANT_ID_MAX_LEN},"},{"line_number":380,"context_line":"                          \u0027is_visible\u0027: True},"}],"source_content_type":"text/x-rst","patch_set":45,"id":"1aa78d24_c76781e7","line":377,"in_reply_to":"3aaa91ec_9296234a","updated":"2016-07-06 06:46:51.000000000","message":"I got it.","commit_id":"0737b4b65a86b1672c46922e363f6b25c2ba872c"},{"author":{"_account_id":6788,"name":"Rossella Sblendido","email":"rsblendido@suse.com","username":"rossella-o"},"change_message_id":"7217285bee47a995953df97bca8593d63ff597b4","unresolved":false,"context_lines":[{"line_number":490,"context_line":""},{"line_number":491,"context_line":"For security groups logging::"},{"line_number":492,"context_line":""},{"line_number":493,"context_line":"    os network logging security group create"},{"line_number":494,"context_line":"                \u003clogging-resource\u003e"},{"line_number":495,"context_line":"                [--description \u003cdescription\u003e]"},{"line_number":496,"context_line":"                [--security-group-id \u003csecurity-group-id\u003e]"}],"source_content_type":"text/x-rst","patch_set":45,"id":"3aaa91ec_43f18894","line":493,"range":{"start_line":493,"start_character":23,"end_line":493,"end_character":37},"updated":"2016-06-30 14:43:33.000000000","message":"should be security-group","commit_id":"0737b4b65a86b1672c46922e363f6b25c2ba872c"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"17670014a573d507b016cf02d4fbd068f25aac24","unresolved":false,"context_lines":[{"line_number":490,"context_line":""},{"line_number":491,"context_line":"For security groups logging::"},{"line_number":492,"context_line":""},{"line_number":493,"context_line":"    os network logging security group create"},{"line_number":494,"context_line":"                \u003clogging-resource\u003e"},{"line_number":495,"context_line":"                [--description \u003cdescription\u003e]"},{"line_number":496,"context_line":"                [--security-group-id \u003csecurity-group-id\u003e]"}],"source_content_type":"text/x-rst","patch_set":45,"id":"1aa78d24_27b8052a","line":493,"range":{"start_line":493,"start_character":23,"end_line":493,"end_character":37},"in_reply_to":"3aaa91ec_43f18894","updated":"2016-07-06 06:46:51.000000000","message":"It makes sense. Thanks for your suggestion.","commit_id":"0737b4b65a86b1672c46922e363f6b25c2ba872c"},{"author":{"_account_id":6788,"name":"Rossella Sblendido","email":"rsblendido@suse.com","username":"rossella-o"},"change_message_id":"c605e41c1427740eac49bf5d9caac07218e01ae2","unresolved":false,"context_lines":[{"line_number":57,"context_line":"-----------------"},{"line_number":58,"context_line":""},{"line_number":59,"context_line":"Logging API is designed as a service plugin. It has a logging-agent-extenstion"},{"line_number":60,"context_line":"(It is implemented as a l2 agent extenstion) run on nodes to collect events related"},{"line_number":61,"context_line":"to resources logging (e.g security group or firewall). The logging-agent-extension"},{"line_number":62,"context_line":"includes two parts [1]_:"},{"line_number":63,"context_line":""}],"source_content_type":"text/x-rst","patch_set":46,"id":"1aa78d24_08597f35","line":60,"range":{"start_line":60,"start_character":32,"end_line":60,"end_character":43},"updated":"2016-07-12 11:32:38.000000000","message":"nit: extension","commit_id":"a15d8cd5a45504722a27585deae25cec9e1ba685"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"1911b763773ded105a0732d0c68da30edbfbc073","unresolved":false,"context_lines":[{"line_number":57,"context_line":"-----------------"},{"line_number":58,"context_line":""},{"line_number":59,"context_line":"Logging API is designed as a service plugin. It has a logging-agent-extenstion"},{"line_number":60,"context_line":"(It is implemented as a l2 agent extenstion) run on nodes to collect events related"},{"line_number":61,"context_line":"to resources logging (e.g security group or firewall). The logging-agent-extension"},{"line_number":62,"context_line":"includes two parts [1]_:"},{"line_number":63,"context_line":""}],"source_content_type":"text/x-rst","patch_set":46,"id":"1aa78d24_430baf2b","line":60,"range":{"start_line":60,"start_character":32,"end_line":60,"end_character":43},"in_reply_to":"1aa78d24_08597f35","updated":"2016-07-15 10:58:03.000000000","message":"Done","commit_id":"a15d8cd5a45504722a27585deae25cec9e1ba685"},{"author":{"_account_id":6788,"name":"Rossella Sblendido","email":"rsblendido@suse.com","username":"rossella-o"},"change_message_id":"c605e41c1427740eac49bf5d9caac07218e01ae2","unresolved":false,"context_lines":[{"line_number":63,"context_line":""},{"line_number":64,"context_line":"    (1) Resources logging extension performs capturing events related resources"},{"line_number":65,"context_line":"        when they occurred."},{"line_number":66,"context_line":"    (2) Collector extension collects and processes event-logging (e.g transforms"},{"line_number":67,"context_line":"        event-logging to normalize, stores data and so on)."},{"line_number":68,"context_line":""},{"line_number":69,"context_line":""}],"source_content_type":"text/x-rst","patch_set":46,"id":"1aa78d24_e837d3ad","line":66,"range":{"start_line":66,"start_character":8,"end_line":66,"end_character":17},"updated":"2016-07-12 11:32:38.000000000","message":"can you explain here how this will be configured? why is the collector part of the agent extension? It\u0027s not related to the agent implementation right? The collector implementation could be shared by the linuxbridge agent and the ovs agent for example.","commit_id":"a15d8cd5a45504722a27585deae25cec9e1ba685"},{"author":{"_account_id":6788,"name":"Rossella Sblendido","email":"rsblendido@suse.com","username":"rossella-o"},"change_message_id":"39469f76f86eccc002be293ce8009da6f3957528","unresolved":false,"context_lines":[{"line_number":63,"context_line":""},{"line_number":64,"context_line":"    (1) Resources logging extension performs capturing events related resources"},{"line_number":65,"context_line":"        when they occurred."},{"line_number":66,"context_line":"    (2) Collector extension collects and processes event-logging (e.g transforms"},{"line_number":67,"context_line":"        event-logging to normalize, stores data and so on)."},{"line_number":68,"context_line":""},{"line_number":69,"context_line":""}],"source_content_type":"text/x-rst","patch_set":46,"id":"dada55a8_da7d03e9","line":66,"range":{"start_line":66,"start_character":8,"end_line":66,"end_character":17},"in_reply_to":"1aa78d24_4d675eea","updated":"2016-07-18 09:07:56.000000000","message":"If you plan to add an agent, you should definitely write more about it in the spec. Bear in mind that adding a new agent increases complexity. Do we really need it? This spec should probably only care about exposing some (Neutron internal) events in a way that can be easily consumed by other services (be it monasca, logstash or whatever). Should Neutron really care about providing several ways of storing the data or about the formats? I don\u0027t think so. It\u0027s not so Neutron specific and we don\u0027t need to reinvent the wheel, there are other projects that just take care of that. Why don\u0027t we focus here on a good way to expose the events we care about so that they are easily consumed by external tools? Then the operators can do whatever they want with the tools. What are your thoughts?","commit_id":"a15d8cd5a45504722a27585deae25cec9e1ba685"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"1911b763773ded105a0732d0c68da30edbfbc073","unresolved":false,"context_lines":[{"line_number":63,"context_line":""},{"line_number":64,"context_line":"    (1) Resources logging extension performs capturing events related resources"},{"line_number":65,"context_line":"        when they occurred."},{"line_number":66,"context_line":"    (2) Collector extension collects and processes event-logging (e.g transforms"},{"line_number":67,"context_line":"        event-logging to normalize, stores data and so on)."},{"line_number":68,"context_line":""},{"line_number":69,"context_line":""}],"source_content_type":"text/x-rst","patch_set":46,"id":"1aa78d24_4d675eea","line":66,"range":{"start_line":66,"start_character":8,"end_line":66,"end_character":17},"in_reply_to":"1aa78d24_e837d3ad","updated":"2016-07-15 10:58:03.000000000","message":"\u003ecan you explain here how this will be configured?\n\nIt will be configured as in line 92-109.\n\n\u003ewhy is the collector part of the agent extension? It\u0027s not related to the agent implementation right? The collector implementation could be shared by the linuxbridge agent and the ovs agent for example.\n\nDo you mean i should separate \u0027collector\u0027 part as a collector agent like this https://goo.gl/EW2JUI ? The collector agent takes events which are generated by resources extension (e.g security group logging). If so, there is no problem to update my current design.","commit_id":"a15d8cd5a45504722a27585deae25cec9e1ba685"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"8f4ffb3b0a01adfb16616ca806f7030eda4a82bd","unresolved":false,"context_lines":[{"line_number":63,"context_line":""},{"line_number":64,"context_line":"    (1) Resources logging extension performs capturing events related resources"},{"line_number":65,"context_line":"        when they occurred."},{"line_number":66,"context_line":"    (2) Collector extension collects and processes event-logging (e.g transforms"},{"line_number":67,"context_line":"        event-logging to normalize, stores data and so on)."},{"line_number":68,"context_line":""},{"line_number":69,"context_line":""}],"source_content_type":"text/x-rst","patch_set":46,"id":"dada55a8_9f07bd80","line":66,"range":{"start_line":66,"start_character":8,"end_line":66,"end_character":17},"in_reply_to":"dada55a8_da7d03e9","updated":"2016-07-19 09:59:43.000000000","message":"Based on our discussion on IRC [1]. I agreed with you that:\n(1) we shouldn\u0027t have collector agent, collector part will be implemented as a openstack periodic task to filter \u0027input_log_path\u0027\n(2) In neutron scope, we don\u0027t care about log-data format and supporting multiple collector drivers. So we don\u0027t need LoggingResource anymore.\n\nI will update my spec based on 2 points above. Thanks for your suggestion.\n\n[1] http://eavesdrop.openstack.org/irclogs/%23openstack-neutron/%23openstack-neutron.2016-07-19.log.html#t2016-07-19T07:53:42","commit_id":"a15d8cd5a45504722a27585deae25cec9e1ba685"},{"author":{"_account_id":6788,"name":"Rossella Sblendido","email":"rsblendido@suse.com","username":"rossella-o"},"change_message_id":"c605e41c1427740eac49bf5d9caac07218e01ae2","unresolved":false,"context_lines":[{"line_number":72,"context_line":""},{"line_number":73,"context_line":"Firstly, security events will be logged to \u0027input_log_path\u0027 by SecurityGroupLogExt."},{"line_number":74,"context_line":"Then, these events will be collected, processed and filed to formated location"},{"line_number":75,"context_line":"(e.g \u0027/var/log/neutron/sg-\u003csg-log-uuid.log\u003e\u0027) by CollectorExt. The CollectorExt"},{"line_number":76,"context_line":"is expected to handle logs rotation and forward logs to central logging server"},{"line_number":77,"context_line":"for further process [1]_."},{"line_number":78,"context_line":""}],"source_content_type":"text/x-rst","patch_set":46,"id":"1aa78d24_28fb9b7c","line":75,"range":{"start_line":75,"start_character":49,"end_line":75,"end_character":61},"updated":"2016-07-12 11:32:38.000000000","message":"what\u0027s that? is it another process?","commit_id":"a15d8cd5a45504722a27585deae25cec9e1ba685"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"1911b763773ded105a0732d0c68da30edbfbc073","unresolved":false,"context_lines":[{"line_number":72,"context_line":""},{"line_number":73,"context_line":"Firstly, security events will be logged to \u0027input_log_path\u0027 by SecurityGroupLogExt."},{"line_number":74,"context_line":"Then, these events will be collected, processed and filed to formated location"},{"line_number":75,"context_line":"(e.g \u0027/var/log/neutron/sg-\u003csg-log-uuid.log\u003e\u0027) by CollectorExt. The CollectorExt"},{"line_number":76,"context_line":"is expected to handle logs rotation and forward logs to central logging server"},{"line_number":77,"context_line":"for further process [1]_."},{"line_number":78,"context_line":""}],"source_content_type":"text/x-rst","patch_set":46,"id":"1aa78d24_add4021f","line":75,"range":{"start_line":75,"start_character":49,"end_line":75,"end_character":61},"in_reply_to":"1aa78d24_28fb9b7c","updated":"2016-07-15 10:58:03.000000000","message":"This is the collector extension. It will collects events which are generated by SecurityGroupLogExt and process them as specified in the config. Its configuration is in line 92-109.","commit_id":"a15d8cd5a45504722a27585deae25cec9e1ba685"},{"author":{"_account_id":6788,"name":"Rossella Sblendido","email":"rsblendido@suse.com","username":"rossella-o"},"change_message_id":"c605e41c1427740eac49bf5d9caac07218e01ae2","unresolved":false,"context_lines":[{"line_number":73,"context_line":"Firstly, security events will be logged to \u0027input_log_path\u0027 by SecurityGroupLogExt."},{"line_number":74,"context_line":"Then, these events will be collected, processed and filed to formated location"},{"line_number":75,"context_line":"(e.g \u0027/var/log/neutron/sg-\u003csg-log-uuid.log\u003e\u0027) by CollectorExt. The CollectorExt"},{"line_number":76,"context_line":"is expected to handle logs rotation and forward logs to central logging server"},{"line_number":77,"context_line":"for further process [1]_."},{"line_number":78,"context_line":""},{"line_number":79,"context_line":"The configuration of logging API would look like::"}],"source_content_type":"text/x-rst","patch_set":46,"id":"1aa78d24_4800a734","line":76,"range":{"start_line":76,"start_character":56,"end_line":76,"end_character":78},"updated":"2016-07-12 11:32:38.000000000","message":"this is not correct, the driver will do what\u0027s specified in the config, either send them to a central server or to a third-party or whatever.","commit_id":"a15d8cd5a45504722a27585deae25cec9e1ba685"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"1911b763773ded105a0732d0c68da30edbfbc073","unresolved":false,"context_lines":[{"line_number":73,"context_line":"Firstly, security events will be logged to \u0027input_log_path\u0027 by SecurityGroupLogExt."},{"line_number":74,"context_line":"Then, these events will be collected, processed and filed to formated location"},{"line_number":75,"context_line":"(e.g \u0027/var/log/neutron/sg-\u003csg-log-uuid.log\u003e\u0027) by CollectorExt. The CollectorExt"},{"line_number":76,"context_line":"is expected to handle logs rotation and forward logs to central logging server"},{"line_number":77,"context_line":"for further process [1]_."},{"line_number":78,"context_line":""},{"line_number":79,"context_line":"The configuration of logging API would look like::"}],"source_content_type":"text/x-rst","patch_set":46,"id":"1aa78d24_924843ce","line":76,"range":{"start_line":76,"start_character":56,"end_line":76,"end_character":78},"in_reply_to":"1aa78d24_4800a734","updated":"2016-07-15 10:58:03.000000000","message":"Ok.I will update it as your suggestion.","commit_id":"a15d8cd5a45504722a27585deae25cec9e1ba685"},{"author":{"_account_id":6788,"name":"Rossella Sblendido","email":"rsblendido@suse.com","username":"rossella-o"},"change_message_id":"c605e41c1427740eac49bf5d9caac07218e01ae2","unresolved":false,"context_lines":[{"line_number":79,"context_line":"The configuration of logging API would look like::"},{"line_number":80,"context_line":""},{"line_number":81,"context_line":"    LOGGING_API_OPTS \u003d ["},{"line_number":82,"context_line":"        cfg.ListOpt(\u0027resources_logging\u0027,"},{"line_number":83,"context_line":"                    default\u003d[],"},{"line_number":84,"context_line":"                    help\u003d_(\"List resources logging extension.\")),"},{"line_number":85,"context_line":"        cfg.StrOpt(\u0027collector_extension\u0027,"}],"source_content_type":"text/x-rst","patch_set":46,"id":"1aa78d24_e84a3382","line":82,"range":{"start_line":82,"start_character":21,"end_line":82,"end_character":39},"updated":"2016-07-12 11:32:38.000000000","message":"why do we need that in the config file? we can infer which logging resource are available from the code, why do we need to configure it?","commit_id":"a15d8cd5a45504722a27585deae25cec9e1ba685"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"1911b763773ded105a0732d0c68da30edbfbc073","unresolved":false,"context_lines":[{"line_number":79,"context_line":"The configuration of logging API would look like::"},{"line_number":80,"context_line":""},{"line_number":81,"context_line":"    LOGGING_API_OPTS \u003d ["},{"line_number":82,"context_line":"        cfg.ListOpt(\u0027resources_logging\u0027,"},{"line_number":83,"context_line":"                    default\u003d[],"},{"line_number":84,"context_line":"                    help\u003d_(\"List resources logging extension.\")),"},{"line_number":85,"context_line":"        cfg.StrOpt(\u0027collector_extension\u0027,"}],"source_content_type":"text/x-rst","patch_set":46,"id":"1aa78d24_f2dee73c","line":82,"range":{"start_line":82,"start_character":21,"end_line":82,"end_character":39},"in_reply_to":"1aa78d24_e84a3382","updated":"2016-07-15 10:58:03.000000000","message":"It should be removed as your suggestion.","commit_id":"a15d8cd5a45504722a27585deae25cec9e1ba685"},{"author":{"_account_id":6788,"name":"Rossella Sblendido","email":"rsblendido@suse.com","username":"rossella-o"},"change_message_id":"c605e41c1427740eac49bf5d9caac07218e01ae2","unresolved":false,"context_lines":[{"line_number":114,"context_line":""},{"line_number":115,"context_line":"    (1) through a central logging server."},{"line_number":116,"context_line":"    (2) using third-party services such as Monasca service..."},{"line_number":117,"context_line":""},{"line_number":118,"context_line":""},{"line_number":119,"context_line":"Expected API behavior"},{"line_number":120,"context_line":"---------------------"}],"source_content_type":"text/x-rst","patch_set":46,"id":"1aa78d24_88528f33","line":117,"updated":"2016-07-12 11:32:38.000000000","message":"we should also allow to store them locally I think","commit_id":"a15d8cd5a45504722a27585deae25cec9e1ba685"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"1911b763773ded105a0732d0c68da30edbfbc073","unresolved":false,"context_lines":[{"line_number":114,"context_line":""},{"line_number":115,"context_line":"    (1) through a central logging server."},{"line_number":116,"context_line":"    (2) using third-party services such as Monasca service..."},{"line_number":117,"context_line":""},{"line_number":118,"context_line":""},{"line_number":119,"context_line":"Expected API behavior"},{"line_number":120,"context_line":"---------------------"}],"source_content_type":"text/x-rst","patch_set":46,"id":"1aa78d24_92bde304","line":117,"in_reply_to":"1aa78d24_88528f33","updated":"2016-07-15 10:58:03.000000000","message":"Surely, It should be allowed to store in local. I will update here.","commit_id":"a15d8cd5a45504722a27585deae25cec9e1ba685"},{"author":{"_account_id":6788,"name":"Rossella Sblendido","email":"rsblendido@suse.com","username":"rossella-o"},"change_message_id":"c605e41c1427740eac49bf5d9caac07218e01ae2","unresolved":false,"context_lines":[{"line_number":222,"context_line":"            PUT /v2.0/logging/logging-resources/46ebaec0-0570-43ac-82f6-60d2b03168c4"},{"line_number":223,"context_line":"            {"},{"line_number":224,"context_line":"                \"logging_resource\": {"},{"line_number":225,"context_line":"                    \"enabled\": True"},{"line_number":226,"context_line":"                }"},{"line_number":227,"context_line":"            }"},{"line_number":228,"context_line":""}],"source_content_type":"text/x-rst","patch_set":46,"id":"1aa78d24_7342b43f","line":225,"updated":"2016-07-12 11:32:38.000000000","message":"I think it should be True by default. If you create it, it\u0027s because you want to collect logs.","commit_id":"a15d8cd5a45504722a27585deae25cec9e1ba685"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"1911b763773ded105a0732d0c68da30edbfbc073","unresolved":false,"context_lines":[{"line_number":222,"context_line":"            PUT /v2.0/logging/logging-resources/46ebaec0-0570-43ac-82f6-60d2b03168c4"},{"line_number":223,"context_line":"            {"},{"line_number":224,"context_line":"                \"logging_resource\": {"},{"line_number":225,"context_line":"                    \"enabled\": True"},{"line_number":226,"context_line":"                }"},{"line_number":227,"context_line":"            }"},{"line_number":228,"context_line":""}],"source_content_type":"text/x-rst","patch_set":46,"id":"1aa78d24_3706a121","line":225,"in_reply_to":"1aa78d24_7342b43f","updated":"2016-07-15 10:58:03.000000000","message":"I will follow your suggestion.","commit_id":"a15d8cd5a45504722a27585deae25cec9e1ba685"},{"author":{"_account_id":6788,"name":"Rossella Sblendido","email":"rsblendido@suse.com","username":"rossella-o"},"change_message_id":"c605e41c1427740eac49bf5d9caac07218e01ae2","unresolved":false,"context_lines":[{"line_number":284,"context_line":"LoggingResource model defines a container for logging objects, it describes"},{"line_number":285,"context_line":"how the log-data will be stored."},{"line_number":286,"context_line":""},{"line_number":287,"context_line":"LoggingResource model has the following attributes:"},{"line_number":288,"context_line":""},{"line_number":289,"context_line":"+------------+-------+--------+----------+-----------+-----------------------------+"},{"line_number":290,"context_line":"|Attribute   |Type   |Access  |Default   |Validation/|Description                  |"}],"source_content_type":"text/x-rst","patch_set":46,"id":"1aa78d24_a13161a4","line":287,"range":{"start_line":287,"start_character":0,"end_line":287,"end_character":15},"updated":"2016-07-12 11:32:38.000000000","message":"quoting your comment from last PS\n\n\u003eLoggingResource is not simple a set of several resources. It describes the base policy for logging such as format log-data, how the log data will be stored (central logging server, object storage, ...) and a way to consume log-data.\n\nWhere does it describe it? Can you give me more details? What\u0027s the relationship between a LoggingResource and a collector? If I have many collectors how can I specify which one I want to use for a Resource? How can I specify a format?","commit_id":"a15d8cd5a45504722a27585deae25cec9e1ba685"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"1911b763773ded105a0732d0c68da30edbfbc073","unresolved":false,"context_lines":[{"line_number":284,"context_line":"LoggingResource model defines a container for logging objects, it describes"},{"line_number":285,"context_line":"how the log-data will be stored."},{"line_number":286,"context_line":""},{"line_number":287,"context_line":"LoggingResource model has the following attributes:"},{"line_number":288,"context_line":""},{"line_number":289,"context_line":"+------------+-------+--------+----------+-----------+-----------------------------+"},{"line_number":290,"context_line":"|Attribute   |Type   |Access  |Default   |Validation/|Description                  |"}],"source_content_type":"text/x-rst","patch_set":46,"id":"1aa78d24_83575725","line":287,"range":{"start_line":287,"start_character":0,"end_line":287,"end_character":15},"in_reply_to":"1aa78d24_a13161a4","updated":"2016-07-15 10:58:03.000000000","message":"We are going to support only one collector (for Operator) as the first step. So I just have to place it in the configuration file as Amotoki-san comments (\"we should not expose collector mechanism to user\"). In this case, we could not see the relationship between the LoggingResource and collector.\n\nIn next step, I\u0027m planing support multiple collectors (for Tenant). So, I would like to keep the LoggingResource. To make the relationship between LoggingResource and collectors, I will propose to add \u0027logging_type\u0027 field into the LoggingResource model. Each \u0027logging_type\u0027 maps to a specific collector. This collector will be used to specify log-data format type.\n\nMapping between \u0027logging_type\u0027 and collector will be configured like this:\n \nLOGGING_TYPE \u003d [\u0027File\u0027, \u0027Swift_Object\u0027]\nRESOURCE_ATTRIBUTE_MAP \u003d {\n    \u0027logging_resources\u0027: {\n            \u0027id\u0027: {\u0027allow_post\u0027: False, \u0027allow_put\u0027: False\n                   \u0027validate\u0027: {\u0027type:uuid\u0027: None}, \u0027is_visible\u0027: True,\n                   \u0027primary_key\u0027: True},\n            \u0027project_id\u0027: {\u0027allow_post\u0027: True, \u0027allow_put\u0027: False,\n                          \u0027required_by_policy\u0027: True,\n                          \u0027validate\u0027: {\u0027type:string\u0027: attr.TENANT_ID_MAX_LEN},\n                          \u0027is_visible\u0027: True},\n            \u0027name\u0027: {\u0027allow_post\u0027: True, \u0027allow_put\u0027: True,\n                     \u0027validate\u0027: {\u0027type:string\u0027: None},\n                     \u0027default\u0027: None, \u0027is_visible\u0027: True},\n            \u0027description\u0027: {\u0027allow_post\u0027: True, \u0027allow_put\u0027: True,\n                            \u0027validate\u0027: {\u0027type:string\u0027: None},\n                            \u0027default\u0027: None, \u0027is_visible\u0027: True},\n            \u0027enabled\u0027: {\u0027allow_post\u0027: True, \u0027allow_put\u0027: True,\n                        \u0027is_visible\u0027: True, \u0027default\u0027: True,\n                        \u0027convert_to\u0027: attr.convert_to_boolean},\n            \u0027logging_type\u0027: {\u0027allow_post\u0027: True, \u0027allow_put\u0027: False,\n                             \u0027is_visible\u0027: True, \u0027default\u0027: \u0027File\u0027,\n            \u0027resource_logs\u0027: {\u0027allow_post\u0027: False, \u0027allow_put\u0027: False,\n                              \u0027is_visible\u0027: True}\n        },\n}\n\nconfiguration file looks like:\n\nenabled_backend \u003d File, Swift_Object\n[File]\nlog_type \u003d File,\ndriver \u003d neutron.services.logaas.drivers.file_driver.FileDriver\n# file driver specific configuration\n...\n[Swift_Object]\nlog_type \u003d Swift_Object\ndriver \u003d neutron.services.logaas.drivers.swift_driver.SwiftDriver\n...\n\nCould you give me some advices about this point, please?","commit_id":"a15d8cd5a45504722a27585deae25cec9e1ba685"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"244ff122594f443828349de22d3a28efe07ca4c9","unresolved":false,"context_lines":[{"line_number":260,"context_line":"    }"},{"line_number":261,"context_line":""},{"line_number":262,"context_line":"    RESOURCE_ATTRIBUTE_MAP \u003d {"},{"line_number":263,"context_line":"        \u0027security_group_logs\u0027: {"},{"line_number":264,"context_line":"            \u0027parameters\u0027: dict((LOG_COMMON_FIELDS),"},{"line_number":265,"context_line":"                          **{"},{"line_number":266,"context_line":"                            \u0027security_group_id\u0027: {"},{"line_number":267,"context_line":"                                \u0027allow_post\u0027: True, \u0027allow_put\u0027: False,"},{"line_number":268,"context_line":"                                \u0027is_visible\u0027: True, \u0027default\u0027: None,"},{"line_number":269,"context_line":"                                \u0027validate\u0027: {\u0027type:uuid_or_none\u0027: None}},"},{"line_number":270,"context_line":"                            \u0027sg_event\u0027: {"},{"line_number":271,"context_line":"                                \u0027allow_post\u0027: True, \u0027allow_put\u0027: False,"},{"line_number":272,"context_line":"                                \u0027is_visible\u0027: True,"},{"line_number":273,"context_line":"                                \u0027validate\u0027: {\u0027type:values\u0027: SG_EVENT},"},{"line_number":274,"context_line":"                                \u0027default\u0027: \u0027ALL\u0027},"},{"line_number":275,"context_line":"                            \u0027port_id\u0027: {"},{"line_number":276,"context_line":"                                \u0027allow_post\u0027: True, \u0027allow_put\u0027: False,"},{"line_number":277,"context_line":"                                \u0027is_visible\u0027: True, \u0027default\u0027: None,"},{"line_number":278,"context_line":"                                \u0027validate\u0027: {\u0027type:uuid_or_none\u0027: None}},"},{"line_number":279,"context_line":"                          })"},{"line_number":280,"context_line":"        },"},{"line_number":281,"context_line":""},{"line_number":282,"context_line":"        \u0027logging_types\u0027:{"},{"line_number":283,"context_line":"            \u0027type\u0027: {\u0027allow_post\u0027: False, \u0027allow_put\u0027: False,"}],"source_content_type":"text/x-rst","patch_set":47,"id":"bacf61ea_40d34704","line":280,"range":{"start_line":263,"start_character":8,"end_line":280,"end_character":10},"updated":"2016-08-01 02:11:02.000000000","message":"It should be as below: \n\n\u0027security_group_logs\u0027:                                                     \n    dict(LOG_COMMON_FIELDS,                                                \n        **{\u0027port_id\u0027: {\u0027allow_post\u0027: True, \u0027allow_put\u0027: False,             \n                       \u0027validate\u0027: {\u0027type:uuid\u0027: None},                    \n                       \u0027is_visible\u0027: True},                                \n           \u0027security_group_id\u0027: {\u0027allow_post\u0027: True, \u0027allow_put\u0027: False,\n                                 \u0027validate\u0027: {\u0027type:uuid\u0027: None},          \n                                 \u0027is_visible\u0027: True},                      \n           \u0027sg_event\u0027: {\u0027allow_post\u0027: True, \u0027allow_put\u0027: False,           \n                        \u0027validate\u0027: {\u0027type:values\u0027: SG_EVENT},            \n                        \u0027default\u0027: \u0027ALL\u0027, \u0027is_visible\u0027: True}})\n\nI will update in next revision.","commit_id":"12b1a53120dae9a3646e1aecd3c714fd58d0a8e4"}],"specs/ocata/logging-API-for-security-group-rules.rst":[{"author":{"_account_id":6788,"name":"Rossella Sblendido","email":"rsblendido@suse.com","username":"rossella-o"},"change_message_id":"a446f19be5b704adef1793f846728b2138b82cdb","unresolved":false,"context_lines":[{"line_number":15,"context_line":"Problem Description"},{"line_number":16,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":17,"context_line":""},{"line_number":18,"context_line":"Today when traffic doesn\u0027t flow the way it is supposed to (as prescribed by"},{"line_number":19,"context_line":"security-group-rules), learning what happen can be achieved by painstakingly"},{"line_number":20,"context_line":"browsing distributed logs. In this case, *operators* (including cloud admin"},{"line_number":21,"context_line":"and developer) or tenants want to store logs of network traffic of:"},{"line_number":22,"context_line":""},{"line_number":23,"context_line":"  * North-south network traffic travels between an instance and external"}],"source_content_type":"text/x-rst","patch_set":48,"id":"1a95cdbc_949f71b3","line":20,"range":{"start_line":18,"start_character":0,"end_line":20,"end_character":41},"updated":"2016-10-06 13:23:23.000000000","message":"Since you talk about debugging at line 30, you can remove all the highlighted text.","commit_id":"f96c72e190164fb8a3322750a37fa20d99dd24a9"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"a7e46ae9e7c55022d01cd2fe00e9fe51957e5c51","unresolved":false,"context_lines":[{"line_number":15,"context_line":"Problem Description"},{"line_number":16,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":17,"context_line":""},{"line_number":18,"context_line":"Today when traffic doesn\u0027t flow the way it is supposed to (as prescribed by"},{"line_number":19,"context_line":"security-group-rules), learning what happen can be achieved by painstakingly"},{"line_number":20,"context_line":"browsing distributed logs. In this case, *operators* (including cloud admin"},{"line_number":21,"context_line":"and developer) or tenants want to store logs of network traffic of:"},{"line_number":22,"context_line":""},{"line_number":23,"context_line":"  * North-south network traffic travels between an instance and external"}],"source_content_type":"text/x-rst","patch_set":48,"id":"1a95cdbc_cdf65e8e","line":20,"range":{"start_line":18,"start_character":0,"end_line":20,"end_character":41},"in_reply_to":"1a95cdbc_949f71b3","updated":"2016-10-10 10:01:47.000000000","message":"Done","commit_id":"f96c72e190164fb8a3322750a37fa20d99dd24a9"},{"author":{"_account_id":6788,"name":"Rossella Sblendido","email":"rsblendido@suse.com","username":"rossella-o"},"change_message_id":"a446f19be5b704adef1793f846728b2138b82cdb","unresolved":false,"context_lines":[{"line_number":48,"context_line":"    (2) DROP event."},{"line_number":49,"context_line":""},{"line_number":50,"context_line":"The scope of this spec implements logging API for security groups based on legacy"},{"line_number":51,"context_line":"hybrid version (iptables-based security groups firewall) for *operator only*."},{"line_number":52,"context_line":"It also layouts a model which can be extended to other resources (e.g Firewall"},{"line_number":53,"context_line":"logging) easily. Please note that OVS-based security groups firewall is not"},{"line_number":54,"context_line":"supported at this moment."}],"source_content_type":"text/x-rst","patch_set":48,"id":"1a95cdbc_345a1d50","line":51,"range":{"start_line":51,"start_character":16,"end_line":51,"end_character":55},"updated":"2016-10-06 13:23:23.000000000","message":"how about OVS firewall? How complex is to implement it for OVS firewall too?","commit_id":"f96c72e190164fb8a3322750a37fa20d99dd24a9"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"3209423038ec229c56fce8b56d6e970510c1e746","unresolved":false,"context_lines":[{"line_number":48,"context_line":"    (2) DROP event."},{"line_number":49,"context_line":""},{"line_number":50,"context_line":"The scope of this spec implements logging API for security groups based on legacy"},{"line_number":51,"context_line":"hybrid version (iptables-based security groups firewall) for *operator only*."},{"line_number":52,"context_line":"It also layouts a model which can be extended to other resources (e.g Firewall"},{"line_number":53,"context_line":"logging) easily. Please note that OVS-based security groups firewall is not"},{"line_number":54,"context_line":"supported at this moment."}],"source_content_type":"text/x-rst","patch_set":48,"id":"1a95cdbc_5ca6c253","line":51,"range":{"start_line":51,"start_character":16,"end_line":51,"end_character":55},"in_reply_to":"1a95cdbc_345a1d50","updated":"2016-10-07 10:25:33.000000000","message":"In case OVS: we could use packet-in message on a controller program to produce a log line to a file per packet by inserting action controller to each OVS firewall flow. That will require every packet go through the controller. It\u0027s quite complex and will inherently slow. Therefore, I\u0027d like set OVS firewall support to be out of scope of this spec. How about you?","commit_id":"f96c72e190164fb8a3322750a37fa20d99dd24a9"},{"author":{"_account_id":6788,"name":"Rossella Sblendido","email":"rsblendido@suse.com","username":"rossella-o"},"change_message_id":"bbdd2641cc6b568a55f800ee249ec07467f15f5c","unresolved":false,"context_lines":[{"line_number":48,"context_line":"    (2) DROP event."},{"line_number":49,"context_line":""},{"line_number":50,"context_line":"The scope of this spec implements logging API for security groups based on legacy"},{"line_number":51,"context_line":"hybrid version (iptables-based security groups firewall) for *operator only*."},{"line_number":52,"context_line":"It also layouts a model which can be extended to other resources (e.g Firewall"},{"line_number":53,"context_line":"logging) easily. Please note that OVS-based security groups firewall is not"},{"line_number":54,"context_line":"supported at this moment."}],"source_content_type":"text/x-rst","patch_set":48,"id":"1a95cdbc_e3616bd4","line":51,"range":{"start_line":51,"start_character":16,"end_line":51,"end_character":55},"in_reply_to":"1a95cdbc_5ca6c253","updated":"2016-10-10 10:29:25.000000000","message":"can you add this explanation in the spec?","commit_id":"f96c72e190164fb8a3322750a37fa20d99dd24a9"},{"author":{"_account_id":6788,"name":"Rossella Sblendido","email":"rsblendido@suse.com","username":"rossella-o"},"change_message_id":"a446f19be5b704adef1793f846728b2138b82cdb","unresolved":false,"context_lines":[{"line_number":72,"context_line":"-----------------------"},{"line_number":73,"context_line":""},{"line_number":74,"context_line":"Firstly, SecurityGroupLogExt will log security events to \u0027input_log_path\u0027."},{"line_number":75,"context_line":"Then, these events will be collected and filed to an equivalent location"},{"line_number":76,"context_line":"(e.g \u0027/var/log/neutron/\u003csg-log-id\u003e.log\u0027) periodically by the collector. The"},{"line_number":77,"context_line":"collector can be configured in configuration file and expected to be able to"},{"line_number":78,"context_line":"handle logs rotation."}],"source_content_type":"text/x-rst","patch_set":48,"id":"1a95cdbc_b4ac6da1","line":75,"updated":"2016-10-06 13:23:23.000000000","message":"The collector is its own executable and it should be optional in my opinion. The configuration of the collector should be totally independent of the neutron.conf .","commit_id":"f96c72e190164fb8a3322750a37fa20d99dd24a9"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"3209423038ec229c56fce8b56d6e970510c1e746","unresolved":false,"context_lines":[{"line_number":72,"context_line":"-----------------------"},{"line_number":73,"context_line":""},{"line_number":74,"context_line":"Firstly, SecurityGroupLogExt will log security events to \u0027input_log_path\u0027."},{"line_number":75,"context_line":"Then, these events will be collected and filed to an equivalent location"},{"line_number":76,"context_line":"(e.g \u0027/var/log/neutron/\u003csg-log-id\u003e.log\u0027) periodically by the collector. The"},{"line_number":77,"context_line":"collector can be configured in configuration file and expected to be able to"},{"line_number":78,"context_line":"handle logs rotation."}],"source_content_type":"text/x-rst","patch_set":48,"id":"1a95cdbc_9fa2fcfb","line":75,"in_reply_to":"1a95cdbc_b4ac6da1","updated":"2016-10-07 10:25:33.000000000","message":"I agree with your opinion. I will update my spec to make this point be more clear. Thanks.","commit_id":"f96c72e190164fb8a3322750a37fa20d99dd24a9"},{"author":{"_account_id":6788,"name":"Rossella Sblendido","email":"rsblendido@suse.com","username":"rossella-o"},"change_message_id":"a446f19be5b704adef1793f846728b2138b82cdb","unresolved":false,"context_lines":[{"line_number":131,"context_line":""},{"line_number":132,"context_line":"    * a mechanism to expose logging API for tenant (e.g by using RBAC)."},{"line_number":133,"context_line":"    * standardized logging output format for tenant."},{"line_number":134,"context_line":"    * a way to consume log more effectively for tenant."},{"line_number":135,"context_line":""},{"line_number":136,"context_line":""},{"line_number":137,"context_line":"API operation sample"}],"source_content_type":"text/x-rst","patch_set":48,"id":"1a95cdbc_b49aad61","line":134,"range":{"start_line":134,"start_character":6,"end_line":134,"end_character":54},"updated":"2016-10-06 13:23:23.000000000","message":"consuming the log is not Neutron job","commit_id":"f96c72e190164fb8a3322750a37fa20d99dd24a9"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"a7e46ae9e7c55022d01cd2fe00e9fe51957e5c51","unresolved":false,"context_lines":[{"line_number":131,"context_line":""},{"line_number":132,"context_line":"    * a mechanism to expose logging API for tenant (e.g by using RBAC)."},{"line_number":133,"context_line":"    * standardized logging output format for tenant."},{"line_number":134,"context_line":"    * a way to consume log more effectively for tenant."},{"line_number":135,"context_line":""},{"line_number":136,"context_line":""},{"line_number":137,"context_line":"API operation sample"}],"source_content_type":"text/x-rst","patch_set":48,"id":"1a95cdbc_4d316e59","line":134,"range":{"start_line":134,"start_character":6,"end_line":134,"end_character":54},"in_reply_to":"1a95cdbc_b49aad61","updated":"2016-10-10 10:01:47.000000000","message":"Done","commit_id":"f96c72e190164fb8a3322750a37fa20d99dd24a9"},{"author":{"_account_id":6788,"name":"Rossella Sblendido","email":"rsblendido@suse.com","username":"rossella-o"},"change_message_id":"a446f19be5b704adef1793f846728b2138b82cdb","unresolved":false,"context_lines":[{"line_number":185,"context_line":"Example logging format"},{"line_number":186,"context_line":"----------------------"},{"line_number":187,"context_line":""},{"line_number":188,"context_line":"Logging output format is out of scope of this spec. However its will include"},{"line_number":189,"context_line":"fields such as timestamp, resource log uuid, interface id, L3 \u0026 L4 information"},{"line_number":190,"context_line":"(address, protocol, port, etc) and action (ACCEPT or DROP)."},{"line_number":191,"context_line":""}],"source_content_type":"text/x-rst","patch_set":48,"id":"1a95cdbc_941691a5","line":188,"updated":"2016-10-06 13:23:23.000000000","message":"We should define the default format in this spec. Otherwise what how will we log? Making the format configurable is out of the scope though.","commit_id":"f96c72e190164fb8a3322750a37fa20d99dd24a9"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"3209423038ec229c56fce8b56d6e970510c1e746","unresolved":false,"context_lines":[{"line_number":185,"context_line":"Example logging format"},{"line_number":186,"context_line":"----------------------"},{"line_number":187,"context_line":""},{"line_number":188,"context_line":"Logging output format is out of scope of this spec. However its will include"},{"line_number":189,"context_line":"fields such as timestamp, resource log uuid, interface id, L3 \u0026 L4 information"},{"line_number":190,"context_line":"(address, protocol, port, etc) and action (ACCEPT or DROP)."},{"line_number":191,"context_line":""}],"source_content_type":"text/x-rst","patch_set":48,"id":"1a95cdbc_df12c408","line":188,"in_reply_to":"1a95cdbc_941691a5","updated":"2016-10-07 10:25:33.000000000","message":"It should be updated as below:\nLog-data will include timestamp, host name, resource ID, action (ACCEPT/DROP), interface ID, L3 \u0026 L4 information (address, protocol, port, etc).\n\nLog-data sample of a ACCEPT event will look like:\n\nMar 14 10:22:04 localhost 5f126d84-551a-4dcf-bb0-ACCEPT IN\u003dqbr9a0655d0-33 OUT\u003dqbr9a0655d0-33 MAC\u003dfa:16:3e:55:cd:85:fa:16:3e:d1:41:49:08:00 SRC\u003d10.0.0.3 DST\u003d22.22.22.3 LEN\u003d60 TOS\u003d00 PREC\u003d0x00 TTL\u003d64 ID\u003d52446 DF PROTO\u003dTCP SPT\u003d55211 DPT\u003d12865 SEQ\u003d3123701752 ACK\u003d0 WINDOW\u003d28200 SYN URGP\u003d0 UID\u003d0 GID\u003d0 MARK\u003d0\n\nLog-data sample of DROP event will look like:\n\nMar 14 10:22:04 localhost 5f126d84-551a-4dcf-bb0-DROP IN\u003dqbrbf729149-c3 OUT\u003dqbrbf729149-c3 MAC\u003dfa:16:3e:0b:6c:bf:fa:16:3e:bd:8b:b4:08:00 SRC\u003d10.0.0.3 DST\u003d22.22.22.3 LEN\u003d60 TOS\u003d00 PREC\u003d0x00 TTL\u003d63 ID\u003d52446 DF PROTO\u003dTCP SPT\u003d55211 DPT\u003d12865 SEQ\u003d3123701752 ACK\u003d0 WINDOW\u003d28200 SYN URGP\u003d0 MARK\u003d0","commit_id":"f96c72e190164fb8a3322750a37fa20d99dd24a9"},{"author":{"_account_id":6788,"name":"Rossella Sblendido","email":"rsblendido@suse.com","username":"rossella-o"},"change_message_id":"7507aa7ad136d10cf8827eff525922e07cae1db9","unresolved":false,"context_lines":[{"line_number":54,"context_line":"log all ACCEPT and DROP events. We could use \"packet-in based solution\" to produce"},{"line_number":55,"context_line":"a log line per packet to a file by inserting an \u0027action\u003dcontroller\u0027 to each OVS"},{"line_number":56,"context_line":"firewall\u0027s flow. It\u0027s complex to implement and will be inherently slow as much"},{"line_number":57,"context_line":"more packets will go through the controller. Therefore, logging for OVS firewall"},{"line_number":58,"context_line":"is not applicable at this moment."},{"line_number":59,"context_line":""},{"line_number":60,"context_line":"Logging mechanism"}],"source_content_type":"text/x-rst","patch_set":49,"id":"1a95cdbc_a39923c6","line":57,"updated":"2016-10-10 10:33:10.000000000","message":"thanks for adding this :)","commit_id":"9d72f1aa23b1916b825c8f7fa78e72bbdef52781"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"47399a2098dda8922d267063e610fbc62d46660c","unresolved":false,"context_lines":[{"line_number":54,"context_line":"log all ACCEPT and DROP events. We could use \"packet-in based solution\" to produce"},{"line_number":55,"context_line":"a log line per packet to a file by inserting an \u0027action\u003dcontroller\u0027 to each OVS"},{"line_number":56,"context_line":"firewall\u0027s flow. It\u0027s complex to implement and will be inherently slow as much"},{"line_number":57,"context_line":"more packets will go through the controller. Therefore, logging for OVS firewall"},{"line_number":58,"context_line":"is not applicable at this moment."},{"line_number":59,"context_line":""},{"line_number":60,"context_line":"Logging mechanism"}],"source_content_type":"text/x-rst","patch_set":49,"id":"fa6399be_abc8f375","line":57,"in_reply_to":"1a95cdbc_a39923c6","updated":"2016-10-11 06:44:46.000000000","message":"It\u0027s based on your suggestion. Thanks.","commit_id":"9d72f1aa23b1916b825c8f7fa78e72bbdef52781"},{"author":{"_account_id":6788,"name":"Rossella Sblendido","email":"rsblendido@suse.com","username":"rossella-o"},"change_message_id":"7507aa7ad136d10cf8827eff525922e07cae1db9","unresolved":false,"context_lines":[{"line_number":55,"context_line":"a log line per packet to a file by inserting an \u0027action\u003dcontroller\u0027 to each OVS"},{"line_number":56,"context_line":"firewall\u0027s flow. It\u0027s complex to implement and will be inherently slow as much"},{"line_number":57,"context_line":"more packets will go through the controller. Therefore, logging for OVS firewall"},{"line_number":58,"context_line":"is not applicable at this moment."},{"line_number":59,"context_line":""},{"line_number":60,"context_line":"Logging mechanism"},{"line_number":61,"context_line":"-----------------"}],"source_content_type":"text/x-rst","patch_set":49,"id":"1a95cdbc_63571bca","line":58,"range":{"start_line":58,"start_character":0,"end_line":58,"end_character":32},"updated":"2016-10-10 10:33:10.000000000","message":"I\u0027d rephrase \"is out of the scope of this spec and will be tackled in a new one\"","commit_id":"9d72f1aa23b1916b825c8f7fa78e72bbdef52781"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"47399a2098dda8922d267063e610fbc62d46660c","unresolved":false,"context_lines":[{"line_number":55,"context_line":"a log line per packet to a file by inserting an \u0027action\u003dcontroller\u0027 to each OVS"},{"line_number":56,"context_line":"firewall\u0027s flow. It\u0027s complex to implement and will be inherently slow as much"},{"line_number":57,"context_line":"more packets will go through the controller. Therefore, logging for OVS firewall"},{"line_number":58,"context_line":"is not applicable at this moment."},{"line_number":59,"context_line":""},{"line_number":60,"context_line":"Logging mechanism"},{"line_number":61,"context_line":"-----------------"}],"source_content_type":"text/x-rst","patch_set":49,"id":"fa6399be_2bb4e3f0","line":58,"range":{"start_line":58,"start_character":0,"end_line":58,"end_character":32},"in_reply_to":"1a95cdbc_63571bca","updated":"2016-10-11 06:44:46.000000000","message":"Done! Thanks for your suggestion.","commit_id":"9d72f1aa23b1916b825c8f7fa78e72bbdef52781"},{"author":{"_account_id":6788,"name":"Rossella Sblendido","email":"rsblendido@suse.com","username":"rossella-o"},"change_message_id":"7507aa7ad136d10cf8827eff525922e07cae1db9","unresolved":false,"context_lines":[{"line_number":135,"context_line":""},{"line_number":136,"context_line":"    * a mechanism to expose logging API for tenant (e.g by using RBAC)."},{"line_number":137,"context_line":"    * standardized logging output format for tenant."},{"line_number":138,"context_line":""},{"line_number":139,"context_line":""},{"line_number":140,"context_line":"API operation sample"},{"line_number":141,"context_line":"--------------------"}],"source_content_type":"text/x-rst","patch_set":49,"id":"1a95cdbc_630e3be6","line":138,"updated":"2016-10-10 10:33:10.000000000","message":"add the implementation for OVS firewall in the future work :)","commit_id":"9d72f1aa23b1916b825c8f7fa78e72bbdef52781"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"47399a2098dda8922d267063e610fbc62d46660c","unresolved":false,"context_lines":[{"line_number":135,"context_line":""},{"line_number":136,"context_line":"    * a mechanism to expose logging API for tenant (e.g by using RBAC)."},{"line_number":137,"context_line":"    * standardized logging output format for tenant."},{"line_number":138,"context_line":""},{"line_number":139,"context_line":""},{"line_number":140,"context_line":"API operation sample"},{"line_number":141,"context_line":"--------------------"}],"source_content_type":"text/x-rst","patch_set":49,"id":"fa6399be_cbc5275c","line":138,"in_reply_to":"1a95cdbc_630e3be6","updated":"2016-10-11 06:44:46.000000000","message":"Done!","commit_id":"9d72f1aa23b1916b825c8f7fa78e72bbdef52781"},{"author":{"_account_id":6788,"name":"Rossella Sblendido","email":"rsblendido@suse.com","username":"rossella-o"},"change_message_id":"01320bc7bf5de6e4c04937c1c1429f96bb896343","unresolved":false,"context_lines":[{"line_number":67,"context_line":"        when they occurred. In case of security group logging, its extension is"},{"line_number":68,"context_line":"        implemented as a L2 agent extension."},{"line_number":69,"context_line":""},{"line_number":70,"context_line":"    (2) Collector is a small executable which is implemented as a periodic task."},{"line_number":71,"context_line":"        It runs periodically on nodes (e.g Compute node, ...) to collect events which"},{"line_number":72,"context_line":"        are generated by resources logging extension, then splits and saves them"},{"line_number":73,"context_line":"        to other log-files. It can be triggered by operator via a cron script."}],"source_content_type":"text/x-rst","patch_set":50,"id":"fa6399be_c7a1e447","line":70,"updated":"2016-10-14 15:45:32.000000000","message":"we should specify that the collector is optional here too, sorry I missed this before","commit_id":"30bae1b38c9e1ad59c55024304c802b0d87e7e3d"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"89c749a35a9cad316ea254ad34640f7ba93fb884","unresolved":false,"context_lines":[{"line_number":67,"context_line":"        when they occurred. In case of security group logging, its extension is"},{"line_number":68,"context_line":"        implemented as a L2 agent extension."},{"line_number":69,"context_line":""},{"line_number":70,"context_line":"    (2) Collector is a small executable which is implemented as a periodic task."},{"line_number":71,"context_line":"        It runs periodically on nodes (e.g Compute node, ...) to collect events which"},{"line_number":72,"context_line":"        are generated by resources logging extension, then splits and saves them"},{"line_number":73,"context_line":"        to other log-files. It can be triggered by operator via a cron script."}],"source_content_type":"text/x-rst","patch_set":50,"id":"fa6399be_a5667eb8","line":70,"in_reply_to":"fa6399be_c7a1e447","updated":"2016-10-17 11:18:54.000000000","message":"It should be updated as \"collector is an optional small executable which is implemented as periodic task\". Thanks for great review.","commit_id":"30bae1b38c9e1ad59c55024304c802b0d87e7e3d"},{"author":{"_account_id":6788,"name":"Rossella Sblendido","email":"rsblendido@suse.com","username":"rossella-o"},"change_message_id":"01320bc7bf5de6e4c04937c1c1429f96bb896343","unresolved":false,"context_lines":[{"line_number":75,"context_line":"Expected implementation"},{"line_number":76,"context_line":"-----------------------"},{"line_number":77,"context_line":""},{"line_number":78,"context_line":"Firstly, SecurityGroupLogExt will log security events to \u0027input_log_path\u0027."},{"line_number":79,"context_line":"Then, if collector is enabled, these events will be collected and filed to an"},{"line_number":80,"context_line":"equivalent location (e.g \u0027/var/log/neutron/\u003csg-log-id\u003e.log\u0027) periodically by"},{"line_number":81,"context_line":"the collector. The collector can be configured in its own configuration file"}],"source_content_type":"text/x-rst","patch_set":50,"id":"fa6399be_19942441","line":78,"range":{"start_line":78,"start_character":9,"end_line":78,"end_character":28},"updated":"2016-10-14 15:45:32.000000000","message":"The api part is clear and solid in my opinion. Let\u0027s dig more into the class design. SecurityGroupLogExt what\u0027s that, an extension? Is it a driver? Do we want to define a generic logging driver that can be then extended?\nThis is related to how we plan to implement the get logging-types. Do we plan to list there all the extensions that are enabled?","commit_id":"30bae1b38c9e1ad59c55024304c802b0d87e7e3d"},{"author":{"_account_id":6788,"name":"Rossella Sblendido","email":"rsblendido@suse.com","username":"rossella-o"},"change_message_id":"3e02ea60edc6f0c543a2173d8d88f588ade8a4b3","unresolved":false,"context_lines":[{"line_number":75,"context_line":"Expected implementation"},{"line_number":76,"context_line":"-----------------------"},{"line_number":77,"context_line":""},{"line_number":78,"context_line":"Firstly, SecurityGroupLogExt will log security events to \u0027input_log_path\u0027."},{"line_number":79,"context_line":"Then, if collector is enabled, these events will be collected and filed to an"},{"line_number":80,"context_line":"equivalent location (e.g \u0027/var/log/neutron/\u003csg-log-id\u003e.log\u0027) periodically by"},{"line_number":81,"context_line":"the collector. The collector can be configured in its own configuration file"}],"source_content_type":"text/x-rst","patch_set":50,"id":"fa6399be_8d308309","line":78,"range":{"start_line":78,"start_character":9,"end_line":78,"end_character":28},"in_reply_to":"fa6399be_0b7e5b69","updated":"2016-10-18 14:49:26.000000000","message":"I added some comments on [2]. We need to specify a generic AgentExtension and then have a specific SecGroupLoggingExt that inherits from it. I agree with the way you want to implement get logging-types, let\u0027s add it in the spec.","commit_id":"30bae1b38c9e1ad59c55024304c802b0d87e7e3d"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"89c749a35a9cad316ea254ad34640f7ba93fb884","unresolved":false,"context_lines":[{"line_number":75,"context_line":"Expected implementation"},{"line_number":76,"context_line":"-----------------------"},{"line_number":77,"context_line":""},{"line_number":78,"context_line":"Firstly, SecurityGroupLogExt will log security events to \u0027input_log_path\u0027."},{"line_number":79,"context_line":"Then, if collector is enabled, these events will be collected and filed to an"},{"line_number":80,"context_line":"equivalent location (e.g \u0027/var/log/neutron/\u003csg-log-id\u003e.log\u0027) periodically by"},{"line_number":81,"context_line":"the collector. The collector can be configured in its own configuration file"}],"source_content_type":"text/x-rst","patch_set":50,"id":"fa6399be_0b7e5b69","line":78,"range":{"start_line":78,"start_character":9,"end_line":78,"end_character":28},"in_reply_to":"fa6399be_19942441","updated":"2016-10-17 11:18:54.000000000","message":"In my understanding, SecurityGroupLogEx is a L2 agent extension, not a driver. It receives security group logging CREATE/UPDATED/DELETED events and passed them to firewall driver, for example neutron.agent.linux.iptables_firewall:IptablesFirewallDriver\n[1]) in case of iptable-based SG implementation.\n\n\u003e Do we want to define a generic logging driver that can be then extended?\n\nYes, we do. In my POC patch [2], I added an abstract method `security_group_logging` to FirewallDriver base class [3], So if we want to support another firewall driver implementation (ex: OVS firewall) we only have to overwrite this method.\n\n\u003e Do we plan to list there all the extensions that are enabled?\n\nYes, we do. A ML2 mechanism driver can claim support for some logging resource types by providing a driver class property called \u0027supported_logging_type\u0027[4] that should be return a list of strings that correspond to logging-types. It is similar to the implementation of `supported_qos_rule_types`[5]. How do you think?   \n\n[1] https://review.openstack.org/#/c/353440/1/neutron/agent/l2/extensions/sg_log.py@46\n[2] https://review.openstack.org/#/c/353440\n[3]https://review.openstack.org/#/c/353440/1/neutron/agent/firewall.py@217\n[4] https://review.openstack.org/#/c/353440/1/neutron/plugins/ml2/plugin.py@232\n[5] https://github.com/openstack/neutron/blob/master/neutron/plugins/ml2/managers.py#L355","commit_id":"30bae1b38c9e1ad59c55024304c802b0d87e7e3d"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"e7a6fc1a9bb21ae212772628383792ec732680e9","unresolved":false,"context_lines":[{"line_number":75,"context_line":"Expected implementation"},{"line_number":76,"context_line":"-----------------------"},{"line_number":77,"context_line":""},{"line_number":78,"context_line":"Firstly, SecurityGroupLogExt will log security events to \u0027input_log_path\u0027."},{"line_number":79,"context_line":"Then, if collector is enabled, these events will be collected and filed to an"},{"line_number":80,"context_line":"equivalent location (e.g \u0027/var/log/neutron/\u003csg-log-id\u003e.log\u0027) periodically by"},{"line_number":81,"context_line":"the collector. The collector can be configured in its own configuration file"}],"source_content_type":"text/x-rst","patch_set":50,"id":"fa6399be_d94bcfaf","line":78,"range":{"start_line":78,"start_character":9,"end_line":78,"end_character":28},"in_reply_to":"fa6399be_8d308309","updated":"2016-10-20 10:13:49.000000000","message":"Thanks for your suggestion. In my understanding: we will have a L2LoggingExt (a L2 agent extension) which loads enabled logging extension drivers (SecGroupLoggingExtDriver, FwaasL2LoggingExtDriver). We will define an abstract interface LoggingExtDriver so that logging extension driver can inherit from it. Our architecture as below:\n\n           +---------------+\n           | L2LoggingExt  |\n           +-------+-------+\n                   |\n        +----------+-----------+\n        |                      |\n+-------v--------+    +--------v----------+\n|SGL2LogExtDriver|    |FWaaSL2LogExtDriver|\n+------+---------+    +---------+---------+\n       |                        |\n       |                        |\n       |     +----------+       |\n       +----\u003e|  Syslog  |\u003c------+\n             +----+-----+\n                  |             +------------------+\n                  |             |+------------------+\n          +-------v--------+    ||local_output_log  |\n          |   Collector    |---\u003e||e.g:              |\n          +----------------+    || /var/log/neutron |\n                                ||/\u003clog-resource-   |\n                                +|  id.log\u003e         |\n                                 +------------------+\n\nHow do you think about that? I will update spec soon.","commit_id":"30bae1b38c9e1ad59c55024304c802b0d87e7e3d"},{"author":{"_account_id":6788,"name":"Rossella Sblendido","email":"rsblendido@suse.com","username":"rossella-o"},"change_message_id":"d8a431d47acd12351e5dd60079899c55c6a55d57","unresolved":false,"context_lines":[{"line_number":138,"context_line":"             | SecurityGroupLoggingDriver |"},{"line_number":139,"context_line":"             +-------+--------------------+"},{"line_number":140,"context_line":"             | initialize()               |"},{"line_number":141,"context_line":"             | create_security_group_log  |"},{"line_number":142,"context_line":"             | delete_security_group_log  |"},{"line_number":143,"context_line":"             +----------------------------+"},{"line_number":144,"context_line":"                           |"}],"source_content_type":"text/x-rst","patch_set":51,"id":"7a77a97e_3cbc6bba","line":141,"updated":"2016-11-18 13:47:34.000000000","message":"do we need to add these new methods? can\u0027t we simply override start_logging and stop_logging?","commit_id":"79417a7e81541d96ff1c6da2c9b81dc690272a98"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"b4ef7fac2f2f0206050be7cc30ad39cb1e8764c5","unresolved":false,"context_lines":[{"line_number":138,"context_line":"             | SecurityGroupLoggingDriver |"},{"line_number":139,"context_line":"             +-------+--------------------+"},{"line_number":140,"context_line":"             | initialize()               |"},{"line_number":141,"context_line":"             | create_security_group_log  |"},{"line_number":142,"context_line":"             | delete_security_group_log  |"},{"line_number":143,"context_line":"             +----------------------------+"},{"line_number":144,"context_line":"                           |"}],"source_content_type":"text/x-rst","patch_set":51,"id":"5a74a57a_7d513962","line":141,"in_reply_to":"7a77a97e_3cbc6bba","updated":"2016-11-23 11:05:16.000000000","message":"I agree with you. Could you please review my new patch [1] and leave your comments.\n[1] https://review.openstack.org/#/c/396104/4/neutron/services/logapi/agent/drivers/iptables_log.py@28","commit_id":"79417a7e81541d96ff1c6da2c9b81dc690272a98"},{"author":{"_account_id":6788,"name":"Rossella Sblendido","email":"rsblendido@suse.com","username":"rossella-o"},"change_message_id":"d8a431d47acd12351e5dd60079899c55c6a55d57","unresolved":false,"context_lines":[{"line_number":149,"context_line":"     |IptablesLoggingDriver|   | OVSFWLoggingDriver |"},{"line_number":150,"context_line":"     +---------------------+   +--------------------+"},{"line_number":151,"context_line":""},{"line_number":152,"context_line":"For more detail, please refers to draft code here [2]_."},{"line_number":153,"context_line":""},{"line_number":154,"context_line":"The LoggingExtension will log security events to \u0027input_log_path\u0027. Then, if the"},{"line_number":155,"context_line":"collector is enabled, it will collect these events and file them to an equivalent"}],"source_content_type":"text/x-rst","patch_set":51,"id":"7a77a97e_5ce687e8","line":152,"range":{"start_line":152,"start_character":50,"end_line":152,"end_character":53},"updated":"2016-11-18 13:47:34.000000000","message":"can you use a WIP patch on gerrit instead of paste.openstack.org? Code is harder to read in paste.openstack.org and it\u0027s impossible to comment","commit_id":"79417a7e81541d96ff1c6da2c9b81dc690272a98"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"b4ef7fac2f2f0206050be7cc30ad39cb1e8764c5","unresolved":false,"context_lines":[{"line_number":149,"context_line":"     |IptablesLoggingDriver|   | OVSFWLoggingDriver |"},{"line_number":150,"context_line":"     +---------------------+   +--------------------+"},{"line_number":151,"context_line":""},{"line_number":152,"context_line":"For more detail, please refers to draft code here [2]_."},{"line_number":153,"context_line":""},{"line_number":154,"context_line":"The LoggingExtension will log security events to \u0027input_log_path\u0027. Then, if the"},{"line_number":155,"context_line":"collector is enabled, it will collect these events and file them to an equivalent"}],"source_content_type":"text/x-rst","patch_set":51,"id":"5a74a57a_5ddb9ded","line":152,"range":{"start_line":152,"start_character":50,"end_line":152,"end_character":53},"in_reply_to":"7a77a97e_5ce687e8","updated":"2016-11-23 11:05:16.000000000","message":"Done","commit_id":"79417a7e81541d96ff1c6da2c9b81dc690272a98"},{"author":{"_account_id":6788,"name":"Rossella Sblendido","email":"rsblendido@suse.com","username":"rossella-o"},"change_message_id":"d8a431d47acd12351e5dd60079899c55c6a55d57","unresolved":false,"context_lines":[{"line_number":225,"context_line":""},{"line_number":226,"context_line":"    step2: Check supported logging capabilities::"},{"line_number":227,"context_line":""},{"line_number":228,"context_line":"            GET /v2.0/logging/logging-types"},{"line_number":229,"context_line":""},{"line_number":230,"context_line":"            Response:"},{"line_number":231,"context_line":"            {"}],"source_content_type":"text/x-rst","patch_set":51,"id":"7a77a97e_3c0aab8a","line":228,"range":{"start_line":228,"start_character":30,"end_line":228,"end_character":43},"updated":"2016-11-18 13:47:34.000000000","message":"it makes more sense to use \u0027logging-resources\u0027 or \u0027enabled-logging-resources\u0027 ? \nEach logging driver will declare which resources it supports. E.g. IptablesLoggingDriver supports the resource security group.\nGET /v2.0/logging/logging-resources will return the list of the supported resources by the logging drivers in the system.","commit_id":"79417a7e81541d96ff1c6da2c9b81dc690272a98"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"b4ef7fac2f2f0206050be7cc30ad39cb1e8764c5","unresolved":false,"context_lines":[{"line_number":225,"context_line":""},{"line_number":226,"context_line":"    step2: Check supported logging capabilities::"},{"line_number":227,"context_line":""},{"line_number":228,"context_line":"            GET /v2.0/logging/logging-types"},{"line_number":229,"context_line":""},{"line_number":230,"context_line":"            Response:"},{"line_number":231,"context_line":"            {"}],"source_content_type":"text/x-rst","patch_set":51,"id":"5a74a57a_1de8457c","line":228,"range":{"start_line":228,"start_character":30,"end_line":228,"end_character":43},"in_reply_to":"7a77a97e_3c0aab8a","updated":"2016-11-23 11:05:16.000000000","message":"Done","commit_id":"79417a7e81541d96ff1c6da2c9b81dc690272a98"},{"author":{"_account_id":6788,"name":"Rossella Sblendido","email":"rsblendido@suse.com","username":"rossella-o"},"change_message_id":"d8a431d47acd12351e5dd60079899c55c6a55d57","unresolved":false,"context_lines":[{"line_number":237,"context_line":"           events related to all security groups applied in tenant demo (Read"},{"line_number":238,"context_line":"           `Expected API behavior`_ section for more details)::"},{"line_number":239,"context_line":""},{"line_number":240,"context_line":"            POST /v2.0/logging/security-group-logs"},{"line_number":241,"context_line":"            {"},{"line_number":242,"context_line":"                \"security_group_log\": {"},{"line_number":243,"context_line":"                    \"name\": \"sg_log_test1\","}],"source_content_type":"text/x-rst","patch_set":51,"id":"7a77a97e_e2ac088e","line":240,"range":{"start_line":240,"start_character":31,"end_line":240,"end_character":50},"updated":"2016-11-18 13:47:34.000000000","message":"we need something more generic, it shouldn\u0027t be security-group specific. Something like: POST /v2.0/logging/logs\nSee my next comment please.","commit_id":"79417a7e81541d96ff1c6da2c9b81dc690272a98"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"c55d0422bbcc4198f8af1b2b1949df874e0f19df","unresolved":false,"context_lines":[{"line_number":237,"context_line":"           events related to all security groups applied in tenant demo (Read"},{"line_number":238,"context_line":"           `Expected API behavior`_ section for more details)::"},{"line_number":239,"context_line":""},{"line_number":240,"context_line":"            POST /v2.0/logging/security-group-logs"},{"line_number":241,"context_line":"            {"},{"line_number":242,"context_line":"                \"security_group_log\": {"},{"line_number":243,"context_line":"                    \"name\": \"sg_log_test1\","}],"source_content_type":"text/x-rst","patch_set":51,"id":"7a77a97e_f2cf08b1","line":240,"range":{"start_line":240,"start_character":31,"end_line":240,"end_character":50},"in_reply_to":"7a77a97e_e2ac088e","updated":"2016-11-22 11:56:55.000000000","message":"After I investigate about your comments and discussion on IRC. I think Rest API model should be as [1] and DB model as [2]. In this Rest API model, \"parent_resource_id\" could be like \"port_id\" or \"router_id\". How do you think? \n[1] https://review.openstack.org/#/c/395504/4/neutron/extensions/loggingapi.py@57\n[2] https://review.openstack.org/#/c/395483/6/neutron/db/models/loggingapi_db.py@23","commit_id":"79417a7e81541d96ff1c6da2c9b81dc690272a98"},{"author":{"_account_id":6788,"name":"Rossella Sblendido","email":"rsblendido@suse.com","username":"rossella-o"},"change_message_id":"d8a431d47acd12351e5dd60079899c55c6a55d57","unresolved":false,"context_lines":[{"line_number":429,"context_line":""},{"line_number":430,"context_line":"For security groups logging::"},{"line_number":431,"context_line":""},{"line_number":432,"context_line":"    os network logging security-group create"},{"line_number":433,"context_line":"                [--description \u003cdescription\u003e]"},{"line_number":434,"context_line":"                [--enable | --disable]"},{"line_number":435,"context_line":"                [--security-group-id \u003csecurity-group-id\u003e]"}],"source_content_type":"text/x-rst","patch_set":51,"id":"7a77a97e_0272e410","line":432,"updated":"2016-11-18 13:47:34.000000000","message":"I am commenting on the CLI since it\u0027s easier but similar changes should be ported to the api too\n\nthis should be simply \u0027os network logging create\u0027","commit_id":"79417a7e81541d96ff1c6da2c9b81dc690272a98"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"b4ef7fac2f2f0206050be7cc30ad39cb1e8764c5","unresolved":false,"context_lines":[{"line_number":429,"context_line":""},{"line_number":430,"context_line":"For security groups logging::"},{"line_number":431,"context_line":""},{"line_number":432,"context_line":"    os network logging security-group create"},{"line_number":433,"context_line":"                [--description \u003cdescription\u003e]"},{"line_number":434,"context_line":"                [--enable | --disable]"},{"line_number":435,"context_line":"                [--security-group-id \u003csecurity-group-id\u003e]"}],"source_content_type":"text/x-rst","patch_set":51,"id":"5a74a57a_f82ab77d","line":432,"in_reply_to":"7a77a97e_0272e410","updated":"2016-11-23 11:05:16.000000000","message":"Thanks for your suggestion. I\u0027ll follow your comments. For api, Could you please review my new patch [1] and leave your comments.\n[1]https://review.openstack.org/#/c/395504/5/neutron/extensions/loggingapi.py","commit_id":"79417a7e81541d96ff1c6da2c9b81dc690272a98"},{"author":{"_account_id":6788,"name":"Rossella Sblendido","email":"rsblendido@suse.com","username":"rossella-o"},"change_message_id":"d8a431d47acd12351e5dd60079899c55c6a55d57","unresolved":false,"context_lines":[{"line_number":432,"context_line":"    os network logging security-group create"},{"line_number":433,"context_line":"                [--description \u003cdescription\u003e]"},{"line_number":434,"context_line":"                [--enable | --disable]"},{"line_number":435,"context_line":"                [--security-group-id \u003csecurity-group-id\u003e]"},{"line_number":436,"context_line":"                [--port-id \u003cport-id\u003e]"},{"line_number":437,"context_line":"                [--sg-event \u003cACCEPT/DROP/ALL\u003e]"},{"line_number":438,"context_line":"                [--project \u003cproject\u003e [--project-domain \u003cproject-domain\u003e]]"}],"source_content_type":"text/x-rst","patch_set":51,"id":"7a77a97e_825c347e","line":435,"range":{"start_line":435,"start_character":19,"end_line":435,"end_character":36},"updated":"2016-11-18 13:47:34.000000000","message":"this should be more generic, like resource-id","commit_id":"79417a7e81541d96ff1c6da2c9b81dc690272a98"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"b4ef7fac2f2f0206050be7cc30ad39cb1e8764c5","unresolved":false,"context_lines":[{"line_number":432,"context_line":"    os network logging security-group create"},{"line_number":433,"context_line":"                [--description \u003cdescription\u003e]"},{"line_number":434,"context_line":"                [--enable | --disable]"},{"line_number":435,"context_line":"                [--security-group-id \u003csecurity-group-id\u003e]"},{"line_number":436,"context_line":"                [--port-id \u003cport-id\u003e]"},{"line_number":437,"context_line":"                [--sg-event \u003cACCEPT/DROP/ALL\u003e]"},{"line_number":438,"context_line":"                [--project \u003cproject\u003e [--project-domain \u003cproject-domain\u003e]]"}],"source_content_type":"text/x-rst","patch_set":51,"id":"5a74a57a_783787e3","line":435,"range":{"start_line":435,"start_character":19,"end_line":435,"end_character":36},"in_reply_to":"7a77a97e_825c347e","updated":"2016-11-23 11:05:16.000000000","message":"Done","commit_id":"79417a7e81541d96ff1c6da2c9b81dc690272a98"},{"author":{"_account_id":6788,"name":"Rossella Sblendido","email":"rsblendido@suse.com","username":"rossella-o"},"change_message_id":"d8a431d47acd12351e5dd60079899c55c6a55d57","unresolved":false,"context_lines":[{"line_number":436,"context_line":"                [--port-id \u003cport-id\u003e]"},{"line_number":437,"context_line":"                [--sg-event \u003cACCEPT/DROP/ALL\u003e]"},{"line_number":438,"context_line":"                [--project \u003cproject\u003e [--project-domain \u003cproject-domain\u003e]]"},{"line_number":439,"context_line":"                name"},{"line_number":440,"context_line":""},{"line_number":441,"context_line":"    os network logging security-group list"},{"line_number":442,"context_line":""}],"source_content_type":"text/x-rst","patch_set":51,"id":"7a77a97e_a28cd0da","line":439,"updated":"2016-11-18 13:47:34.000000000","message":"we should add a field --resource-type . Using the resource type we can check if there\u0027s a logging driver that supports this kind of resource. If there\u0027s none, the request should fail. If there\u0027s one, this driver should handle the request. If we specify --resource-type security-groups, it\u0027s obvious that the --resource-id is the id of a security group","commit_id":"79417a7e81541d96ff1c6da2c9b81dc690272a98"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"b4ef7fac2f2f0206050be7cc30ad39cb1e8764c5","unresolved":false,"context_lines":[{"line_number":436,"context_line":"                [--port-id \u003cport-id\u003e]"},{"line_number":437,"context_line":"                [--sg-event \u003cACCEPT/DROP/ALL\u003e]"},{"line_number":438,"context_line":"                [--project \u003cproject\u003e [--project-domain \u003cproject-domain\u003e]]"},{"line_number":439,"context_line":"                name"},{"line_number":440,"context_line":""},{"line_number":441,"context_line":"    os network logging security-group list"},{"line_number":442,"context_line":""}],"source_content_type":"text/x-rst","patch_set":51,"id":"5a74a57a_d84c1b79","line":439,"in_reply_to":"7a77a97e_a28cd0da","updated":"2016-11-23 11:05:16.000000000","message":"Done","commit_id":"79417a7e81541d96ff1c6da2c9b81dc690272a98"},{"author":{"_account_id":6788,"name":"Rossella Sblendido","email":"rsblendido@suse.com","username":"rossella-o"},"change_message_id":"a908937f9932f52a6c7dcafafcc1a0bc1e61bb7d","unresolved":false,"context_lines":[{"line_number":129,"context_line":"        | start_logging(log_resource)  |   | start_logging(log_resource)|"},{"line_number":130,"context_line":"        | stop_logging(log_resource)   |   | stop_logging(log_resource) |"},{"line_number":131,"context_line":"        | _handle_logging()            |   | ...                        |"},{"line_number":132,"context_line":"        | create_security_group_log    |   +----------------------------+"},{"line_number":133,"context_line":"        | delete_security_group_log    |"},{"line_number":134,"context_line":"        | ...                          |"},{"line_number":135,"context_line":"        +------------------------------+"}],"source_content_type":"text/x-rst","patch_set":52,"id":"5a74a57a_0e8c1a7e","line":132,"range":{"start_line":132,"start_character":10,"end_line":132,"end_character":35},"updated":"2016-11-25 16:13:48.000000000","message":"should this method and the following be private? Shouldn\u0027t they be used only by the driver internally since they are not part of the LoggingDriver interface?","commit_id":"9c1da03f9bca5a46b7e2ecf541b20a501abca5dc"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"99f4c01e78742dea6c1de1a33106452915924a33","unresolved":false,"context_lines":[{"line_number":129,"context_line":"        | start_logging(log_resource)  |   | start_logging(log_resource)|"},{"line_number":130,"context_line":"        | stop_logging(log_resource)   |   | stop_logging(log_resource) |"},{"line_number":131,"context_line":"        | _handle_logging()            |   | ...                        |"},{"line_number":132,"context_line":"        | create_security_group_log    |   +----------------------------+"},{"line_number":133,"context_line":"        | delete_security_group_log    |"},{"line_number":134,"context_line":"        | ...                          |"},{"line_number":135,"context_line":"        +------------------------------+"}],"source_content_type":"text/x-rst","patch_set":52,"id":"5a74a57a_35a2e799","line":132,"range":{"start_line":132,"start_character":10,"end_line":132,"end_character":35},"in_reply_to":"5a74a57a_0e8c1a7e","updated":"2016-11-28 09:13:31.000000000","message":"They should be that. Thanks for your suggestion.","commit_id":"9c1da03f9bca5a46b7e2ecf541b20a501abca5dc"},{"author":{"_account_id":6788,"name":"Rossella Sblendido","email":"rsblendido@suse.com","username":"rossella-o"},"change_message_id":"a908937f9932f52a6c7dcafafcc1a0bc1e61bb7d","unresolved":false,"context_lines":[{"line_number":208,"context_line":""},{"line_number":209,"context_line":"    step2: Check supported logging capabilities::"},{"line_number":210,"context_line":""},{"line_number":211,"context_line":"            GET /v2.0/logging/logging-resources"},{"line_number":212,"context_line":""},{"line_number":213,"context_line":"            Response:"},{"line_number":214,"context_line":"            {"}],"source_content_type":"text/x-rst","patch_set":52,"id":"5a74a57a_aec6c697","line":211,"range":{"start_line":211,"start_character":30,"end_line":211,"end_character":47},"updated":"2016-11-25 16:13:48.000000000","message":"I am still wondering if that\u0027s a good name...maybe \"loggable-resources\" is more straightforward? What do you think? I will see if I can find a better alternative.","commit_id":"9c1da03f9bca5a46b7e2ecf541b20a501abca5dc"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"99f4c01e78742dea6c1de1a33106452915924a33","unresolved":false,"context_lines":[{"line_number":208,"context_line":""},{"line_number":209,"context_line":"    step2: Check supported logging capabilities::"},{"line_number":210,"context_line":""},{"line_number":211,"context_line":"            GET /v2.0/logging/logging-resources"},{"line_number":212,"context_line":""},{"line_number":213,"context_line":"            Response:"},{"line_number":214,"context_line":"            {"}],"source_content_type":"text/x-rst","patch_set":52,"id":"5a74a57a_35c9075a","line":211,"range":{"start_line":211,"start_character":30,"end_line":211,"end_character":47},"in_reply_to":"5a74a57a_aec6c697","updated":"2016-11-28 09:13:31.000000000","message":"I prefer your idea (\"loggable-resources\"). It makes sense. I\u0027ll update my spec.","commit_id":"9c1da03f9bca5a46b7e2ecf541b20a501abca5dc"},{"author":{"_account_id":6854,"name":"YAMAMOTO Takashi","email":"yamamoto@midokura.com","username":"yamamoto"},"change_message_id":"d03a53d3f0fb078ca10bb5f5fea12a3782b81954","unresolved":false,"context_lines":[{"line_number":313,"context_line":""},{"line_number":314,"context_line":""},{"line_number":315,"context_line":"REST API Impact"},{"line_number":316,"context_line":"---------------"},{"line_number":317,"context_line":"The new resources::"},{"line_number":318,"context_line":""},{"line_number":319,"context_line":"    LOGGING_PREFIX \u003d \u0027/logging\u0027"}],"source_content_type":"text/x-rst","patch_set":52,"id":"5a74a57a_71e573da","line":316,"updated":"2016-11-25 16:34:59.000000000","message":"networking-midonet has similar but different api\nfor firewall logging.\n\nhttps://review.openstack.org/#/c/394361/\nhttps://review.openstack.org/#/c/395080/\n\nactually it\u0027s a fork of the earlier version of this spec.\nany chance to make this compatible?","commit_id":"9c1da03f9bca5a46b7e2ecf541b20a501abca5dc"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"99f4c01e78742dea6c1de1a33106452915924a33","unresolved":false,"context_lines":[{"line_number":313,"context_line":""},{"line_number":314,"context_line":""},{"line_number":315,"context_line":"REST API Impact"},{"line_number":316,"context_line":"---------------"},{"line_number":317,"context_line":"The new resources::"},{"line_number":318,"context_line":""},{"line_number":319,"context_line":"    LOGGING_PREFIX \u003d \u0027/logging\u0027"}],"source_content_type":"text/x-rst","patch_set":52,"id":"5a74a57a_75d61ff2","line":316,"in_reply_to":"5a74a57a_71e573da","updated":"2016-11-28 09:13:31.000000000","message":"May you miss some discussions about this specs and my source code [1] since the last time I discussed with you. Our API model has been changed with better shape. It is not only easier to implement, but also more simple for end user. I believe that you can see these things.\nAbout compatibility with your firewall logging API, TBH, I have no idea at the moment. If you have any idea, Could you please present it in this spec for further discussions?\n[1] https://review.openstack.org/#/c/353440/","commit_id":"9c1da03f9bca5a46b7e2ecf541b20a501abca5dc"},{"author":{"_account_id":5367,"name":"boden","email":"bodenvmw@gmail.com","username":"boden"},"change_message_id":"1e049a26a0333df10f4979a1709b04411473afe8","unresolved":false,"context_lines":[{"line_number":47,"context_line":""},{"line_number":48,"context_line":"The scope of this spec implements logging API for security groups based on"},{"line_number":49,"context_line":"legacy hybrid version (iptables-based security groups firewall) for *operator only*."},{"line_number":50,"context_line":"It also layouts a model which can be extended to other resources (e.g Firewall"},{"line_number":51,"context_line":"logging) easily."},{"line_number":52,"context_line":""},{"line_number":53,"context_line":"In case of OVS firewall: The OVS currently doesn\u0027t support a convenient way to"}],"source_content_type":"text/x-rst","patch_set":53,"id":"5a74a57a_b7613b14","line":50,"range":{"start_line":50,"start_character":8,"end_line":50,"end_character":15},"updated":"2016-11-29 22:59:21.000000000","message":"\"lays out\"","commit_id":"a9507d3708b67075a4aadf2864a09e7ad3bbda7f"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"de3ca1c076ffcfe2a3dbf3ef755adc63f5ce9eb4","unresolved":false,"context_lines":[{"line_number":47,"context_line":""},{"line_number":48,"context_line":"The scope of this spec implements logging API for security groups based on"},{"line_number":49,"context_line":"legacy hybrid version (iptables-based security groups firewall) for *operator only*."},{"line_number":50,"context_line":"It also layouts a model which can be extended to other resources (e.g Firewall"},{"line_number":51,"context_line":"logging) easily."},{"line_number":52,"context_line":""},{"line_number":53,"context_line":"In case of OVS firewall: The OVS currently doesn\u0027t support a convenient way to"}],"source_content_type":"text/x-rst","patch_set":53,"id":"1a6eadb0_6ae3e805","line":50,"range":{"start_line":50,"start_character":8,"end_line":50,"end_character":15},"in_reply_to":"5a74a57a_b7613b14","updated":"2016-12-14 08:09:08.000000000","message":"Done","commit_id":"a9507d3708b67075a4aadf2864a09e7ad3bbda7f"},{"author":{"_account_id":5367,"name":"boden","email":"bodenvmw@gmail.com","username":"boden"},"change_message_id":"1e049a26a0333df10f4979a1709b04411473afe8","unresolved":false,"context_lines":[{"line_number":136,"context_line":""},{"line_number":137,"context_line":"The reference implementation can be found in [2]_."},{"line_number":138,"context_line":""},{"line_number":139,"context_line":"The collector is an optional small executable which is implemented as a periodic"},{"line_number":140,"context_line":"task. It runs periodically on nodes (e.g Compute node, ...) and can be triggered by"},{"line_number":141,"context_line":"operator via a cron script."},{"line_number":142,"context_line":""},{"line_number":143,"context_line":"The collector can be configured in its own configuration file and expected to be"},{"line_number":144,"context_line":"able to handle logs rotation. A collector configuration looks like::"},{"line_number":145,"context_line":""},{"line_number":146,"context_line":"    COLLECTOR_CFG_OPTS \u003d ["},{"line_number":147,"context_line":"        cfg.StrOpt(\u0027input_log_path\u0027,"},{"line_number":148,"context_line":"                   default\u003d\u0027/var/log/syslog\u0027"},{"line_number":149,"context_line":"                   help\u003d_(\"Where security events (raw log-data) are logged to.\")),"},{"line_number":150,"context_line":"        cfg.StrOpt(\u0027local_output_log\u0027,"},{"line_number":151,"context_line":"                   default\u003d\u0027/var/log/neutron/\u0027"},{"line_number":152,"context_line":"                   help\u003d_(\"Where log-data is stored in local.\"))"},{"line_number":153,"context_line":"        cfg.StrOpt(\u0027size\u0027,"},{"line_number":154,"context_line":"                   default\u003d1048576,"},{"line_number":155,"context_line":"                   help\u003d(\"Log files are rotated when they grow bigger then size bytes.\")),"},{"line_number":156,"context_line":"        cfg.StrOpt(\u0027rotate\u0027,"},{"line_number":157,"context_line":"                   default\u003d5,"},{"line_number":158,"context_line":"                   help\u003d_(\"Log files are rotated \u003ccount\u003e times before being removed.\"))"},{"line_number":159,"context_line":"    ]"},{"line_number":160,"context_line":""},{"line_number":161,"context_line":"These options are defined by the cloud deployer. The operators can:"},{"line_number":162,"context_line":""}],"source_content_type":"text/x-rst","patch_set":53,"id":"5a74a57a_860faa2d","line":159,"range":{"start_line":139,"start_character":0,"end_line":159,"end_character":5},"updated":"2016-11-29 22:59:21.000000000","message":"I still don\u0027t see why this couldn\u0027t be done outside of neutron (or in a subsequent iteration), but you already vetted that one based on what I see discussed already, so I guess a collecting we will go.","commit_id":"a9507d3708b67075a4aadf2864a09e7ad3bbda7f"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"c45a0495f932144e1f9cf7fc1c720e2972a4b737","unresolved":false,"context_lines":[{"line_number":136,"context_line":""},{"line_number":137,"context_line":"The reference implementation can be found in [2]_."},{"line_number":138,"context_line":""},{"line_number":139,"context_line":"The collector is an optional small executable which is implemented as a periodic"},{"line_number":140,"context_line":"task. It runs periodically on nodes (e.g Compute node, ...) and can be triggered by"},{"line_number":141,"context_line":"operator via a cron script."},{"line_number":142,"context_line":""},{"line_number":143,"context_line":"The collector can be configured in its own configuration file and expected to be"},{"line_number":144,"context_line":"able to handle logs rotation. A collector configuration looks like::"},{"line_number":145,"context_line":""},{"line_number":146,"context_line":"    COLLECTOR_CFG_OPTS \u003d ["},{"line_number":147,"context_line":"        cfg.StrOpt(\u0027input_log_path\u0027,"},{"line_number":148,"context_line":"                   default\u003d\u0027/var/log/syslog\u0027"},{"line_number":149,"context_line":"                   help\u003d_(\"Where security events (raw log-data) are logged to.\")),"},{"line_number":150,"context_line":"        cfg.StrOpt(\u0027local_output_log\u0027,"},{"line_number":151,"context_line":"                   default\u003d\u0027/var/log/neutron/\u0027"},{"line_number":152,"context_line":"                   help\u003d_(\"Where log-data is stored in local.\"))"},{"line_number":153,"context_line":"        cfg.StrOpt(\u0027size\u0027,"},{"line_number":154,"context_line":"                   default\u003d1048576,"},{"line_number":155,"context_line":"                   help\u003d(\"Log files are rotated when they grow bigger then size bytes.\")),"},{"line_number":156,"context_line":"        cfg.StrOpt(\u0027rotate\u0027,"},{"line_number":157,"context_line":"                   default\u003d5,"},{"line_number":158,"context_line":"                   help\u003d_(\"Log files are rotated \u003ccount\u003e times before being removed.\"))"},{"line_number":159,"context_line":"    ]"},{"line_number":160,"context_line":""},{"line_number":161,"context_line":"These options are defined by the cloud deployer. The operators can:"},{"line_number":162,"context_line":""}],"source_content_type":"text/x-rst","patch_set":53,"id":"3a71b18c_8f7b917a","line":159,"range":{"start_line":139,"start_character":0,"end_line":159,"end_character":5},"in_reply_to":"3a71b18c_777546f8","updated":"2016-12-06 08:44:54.000000000","message":"That is my understanding. I\u0027ll prepare to update it if necessary.","commit_id":"a9507d3708b67075a4aadf2864a09e7ad3bbda7f"},{"author":{"_account_id":6788,"name":"Rossella Sblendido","email":"rsblendido@suse.com","username":"rossella-o"},"change_message_id":"c346eadc327b987cf007f966e0c014f92a29d786","unresolved":false,"context_lines":[{"line_number":136,"context_line":""},{"line_number":137,"context_line":"The reference implementation can be found in [2]_."},{"line_number":138,"context_line":""},{"line_number":139,"context_line":"The collector is an optional small executable which is implemented as a periodic"},{"line_number":140,"context_line":"task. It runs periodically on nodes (e.g Compute node, ...) and can be triggered by"},{"line_number":141,"context_line":"operator via a cron script."},{"line_number":142,"context_line":""},{"line_number":143,"context_line":"The collector can be configured in its own configuration file and expected to be"},{"line_number":144,"context_line":"able to handle logs rotation. A collector configuration looks like::"},{"line_number":145,"context_line":""},{"line_number":146,"context_line":"    COLLECTOR_CFG_OPTS \u003d ["},{"line_number":147,"context_line":"        cfg.StrOpt(\u0027input_log_path\u0027,"},{"line_number":148,"context_line":"                   default\u003d\u0027/var/log/syslog\u0027"},{"line_number":149,"context_line":"                   help\u003d_(\"Where security events (raw log-data) are logged to.\")),"},{"line_number":150,"context_line":"        cfg.StrOpt(\u0027local_output_log\u0027,"},{"line_number":151,"context_line":"                   default\u003d\u0027/var/log/neutron/\u0027"},{"line_number":152,"context_line":"                   help\u003d_(\"Where log-data is stored in local.\"))"},{"line_number":153,"context_line":"        cfg.StrOpt(\u0027size\u0027,"},{"line_number":154,"context_line":"                   default\u003d1048576,"},{"line_number":155,"context_line":"                   help\u003d(\"Log files are rotated when they grow bigger then size bytes.\")),"},{"line_number":156,"context_line":"        cfg.StrOpt(\u0027rotate\u0027,"},{"line_number":157,"context_line":"                   default\u003d5,"},{"line_number":158,"context_line":"                   help\u003d_(\"Log files are rotated \u003ccount\u003e times before being removed.\"))"},{"line_number":159,"context_line":"    ]"},{"line_number":160,"context_line":""},{"line_number":161,"context_line":"These options are defined by the cloud deployer. The operators can:"},{"line_number":162,"context_line":""}],"source_content_type":"text/x-rst","patch_set":53,"id":"3a71b18c_777546f8","line":159,"range":{"start_line":139,"start_character":0,"end_line":159,"end_character":5},"in_reply_to":"5a74a57a_860faa2d","updated":"2016-12-05 18:02:23.000000000","message":"the collector is actually outside of neutron. If it\u0027s not clear then we should state that more clearly. The confusion might come from the idea described here of providing a simple collector as binary but it\u0027s not in the scope of neutron to extend or provide more collectors.","commit_id":"a9507d3708b67075a4aadf2864a09e7ad3bbda7f"},{"author":{"_account_id":5367,"name":"boden","email":"bodenvmw@gmail.com","username":"boden"},"change_message_id":"1e049a26a0333df10f4979a1709b04411473afe8","unresolved":false,"context_lines":[{"line_number":172,"context_line":"Operators can collect security events (ACCEPT/DROP or ALL (both ACCEPT and DROP))"},{"line_number":173,"context_line":"for some cases:"},{"line_number":174,"context_line":""},{"line_number":175,"context_line":"    (1) collect events related to a specific security group applied to all"},{"line_number":176,"context_line":"        VMs by giving security group ID."},{"line_number":177,"context_line":""},{"line_number":178,"context_line":"    (2) collect events related to a specific security group applied to a"},{"line_number":179,"context_line":"        specific VM by giving security group ID and neutron port ID."},{"line_number":180,"context_line":""},{"line_number":181,"context_line":"    (3) collect events related to security groups applied to a specific VM"},{"line_number":182,"context_line":"        by giving neutron port ID."},{"line_number":183,"context_line":""},{"line_number":184,"context_line":"    (4) collect events related to security groups in a tenant: in this case"},{"line_number":185,"context_line":"        operators do not need to specify security group ID or neutron port ID."},{"line_number":186,"context_line":"        Please note that if a new VM is launched in this tenant, events related"},{"line_number":187,"context_line":"        to security groups applied on this VM will be collected."},{"line_number":188,"context_line":""},{"line_number":189,"context_line":""},{"line_number":190,"context_line":"Future work beyond this spec"}],"source_content_type":"text/x-rst","patch_set":53,"id":"5a74a57a_43ce64b5","line":187,"range":{"start_line":175,"start_character":4,"end_line":187,"end_character":64},"updated":"2016-11-29 22:59:21.000000000","message":"Are these exclusive ways of collecting; what happens when log collection \"scope\" overlaps with multiple logs?\n\n\nFor example I create a log for my project_id, and then create another log for a specific sec group with or without port? In this case it seems my 1st project-level log would include the sec group from the 2nd log. And then I can disable my project level log; what happens to the others?","commit_id":"a9507d3708b67075a4aadf2864a09e7ad3bbda7f"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"c45a0495f932144e1f9cf7fc1c720e2972a4b737","unresolved":false,"context_lines":[{"line_number":172,"context_line":"Operators can collect security events (ACCEPT/DROP or ALL (both ACCEPT and DROP))"},{"line_number":173,"context_line":"for some cases:"},{"line_number":174,"context_line":""},{"line_number":175,"context_line":"    (1) collect events related to a specific security group applied to all"},{"line_number":176,"context_line":"        VMs by giving security group ID."},{"line_number":177,"context_line":""},{"line_number":178,"context_line":"    (2) collect events related to a specific security group applied to a"},{"line_number":179,"context_line":"        specific VM by giving security group ID and neutron port ID."},{"line_number":180,"context_line":""},{"line_number":181,"context_line":"    (3) collect events related to security groups applied to a specific VM"},{"line_number":182,"context_line":"        by giving neutron port ID."},{"line_number":183,"context_line":""},{"line_number":184,"context_line":"    (4) collect events related to security groups in a tenant: in this case"},{"line_number":185,"context_line":"        operators do not need to specify security group ID or neutron port ID."},{"line_number":186,"context_line":"        Please note that if a new VM is launched in this tenant, events related"},{"line_number":187,"context_line":"        to security groups applied on this VM will be collected."},{"line_number":188,"context_line":""},{"line_number":189,"context_line":""},{"line_number":190,"context_line":"Future work beyond this spec"}],"source_content_type":"text/x-rst","patch_set":53,"id":"3a71b18c_0f6ce19a","line":187,"range":{"start_line":175,"start_character":4,"end_line":187,"end_character":64},"in_reply_to":"3a71b18c_a22f9e86","updated":"2016-12-06 08:44:54.000000000","message":"You\u0027re right. We should develop step by step. Surely, The documentation will be addressed clearly.","commit_id":"a9507d3708b67075a4aadf2864a09e7ad3bbda7f"},{"author":{"_account_id":6788,"name":"Rossella Sblendido","email":"rsblendido@suse.com","username":"rossella-o"},"change_message_id":"c346eadc327b987cf007f966e0c014f92a29d786","unresolved":false,"context_lines":[{"line_number":172,"context_line":"Operators can collect security events (ACCEPT/DROP or ALL (both ACCEPT and DROP))"},{"line_number":173,"context_line":"for some cases:"},{"line_number":174,"context_line":""},{"line_number":175,"context_line":"    (1) collect events related to a specific security group applied to all"},{"line_number":176,"context_line":"        VMs by giving security group ID."},{"line_number":177,"context_line":""},{"line_number":178,"context_line":"    (2) collect events related to a specific security group applied to a"},{"line_number":179,"context_line":"        specific VM by giving security group ID and neutron port ID."},{"line_number":180,"context_line":""},{"line_number":181,"context_line":"    (3) collect events related to security groups applied to a specific VM"},{"line_number":182,"context_line":"        by giving neutron port ID."},{"line_number":183,"context_line":""},{"line_number":184,"context_line":"    (4) collect events related to security groups in a tenant: in this case"},{"line_number":185,"context_line":"        operators do not need to specify security group ID or neutron port ID."},{"line_number":186,"context_line":"        Please note that if a new VM is launched in this tenant, events related"},{"line_number":187,"context_line":"        to security groups applied on this VM will be collected."},{"line_number":188,"context_line":""},{"line_number":189,"context_line":""},{"line_number":190,"context_line":"Future work beyond this spec"}],"source_content_type":"text/x-rst","patch_set":53,"id":"3a71b18c_a22f9e86","line":187,"range":{"start_line":175,"start_character":4,"end_line":187,"end_character":64},"in_reply_to":"3a71b18c_b6f3c09d","updated":"2016-12-05 18:02:23.000000000","message":"An, if one logging resource is targeted to a specific project id and another affects one security group of the same project id we hit the situation boden is describing. that\u0027s a fair point boden. Detecting overlapping \"scopes\" won\u0027t be implemented in this first phase. We should add that in the documentation though.","commit_id":"a9507d3708b67075a4aadf2864a09e7ad3bbda7f"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"f657160d8bb2c5c500338f2560974d02a2322d06","unresolved":false,"context_lines":[{"line_number":172,"context_line":"Operators can collect security events (ACCEPT/DROP or ALL (both ACCEPT and DROP))"},{"line_number":173,"context_line":"for some cases:"},{"line_number":174,"context_line":""},{"line_number":175,"context_line":"    (1) collect events related to a specific security group applied to all"},{"line_number":176,"context_line":"        VMs by giving security group ID."},{"line_number":177,"context_line":""},{"line_number":178,"context_line":"    (2) collect events related to a specific security group applied to a"},{"line_number":179,"context_line":"        specific VM by giving security group ID and neutron port ID."},{"line_number":180,"context_line":""},{"line_number":181,"context_line":"    (3) collect events related to security groups applied to a specific VM"},{"line_number":182,"context_line":"        by giving neutron port ID."},{"line_number":183,"context_line":""},{"line_number":184,"context_line":"    (4) collect events related to security groups in a tenant: in this case"},{"line_number":185,"context_line":"        operators do not need to specify security group ID or neutron port ID."},{"line_number":186,"context_line":"        Please note that if a new VM is launched in this tenant, events related"},{"line_number":187,"context_line":"        to security groups applied on this VM will be collected."},{"line_number":188,"context_line":""},{"line_number":189,"context_line":""},{"line_number":190,"context_line":"Future work beyond this spec"}],"source_content_type":"text/x-rst","patch_set":53,"id":"3a71b18c_b6f3c09d","line":187,"range":{"start_line":175,"start_character":4,"end_line":187,"end_character":64},"in_reply_to":"5a74a57a_43ce64b5","updated":"2016-12-02 09:52:37.000000000","message":"Each \u0027LoggingResource\u0027 will be identified by logging-resource-id as L264. So it will not effect to others.","commit_id":"a9507d3708b67075a4aadf2864a09e7ad3bbda7f"},{"author":{"_account_id":5367,"name":"boden","email":"bodenvmw@gmail.com","username":"boden"},"change_message_id":"1e049a26a0333df10f4979a1709b04411473afe8","unresolved":false,"context_lines":[{"line_number":208,"context_line":""},{"line_number":209,"context_line":"    step2: Check supported logging capabilities::"},{"line_number":210,"context_line":""},{"line_number":211,"context_line":"            GET /v2.0/logging/loggable-resources"},{"line_number":212,"context_line":""},{"line_number":213,"context_line":"            Response:"},{"line_number":214,"context_line":"            {"}],"source_content_type":"text/x-rst","patch_set":53,"id":"5a74a57a_a3ac988d","line":211,"range":{"start_line":211,"start_character":30,"end_line":211,"end_character":48},"updated":"2016-11-29 22:59:21.000000000","message":"Another option might be to just use \u0027types\u0027 here and change the response key to \"types\" as well.","commit_id":"a9507d3708b67075a4aadf2864a09e7ad3bbda7f"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"f657160d8bb2c5c500338f2560974d02a2322d06","unresolved":false,"context_lines":[{"line_number":208,"context_line":""},{"line_number":209,"context_line":"    step2: Check supported logging capabilities::"},{"line_number":210,"context_line":""},{"line_number":211,"context_line":"            GET /v2.0/logging/loggable-resources"},{"line_number":212,"context_line":""},{"line_number":213,"context_line":"            Response:"},{"line_number":214,"context_line":"            {"}],"source_content_type":"text/x-rst","patch_set":53,"id":"3a71b18c_d6e11c9c","line":211,"range":{"start_line":211,"start_character":30,"end_line":211,"end_character":48},"in_reply_to":"5a74a57a_a3ac988d","updated":"2016-12-02 09:52:37.000000000","message":"Thanks for suggestion.","commit_id":"a9507d3708b67075a4aadf2864a09e7ad3bbda7f"},{"author":{"_account_id":5367,"name":"boden","email":"bodenvmw@gmail.com","username":"boden"},"change_message_id":"1e049a26a0333df10f4979a1709b04411473afe8","unresolved":false,"context_lines":[{"line_number":212,"context_line":""},{"line_number":213,"context_line":"            Response:"},{"line_number":214,"context_line":"            {"},{"line_number":215,"context_line":"              \"type\": [\"security_group\"]"},{"line_number":216,"context_line":"            }"},{"line_number":217,"context_line":""},{"line_number":218,"context_line":"    step3: Define events related to security groups need collecting for this"}],"source_content_type":"text/x-rst","patch_set":53,"id":"5a74a57a_e3b4d0d5","line":215,"range":{"start_line":215,"start_character":24,"end_line":215,"end_character":38},"updated":"2016-11-29 22:59:21.000000000","message":"Pretty bare bones, but I guess we probably don\u0027t need more.","commit_id":"a9507d3708b67075a4aadf2864a09e7ad3bbda7f"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"f657160d8bb2c5c500338f2560974d02a2322d06","unresolved":false,"context_lines":[{"line_number":212,"context_line":""},{"line_number":213,"context_line":"            Response:"},{"line_number":214,"context_line":"            {"},{"line_number":215,"context_line":"              \"type\": [\"security_group\"]"},{"line_number":216,"context_line":"            }"},{"line_number":217,"context_line":""},{"line_number":218,"context_line":"    step3: Define events related to security groups need collecting for this"}],"source_content_type":"text/x-rst","patch_set":53,"id":"3a71b18c_51eb56b0","line":215,"range":{"start_line":215,"start_character":24,"end_line":215,"end_character":38},"in_reply_to":"5a74a57a_e3b4d0d5","updated":"2016-12-02 09:52:37.000000000","message":"The response will let user know about the supporting logging resource types so I think it is necessary for end user.","commit_id":"a9507d3708b67075a4aadf2864a09e7ad3bbda7f"},{"author":{"_account_id":13702,"name":"yushiro","username":"yushiro","inactive":true},"change_message_id":"385369de755de274f5bb9e06f0ffb5183e765ff0","unresolved":false,"context_lines":[{"line_number":213,"context_line":"            Response:"},{"line_number":214,"context_line":"            {"},{"line_number":215,"context_line":"              \"type\": [\"security_group\"]"},{"line_number":216,"context_line":"            }"},{"line_number":217,"context_line":""},{"line_number":218,"context_line":"    step3: Define events related to security groups need collecting for this"},{"line_number":219,"context_line":"           tenant. For example, operator wants to collect all ACCEPT \u0026 DROP"}],"source_content_type":"text/x-rst","patch_set":53,"id":"1a6eadb0_0ca0d442","line":216,"updated":"2016-12-14 07:12:05.000000000","message":"It should be aligned with existing response format like \"v2.0/qos/rule-types\".  This API returns as follows:\n\n\u003e neutron qos-available-rule-types\n\n* {\"rule_types\": [{\"type\": \"bandwidth_limit\"}]}\n\nTherefore, we should fix as follows:\n\n* {\"loggable_resources\": [{\"type\": \"security_group\"}]}\n\nor \n\n* {\"log_types\": [{\"type\": \"security_group\"}]}","commit_id":"a9507d3708b67075a4aadf2864a09e7ad3bbda7f"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"de3ca1c076ffcfe2a3dbf3ef755adc63f5ce9eb4","unresolved":false,"context_lines":[{"line_number":213,"context_line":"            Response:"},{"line_number":214,"context_line":"            {"},{"line_number":215,"context_line":"              \"type\": [\"security_group\"]"},{"line_number":216,"context_line":"            }"},{"line_number":217,"context_line":""},{"line_number":218,"context_line":"    step3: Define events related to security groups need collecting for this"},{"line_number":219,"context_line":"           tenant. For example, operator wants to collect all ACCEPT \u0026 DROP"}],"source_content_type":"text/x-rst","patch_set":53,"id":"1a6eadb0_caa15cab","line":216,"in_reply_to":"1a6eadb0_0ca0d442","updated":"2016-12-14 08:09:08.000000000","message":"Done","commit_id":"a9507d3708b67075a4aadf2864a09e7ad3bbda7f"},{"author":{"_account_id":5367,"name":"boden","email":"bodenvmw@gmail.com","username":"boden"},"change_message_id":"1e049a26a0333df10f4979a1709b04411473afe8","unresolved":false,"context_lines":[{"line_number":301,"context_line":"|resource_type      |string |RW(No  |N/A      |none       |Logging resource type     |"},{"line_number":302,"context_line":"|                   |       |update)|         |           |                          |"},{"line_number":303,"context_line":"+-------------------+-------+-------+---------+-----------+--------------------------+"},{"line_number":304,"context_line":"|resource_id        |string |RW(No  |N/A      |uuid       |Resource ID which is      |"},{"line_number":305,"context_line":"|                   |(UUID) |update)|N/A      |           |enabled log               |"},{"line_number":306,"context_line":"+-------------------+-------+-------+---------+-----------+--------------------------+"},{"line_number":307,"context_line":"|security_event     |enum   |RW(No  |N/A      |enum       |ACCEPT/DROP or ALL        |"}],"source_content_type":"text/x-rst","patch_set":53,"id":"5a74a57a_e6721eb0","line":304,"range":{"start_line":304,"start_character":1,"end_line":304,"end_character":12},"updated":"2016-11-29 22:59:21.000000000","message":"Thinking in terms of vendor plugins supporting this extension; while some SDN solutions do support logging, not all of them support it at the port level. I guess if they decide to support this, they\u0027ll have to override the necessary logic in their plugin to only support per sec-group and document behavior as such... The same applies to other specifics herein such as ACCEPT/DROP/ALL (some SDN only support the notion of ALL).","commit_id":"a9507d3708b67075a4aadf2864a09e7ad3bbda7f"},{"author":{"_account_id":5367,"name":"boden","email":"bodenvmw@gmail.com","username":"boden"},"change_message_id":"1e049a26a0333df10f4979a1709b04411473afe8","unresolved":false,"context_lines":[{"line_number":307,"context_line":"|security_event     |enum   |RW(No  |N/A      |enum       |ACCEPT/DROP or ALL        |"},{"line_number":308,"context_line":"|                   |       |update)|         |           |                          |"},{"line_number":309,"context_line":"+-------------------+-------+-------+---------+-----------+--------------------------+"},{"line_number":310,"context_line":"|parent_resource_id |string |RW(No  |N/A      |uuid       |Parent resource ID which  |"},{"line_number":311,"context_line":"|                   |(UUID) |update)|         |           |could be port or router ID|"},{"line_number":312,"context_line":"+-------------------+-------+-------+---------+-----------+--------------------------+"},{"line_number":313,"context_line":""}],"source_content_type":"text/x-rst","patch_set":53,"id":"5a74a57a_0330ec9d","line":310,"range":{"start_line":310,"start_character":1,"end_line":310,"end_character":19},"updated":"2016-11-29 22:59:21.000000000","message":"Not to dig too deep, but hopefully if parent_resource_id is used with resource_id, it\u0027s verified to be a proper parent before the API returns successful :)","commit_id":"a9507d3708b67075a4aadf2864a09e7ad3bbda7f"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"f657160d8bb2c5c500338f2560974d02a2322d06","unresolved":false,"context_lines":[{"line_number":307,"context_line":"|security_event     |enum   |RW(No  |N/A      |enum       |ACCEPT/DROP or ALL        |"},{"line_number":308,"context_line":"|                   |       |update)|         |           |                          |"},{"line_number":309,"context_line":"+-------------------+-------+-------+---------+-----------+--------------------------+"},{"line_number":310,"context_line":"|parent_resource_id |string |RW(No  |N/A      |uuid       |Parent resource ID which  |"},{"line_number":311,"context_line":"|                   |(UUID) |update)|         |           |could be port or router ID|"},{"line_number":312,"context_line":"+-------------------+-------+-------+---------+-----------+--------------------------+"},{"line_number":313,"context_line":""}],"source_content_type":"text/x-rst","patch_set":53,"id":"3a71b18c_9147ae1c","line":310,"range":{"start_line":310,"start_character":1,"end_line":310,"end_character":19},"in_reply_to":"5a74a57a_0330ec9d","updated":"2016-12-02 09:52:37.000000000","message":"Thanks for your suggestion for implementation.","commit_id":"a9507d3708b67075a4aadf2864a09e7ad3bbda7f"},{"author":{"_account_id":5367,"name":"boden","email":"bodenvmw@gmail.com","username":"boden"},"change_message_id":"1e049a26a0333df10f4979a1709b04411473afe8","unresolved":false,"context_lines":[{"line_number":314,"context_line":""},{"line_number":315,"context_line":"REST API Impact"},{"line_number":316,"context_line":"---------------"},{"line_number":317,"context_line":"The new resources::"},{"line_number":318,"context_line":""},{"line_number":319,"context_line":"    LOGGING_PREFIX \u003d \u0027/logging\u0027"},{"line_number":320,"context_line":"    SECURITY_EVENT \u003d [\u0027ACCEPT\u0027, \u0027DROP\u0027, \u0027ALL\u0027]"}],"source_content_type":"text/x-rst","patch_set":53,"id":"5a74a57a_e3777006","line":317,"updated":"2016-11-29 22:59:21.000000000","message":"Maybe worth a note; this should go right into neutron-lib api definitions [1].\n\n\n[1] https://github.com/openstack/neutron-lib/tree/master/neutron_lib/api/definitions","commit_id":"a9507d3708b67075a4aadf2864a09e7ad3bbda7f"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"f657160d8bb2c5c500338f2560974d02a2322d06","unresolved":false,"context_lines":[{"line_number":314,"context_line":""},{"line_number":315,"context_line":"REST API Impact"},{"line_number":316,"context_line":"---------------"},{"line_number":317,"context_line":"The new resources::"},{"line_number":318,"context_line":""},{"line_number":319,"context_line":"    LOGGING_PREFIX \u003d \u0027/logging\u0027"},{"line_number":320,"context_line":"    SECURITY_EVENT \u003d [\u0027ACCEPT\u0027, \u0027DROP\u0027, \u0027ALL\u0027]"}],"source_content_type":"text/x-rst","patch_set":53,"id":"3a71b18c_76dcc8e4","line":317,"in_reply_to":"5a74a57a_e3777006","updated":"2016-12-02 09:52:37.000000000","message":"Yes, This note is worth for me. Many thanks.","commit_id":"a9507d3708b67075a4aadf2864a09e7ad3bbda7f"},{"author":{"_account_id":841,"name":"Akihiro Motoki","email":"amotoki@gmail.com","username":"amotoki"},"change_message_id":"de2016192fa282a8f29380bd8507493f73c99401","unresolved":false,"context_lines":[{"line_number":55,"context_line":"a log line per packet to a file by inserting an \u0027action\u003dcontroller\u0027 to each OVS"},{"line_number":56,"context_line":"firewall\u0027s flow. It\u0027s complex to implement and will be inherently slow as much"},{"line_number":57,"context_line":"more packets will go through the controller. Therefore, logging for OVS firewall"},{"line_number":58,"context_line":"is out of the scope of this spec and will be tackled in a new one."},{"line_number":59,"context_line":""},{"line_number":60,"context_line":"Logging implementation"},{"line_number":61,"context_line":"----------------------"}],"source_content_type":"text/x-rst","patch_set":54,"id":"da4df55a_d2dc8b14","line":58,"updated":"2016-12-26 08:54:57.000000000","message":"Although It sounds reasonable to make OVS firewall support out of scope, packet counter per registered flow rule might help debugging. This is just an idea.","commit_id":"8ab0ed5f07d7a8d1ecef87c3d61537aff8972d53"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"7d14a0709a35eff393ce8998351acc1892e63562","unresolved":false,"context_lines":[{"line_number":55,"context_line":"a log line per packet to a file by inserting an \u0027action\u003dcontroller\u0027 to each OVS"},{"line_number":56,"context_line":"firewall\u0027s flow. It\u0027s complex to implement and will be inherently slow as much"},{"line_number":57,"context_line":"more packets will go through the controller. Therefore, logging for OVS firewall"},{"line_number":58,"context_line":"is out of the scope of this spec and will be tackled in a new one."},{"line_number":59,"context_line":""},{"line_number":60,"context_line":"Logging implementation"},{"line_number":61,"context_line":"----------------------"}],"source_content_type":"text/x-rst","patch_set":54,"id":"da4df55a_516159d2","line":58,"in_reply_to":"da4df55a_d2dc8b14","updated":"2016-12-27 11:48:35.000000000","message":"Thanks for your understanding and suggestion for future plan.","commit_id":"8ab0ed5f07d7a8d1ecef87c3d61537aff8972d53"},{"author":{"_account_id":841,"name":"Akihiro Motoki","email":"amotoki@gmail.com","username":"amotoki"},"change_message_id":"de2016192fa282a8f29380bd8507493f73c99401","unresolved":false,"context_lines":[{"line_number":147,"context_line":"        cfg.StrOpt(\u0027input_log_path\u0027,"},{"line_number":148,"context_line":"                   default\u003d\u0027/var/log/syslog\u0027"},{"line_number":149,"context_line":"                   help\u003d_(\"Where security events (raw log-data) are logged to.\")),"},{"line_number":150,"context_line":"        cfg.StrOpt(\u0027local_output_log\u0027,"},{"line_number":151,"context_line":"                   default\u003d\u0027/var/log/neutron/\u0027"},{"line_number":152,"context_line":"                   help\u003d_(\"Where log-data is stored in local.\"))"},{"line_number":153,"context_line":"        cfg.StrOpt(\u0027size\u0027,"}],"source_content_type":"text/x-rst","patch_set":54,"id":"da4df55a_d24f2bbb","line":150,"range":{"start_line":150,"start_character":20,"end_line":150,"end_character":37},"updated":"2016-12-26 08:54:57.000000000","message":"(no action required) it is better to have a suffix like \u0027_base\u0027 as it is not a file path.","commit_id":"8ab0ed5f07d7a8d1ecef87c3d61537aff8972d53"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"7d14a0709a35eff393ce8998351acc1892e63562","unresolved":false,"context_lines":[{"line_number":147,"context_line":"        cfg.StrOpt(\u0027input_log_path\u0027,"},{"line_number":148,"context_line":"                   default\u003d\u0027/var/log/syslog\u0027"},{"line_number":149,"context_line":"                   help\u003d_(\"Where security events (raw log-data) are logged to.\")),"},{"line_number":150,"context_line":"        cfg.StrOpt(\u0027local_output_log\u0027,"},{"line_number":151,"context_line":"                   default\u003d\u0027/var/log/neutron/\u0027"},{"line_number":152,"context_line":"                   help\u003d_(\"Where log-data is stored in local.\"))"},{"line_number":153,"context_line":"        cfg.StrOpt(\u0027size\u0027,"}],"source_content_type":"text/x-rst","patch_set":54,"id":"da4df55a_9184a15e","line":150,"range":{"start_line":150,"start_character":20,"end_line":150,"end_character":37},"in_reply_to":"da4df55a_d24f2bbb","updated":"2016-12-27 11:48:35.000000000","message":"Done","commit_id":"8ab0ed5f07d7a8d1ecef87c3d61537aff8972d53"},{"author":{"_account_id":1653,"name":"garyk","email":"gkotton@vmware.com","username":"garyk"},"change_message_id":"f3b0880c3d985468f9e0e9cc4307e32950124250","unresolved":false,"context_lines":[{"line_number":260,"context_line":""},{"line_number":261,"context_line":"* log-data of an ACCEPT event::"},{"line_number":262,"context_line":""},{"line_number":263,"context_line":"    Mar 14 10:22:04 localhost 5f126d84-551a-4dcf-bb0-ACCEPT IN\u003dqbr9a0655d0-33"},{"line_number":264,"context_line":"    OUT\u003dqbr9a0655d0-33 MAC\u003dfa:16:3e:55:cd:85:fa:16:3e:d1:41:49:08:00 SRC\u003d10.0.0.3"},{"line_number":265,"context_line":"    DST\u003d22.22.22.3 LEN\u003d60 TOS\u003d00 PREC\u003d0x00 TTL\u003d64 ID\u003d52446 DF PROTO\u003dTCP SPT\u003d55211"},{"line_number":266,"context_line":"    DPT\u003d12865 SEQ\u003d3123701752 ACK\u003d0 WINDOW\u003d28200 SYN URGP\u003d0 UID\u003d0 GID\u003d0 MARK\u003d0"}],"source_content_type":"text/x-rst","patch_set":54,"id":"1a6eadb0_bc6a577f","line":263,"range":{"start_line":263,"start_character":30,"end_line":263,"end_character":59},"updated":"2016-12-15 15:38:27.000000000","message":"how does this translate to the securioty group and to the specific rule?","commit_id":"8ab0ed5f07d7a8d1ecef87c3d61537aff8972d53"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"846cd2c04b475c96f930cfa54637dc5216be4405","unresolved":false,"context_lines":[{"line_number":260,"context_line":""},{"line_number":261,"context_line":"* log-data of an ACCEPT event::"},{"line_number":262,"context_line":""},{"line_number":263,"context_line":"    Mar 14 10:22:04 localhost 5f126d84-551a-4dcf-bb0-ACCEPT IN\u003dqbr9a0655d0-33"},{"line_number":264,"context_line":"    OUT\u003dqbr9a0655d0-33 MAC\u003dfa:16:3e:55:cd:85:fa:16:3e:d1:41:49:08:00 SRC\u003d10.0.0.3"},{"line_number":265,"context_line":"    DST\u003d22.22.22.3 LEN\u003d60 TOS\u003d00 PREC\u003d0x00 TTL\u003d64 ID\u003d52446 DF PROTO\u003dTCP SPT\u003d55211"},{"line_number":266,"context_line":"    DPT\u003d12865 SEQ\u003d3123701752 ACK\u003d0 WINDOW\u003d28200 SYN URGP\u003d0 UID\u003d0 GID\u003d0 MARK\u003d0"}],"source_content_type":"text/x-rst","patch_set":54,"id":"1a6eadb0_2050be0a","line":263,"range":{"start_line":263,"start_character":30,"end_line":263,"end_character":59},"in_reply_to":"1a6eadb0_bc6a577f","updated":"2016-12-16 08:37:58.000000000","message":"@garyk: We provide \u0027log-id\u0027 to know exactly which log object is logging. From \u0027log-id\u0027 we can specify which security group(s) (through resource_id) is being logged. The security group rule can also be specified through SRC (source_ip), DST (dst_ip) and PROTO (protocol), SPT (source port), DPT (destination port).","commit_id":"8ab0ed5f07d7a8d1ecef87c3d61537aff8972d53"},{"author":{"_account_id":841,"name":"Akihiro Motoki","email":"amotoki@gmail.com","username":"amotoki"},"change_message_id":"de2016192fa282a8f29380bd8507493f73c99401","unresolved":false,"context_lines":[{"line_number":300,"context_line":"|resource_type      |string |RW(No  |N/A      |none       |Logging resource type     |"},{"line_number":301,"context_line":"|                   |       |update)|         |           |                          |"},{"line_number":302,"context_line":"+-------------------+-------+-------+---------+-----------+--------------------------+"},{"line_number":303,"context_line":"|resource_id        |string |RW(No  |N/A      |uuid       |Resource ID which is      |"},{"line_number":304,"context_line":"|                   |(UUID) |update)|N/A      |           |enabled log               |"},{"line_number":305,"context_line":"+-------------------+-------+-------+---------+-----------+--------------------------+"},{"line_number":306,"context_line":"|event              |enum   |RW(No  |N/A      |enum       |ACCEPT/DROP or ALL        |"},{"line_number":307,"context_line":"|                   |       |update)|         |           |                          |"}],"source_content_type":"text/x-rst","patch_set":54,"id":"da4df55a_e6d70deb","line":304,"range":{"start_line":303,"start_character":59,"end_line":304,"end_character":71},"updated":"2016-12-26 08:54:57.000000000","message":"I would like to see more detail description of resource_id here.\nresource_type would be like \u0027security-group\u0027 and resource_id would be SG-ID in the initial implementation.","commit_id":"8ab0ed5f07d7a8d1ecef87c3d61537aff8972d53"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"7d14a0709a35eff393ce8998351acc1892e63562","unresolved":false,"context_lines":[{"line_number":300,"context_line":"|resource_type      |string |RW(No  |N/A      |none       |Logging resource type     |"},{"line_number":301,"context_line":"|                   |       |update)|         |           |                          |"},{"line_number":302,"context_line":"+-------------------+-------+-------+---------+-----------+--------------------------+"},{"line_number":303,"context_line":"|resource_id        |string |RW(No  |N/A      |uuid       |Resource ID which is      |"},{"line_number":304,"context_line":"|                   |(UUID) |update)|N/A      |           |enabled log               |"},{"line_number":305,"context_line":"+-------------------+-------+-------+---------+-----------+--------------------------+"},{"line_number":306,"context_line":"|event              |enum   |RW(No  |N/A      |enum       |ACCEPT/DROP or ALL        |"},{"line_number":307,"context_line":"|                   |       |update)|         |           |                          |"}],"source_content_type":"text/x-rst","patch_set":54,"id":"da4df55a_d17aa976","line":304,"range":{"start_line":303,"start_character":59,"end_line":304,"end_character":71},"in_reply_to":"da4df55a_641eb460","updated":"2016-12-27 11:48:35.000000000","message":"It will be updated in next patch-set.","commit_id":"8ab0ed5f07d7a8d1ecef87c3d61537aff8972d53"},{"author":{"_account_id":6854,"name":"YAMAMOTO Takashi","email":"yamamoto@midokura.com","username":"yamamoto"},"change_message_id":"0d4cad0cf197598b666181f09844096099f9dafa","unresolved":false,"context_lines":[{"line_number":300,"context_line":"|resource_type      |string |RW(No  |N/A      |none       |Logging resource type     |"},{"line_number":301,"context_line":"|                   |       |update)|         |           |                          |"},{"line_number":302,"context_line":"+-------------------+-------+-------+---------+-----------+--------------------------+"},{"line_number":303,"context_line":"|resource_id        |string |RW(No  |N/A      |uuid       |Resource ID which is      |"},{"line_number":304,"context_line":"|                   |(UUID) |update)|N/A      |           |enabled log               |"},{"line_number":305,"context_line":"+-------------------+-------+-------+---------+-----------+--------------------------+"},{"line_number":306,"context_line":"|event              |enum   |RW(No  |N/A      |enum       |ACCEPT/DROP or ALL        |"},{"line_number":307,"context_line":"|                   |       |update)|         |           |                          |"}],"source_content_type":"text/x-rst","patch_set":54,"id":"da4df55a_641eb460","line":304,"range":{"start_line":303,"start_character":59,"end_line":304,"end_character":71},"in_reply_to":"da4df55a_e6d70deb","updated":"2016-12-26 10:37:39.000000000","message":"while having examples are fine,\nit\u0027s better to avoid making SG stuff mandatory.","commit_id":"8ab0ed5f07d7a8d1ecef87c3d61537aff8972d53"},{"author":{"_account_id":6854,"name":"YAMAMOTO Takashi","email":"yamamoto@midokura.com","username":"yamamoto"},"change_message_id":"0d4cad0cf197598b666181f09844096099f9dafa","unresolved":false,"context_lines":[{"line_number":307,"context_line":"|                   |       |update)|         |           |                          |"},{"line_number":308,"context_line":"+-------------------+-------+-------+---------+-----------+--------------------------+"},{"line_number":309,"context_line":"|parent_resource_id |string |RW(No  |N/A      |uuid       |Parent resource ID which  |"},{"line_number":310,"context_line":"|                   |(UUID) |update)|         |           |could be port or router ID|"},{"line_number":311,"context_line":"+-------------------+-------+-------+---------+-----------+--------------------------+"},{"line_number":312,"context_line":""},{"line_number":313,"context_line":""}],"source_content_type":"text/x-rst","patch_set":54,"id":"da4df55a_044a48ac","line":310,"range":{"start_line":310,"start_character":76,"end_line":310,"end_character":85},"updated":"2016-12-26 10:37:39.000000000","message":"in which case it can be a router ID?","commit_id":"8ab0ed5f07d7a8d1ecef87c3d61537aff8972d53"},{"author":{"_account_id":841,"name":"Akihiro Motoki","email":"amotoki@gmail.com","username":"amotoki"},"change_message_id":"0e5421b706526b8b2025f310879515aeda3a7a58","unresolved":false,"context_lines":[{"line_number":307,"context_line":"|                   |       |update)|         |           |                          |"},{"line_number":308,"context_line":"+-------------------+-------+-------+---------+-----------+--------------------------+"},{"line_number":309,"context_line":"|parent_resource_id |string |RW(No  |N/A      |uuid       |Parent resource ID which  |"},{"line_number":310,"context_line":"|                   |(UUID) |update)|         |           |could be port or router ID|"},{"line_number":311,"context_line":"+-------------------+-------+-------+---------+-----------+--------------------------+"},{"line_number":312,"context_line":""},{"line_number":313,"context_line":""}],"source_content_type":"text/x-rst","patch_set":54,"id":"da4df55a_80553bfb","line":310,"range":{"start_line":310,"start_character":76,"end_line":310,"end_character":85},"in_reply_to":"da4df55a_044a48ac","updated":"2016-12-26 16:25:20.000000000","message":"Perhaps the author(s) are thinking about FWaaS :)\nIt is good for example, but it is out of scope of this spec.\nI am okay to have this as it helps our understandings.","commit_id":"8ab0ed5f07d7a8d1ecef87c3d61537aff8972d53"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"7d14a0709a35eff393ce8998351acc1892e63562","unresolved":false,"context_lines":[{"line_number":307,"context_line":"|                   |       |update)|         |           |                          |"},{"line_number":308,"context_line":"+-------------------+-------+-------+---------+-----------+--------------------------+"},{"line_number":309,"context_line":"|parent_resource_id |string |RW(No  |N/A      |uuid       |Parent resource ID which  |"},{"line_number":310,"context_line":"|                   |(UUID) |update)|         |           |could be port or router ID|"},{"line_number":311,"context_line":"+-------------------+-------+-------+---------+-----------+--------------------------+"},{"line_number":312,"context_line":""},{"line_number":313,"context_line":""}],"source_content_type":"text/x-rst","patch_set":54,"id":"da4df55a_b1f0c5ff","line":310,"range":{"start_line":310,"start_character":76,"end_line":310,"end_character":85},"in_reply_to":"da4df55a_80553bfb","updated":"2016-12-27 11:48:35.000000000","message":"Thanks Akihiro-san for explaining my idea.","commit_id":"8ab0ed5f07d7a8d1ecef87c3d61537aff8972d53"},{"author":{"_account_id":7715,"name":"Hirofumi Ichihara","email":"ichihara.hirofumi@gmail.com","username":"Hirofumi-Ichihara"},"change_message_id":"85e4f1f6e0c645e8efcec0be09019b87666688f5","unresolved":false,"context_lines":[{"line_number":309,"context_line":"|parent_resource_id |string |RW(No  |N/A      |uuid       |Parent resource ID which  |"},{"line_number":310,"context_line":"|                   |(UUID) |update)|         |           |could be port or router ID|"},{"line_number":311,"context_line":"+-------------------+-------+-------+---------+-----------+--------------------------+"},{"line_number":312,"context_line":""},{"line_number":313,"context_line":""},{"line_number":314,"context_line":"REST API Impact"},{"line_number":315,"context_line":"---------------"}],"source_content_type":"text/x-rst","patch_set":54,"id":"1a6eadb0_8ed3ef37","line":312,"updated":"2016-12-20 14:59:27.000000000","message":"Just question: We can specify a resource which we want to collect the log when we post API with the resource_id, right? How do we use parent_resource_id? When we post API with a port\u0027s id as parent_resource_id, this logging system collects logs of all security group assinged to the port, right? Is my understanding right?","commit_id":"8ab0ed5f07d7a8d1ecef87c3d61537aff8972d53"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"41b92570c11e0853c8fa92ac7715cfb949db0069","unresolved":false,"context_lines":[{"line_number":309,"context_line":"|parent_resource_id |string |RW(No  |N/A      |uuid       |Parent resource ID which  |"},{"line_number":310,"context_line":"|                   |(UUID) |update)|         |           |could be port or router ID|"},{"line_number":311,"context_line":"+-------------------+-------+-------+---------+-----------+--------------------------+"},{"line_number":312,"context_line":""},{"line_number":313,"context_line":""},{"line_number":314,"context_line":"REST API Impact"},{"line_number":315,"context_line":"---------------"}],"source_content_type":"text/x-rst","patch_set":54,"id":"1a6eadb0_9fcea081","line":312,"in_reply_to":"1a6eadb0_64a5bd02","updated":"2016-12-21 02:45:58.000000000","message":"Hi Hirofumi-san,\n\n\u003e If you respin this patch, I\u0027d like you to add the description\n\nOf course, I\u0027ll note it in the document to make user convenient.\n\n\u003e For example, when we set sg_id_A to resource_id and port_id(sg_id_B and sg_id_C are assigned) to parent_resource_id, logging system collects logs of sg_id_A, sg_id_B, and sg_id_C Or we cannot set values into both resource_id and parent_resource_id in a logging resource?\n\nActually with my current implementation, the API will raise a InvalidInput exception as in [1]. We can set values for both resource_id and parent_resource_id if parent_resource_id is bound with resource_id [1].\nAbout detail in implementation, let\u0027s discuss on here [2] \n[1] https://review.openstack.org/#/c/395504/9/neutron/services/logapi/common/validators.py@54\n[2] https://review.openstack.org/#/c/395504/\n\nMany thanks for your reviews :)","commit_id":"8ab0ed5f07d7a8d1ecef87c3d61537aff8972d53"},{"author":{"_account_id":7715,"name":"Hirofumi Ichihara","email":"ichihara.hirofumi@gmail.com","username":"Hirofumi-Ichihara"},"change_message_id":"48b299b3ad4a7e4fc93c090089c90aaa89087e3b","unresolved":false,"context_lines":[{"line_number":309,"context_line":"|parent_resource_id |string |RW(No  |N/A      |uuid       |Parent resource ID which  |"},{"line_number":310,"context_line":"|                   |(UUID) |update)|         |           |could be port or router ID|"},{"line_number":311,"context_line":"+-------------------+-------+-------+---------+-----------+--------------------------+"},{"line_number":312,"context_line":""},{"line_number":313,"context_line":""},{"line_number":314,"context_line":"REST API Impact"},{"line_number":315,"context_line":"---------------"}],"source_content_type":"text/x-rst","patch_set":54,"id":"1a6eadb0_64a5bd02","line":312,"in_reply_to":"1a6eadb0_79d73bed","updated":"2016-12-21 01:56:12.000000000","message":"If you respin this patch, I\u0027d like you to add the description.\n\nAnd I still have a question about the behavior of resource_id and parent_resource_id. For example, when we set sg_id_A to resource_id and port_id(sg_id_B and sg_id_C are assigned) to parent_resource_id, logging system collects logs of sg_id_A, sg_id_B, and sg_id_C? Or we cannot set values into both resource_id and parent_resource_id in a logging resource? Well, I think that we can consider such detail in implementation patch not this spec.","commit_id":"8ab0ed5f07d7a8d1ecef87c3d61537aff8972d53"},{"author":{"_account_id":13702,"name":"yushiro","username":"yushiro","inactive":true},"change_message_id":"327dc53da1fbcb211562b069c4256450e0117dd3","unresolved":false,"context_lines":[{"line_number":309,"context_line":"|parent_resource_id |string |RW(No  |N/A      |uuid       |Parent resource ID which  |"},{"line_number":310,"context_line":"|                   |(UUID) |update)|         |           |could be port or router ID|"},{"line_number":311,"context_line":"+-------------------+-------+-------+---------+-----------+--------------------------+"},{"line_number":312,"context_line":""},{"line_number":313,"context_line":""},{"line_number":314,"context_line":"REST API Impact"},{"line_number":315,"context_line":"---------------"}],"source_content_type":"text/x-rst","patch_set":54,"id":"1a6eadb0_79d73bed","line":312,"in_reply_to":"1a6eadb0_8ed3ef37","updated":"2016-12-20 15:16:33.000000000","message":"\u003e We can specify a resource which we want to collect the log when we post API with the resource_id, right? \n\nYou\u0027re right.  You can specify sg_id as a \u0027resource_id\u0027 or port_id as a \u0027parent_resource_id.\n\n\u003e When we post API with a port\u0027s id as parent_resource_id, this logging system collects logs of all security group assinged to the port, right? Is my understanding right?\n\nRight!","commit_id":"8ab0ed5f07d7a8d1ecef87c3d61537aff8972d53"},{"author":{"_account_id":841,"name":"Akihiro Motoki","email":"amotoki@gmail.com","username":"amotoki"},"change_message_id":"de2016192fa282a8f29380bd8507493f73c99401","unresolved":false,"context_lines":[{"line_number":309,"context_line":"|parent_resource_id |string |RW(No  |N/A      |uuid       |Parent resource ID which  |"},{"line_number":310,"context_line":"|                   |(UUID) |update)|         |           |could be port or router ID|"},{"line_number":311,"context_line":"+-------------------+-------+-------+---------+-----------+--------------------------+"},{"line_number":312,"context_line":""},{"line_number":313,"context_line":""},{"line_number":314,"context_line":"REST API Impact"},{"line_number":315,"context_line":"---------------"}],"source_content_type":"text/x-rst","patch_set":54,"id":"da4df55a_e6a9cd7c","line":312,"in_reply_to":"1a6eadb0_9fcea081","updated":"2016-12-26 08:54:57.000000000","message":"I feel the same impression as Hirofumi commented.\nThe description of resource_id and parent_resource_id are not enough.\nThe naming of these attributes might be confusing.\n\nIs parent_resource_id an appropriate resource name from user perspective? It specifies where we want to collect log (of SG or FW rules). \u0027target_id\u0027 (or logging_target_id) might be better.\n\nRegarding \u0027resource_id\u0027, this specifies what kind of log we would like to enable. I have no better alternative for this.\n\nThought?","commit_id":"8ab0ed5f07d7a8d1ecef87c3d61537aff8972d53"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"7d14a0709a35eff393ce8998351acc1892e63562","unresolved":false,"context_lines":[{"line_number":309,"context_line":"|parent_resource_id |string |RW(No  |N/A      |uuid       |Parent resource ID which  |"},{"line_number":310,"context_line":"|                   |(UUID) |update)|         |           |could be port or router ID|"},{"line_number":311,"context_line":"+-------------------+-------+-------+---------+-----------+--------------------------+"},{"line_number":312,"context_line":""},{"line_number":313,"context_line":""},{"line_number":314,"context_line":"REST API Impact"},{"line_number":315,"context_line":"---------------"}],"source_content_type":"text/x-rst","patch_set":54,"id":"da4df55a_314bf52b","line":312,"in_reply_to":"da4df55a_e4f0e493","updated":"2016-12-27 11:48:35.000000000","message":"More detail description will update in next patch-set. Thanks all.","commit_id":"8ab0ed5f07d7a8d1ecef87c3d61537aff8972d53"},{"author":{"_account_id":6854,"name":"YAMAMOTO Takashi","email":"yamamoto@midokura.com","username":"yamamoto"},"change_message_id":"0d4cad0cf197598b666181f09844096099f9dafa","unresolved":false,"context_lines":[{"line_number":309,"context_line":"|parent_resource_id |string |RW(No  |N/A      |uuid       |Parent resource ID which  |"},{"line_number":310,"context_line":"|                   |(UUID) |update)|         |           |could be port or router ID|"},{"line_number":311,"context_line":"+-------------------+-------+-------+---------+-----------+--------------------------+"},{"line_number":312,"context_line":""},{"line_number":313,"context_line":""},{"line_number":314,"context_line":"REST API Impact"},{"line_number":315,"context_line":"---------------"}],"source_content_type":"text/x-rst","patch_set":54,"id":"da4df55a_e4f0e493","line":312,"in_reply_to":"da4df55a_e6a9cd7c","updated":"2016-12-26 10:37:39.000000000","message":"parent_resource_id and resource_id seem too cryptic to me.\n\nif the api needs to provide something more complex than a single \"target id\", it warrants some type specific \"rules\", IMO.","commit_id":"8ab0ed5f07d7a8d1ecef87c3d61537aff8972d53"},{"author":{"_account_id":6854,"name":"YAMAMOTO Takashi","email":"yamamoto@midokura.com","username":"yamamoto"},"change_message_id":"0d4cad0cf197598b666181f09844096099f9dafa","unresolved":false,"context_lines":[{"line_number":398,"context_line":""},{"line_number":399,"context_line":"For logging resource::"},{"line_number":400,"context_line":""},{"line_number":401,"context_line":"    os network logging create"},{"line_number":402,"context_line":"                --resource-type \u003cresource-type\u003e"},{"line_number":403,"context_line":"                [--description \u003cdescription\u003e]"},{"line_number":404,"context_line":"                [--enable | --disable]"}],"source_content_type":"text/x-rst","patch_set":54,"id":"da4df55a_61cf8629","line":401,"range":{"start_line":401,"start_character":7,"end_line":401,"end_character":14},"updated":"2016-12-26 10:37:39.000000000","message":"\"network\" seems weird to me as it does nothing with network resource.","commit_id":"8ab0ed5f07d7a8d1ecef87c3d61537aff8972d53"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"7d14a0709a35eff393ce8998351acc1892e63562","unresolved":false,"context_lines":[{"line_number":398,"context_line":""},{"line_number":399,"context_line":"For logging resource::"},{"line_number":400,"context_line":""},{"line_number":401,"context_line":"    os network logging create"},{"line_number":402,"context_line":"                --resource-type \u003cresource-type\u003e"},{"line_number":403,"context_line":"                [--description \u003cdescription\u003e]"},{"line_number":404,"context_line":"                [--enable | --disable]"}],"source_content_type":"text/x-rst","patch_set":54,"id":"da4df55a_11235157","line":401,"range":{"start_line":401,"start_character":7,"end_line":401,"end_character":14},"in_reply_to":"da4df55a_4fa61b54","updated":"2016-12-27 11:48:35.000000000","message":"Akihiro-san and Hirofumi-san, You\u0027re in my head. :)","commit_id":"8ab0ed5f07d7a8d1ecef87c3d61537aff8972d53"},{"author":{"_account_id":7715,"name":"Hirofumi Ichihara","email":"ichihara.hirofumi@gmail.com","username":"Hirofumi-Ichihara"},"change_message_id":"2c8894e1ad93cfe3b2402b0b34d068353220ceeb","unresolved":false,"context_lines":[{"line_number":398,"context_line":""},{"line_number":399,"context_line":"For logging resource::"},{"line_number":400,"context_line":""},{"line_number":401,"context_line":"    os network logging create"},{"line_number":402,"context_line":"                --resource-type \u003cresource-type\u003e"},{"line_number":403,"context_line":"                [--description \u003cdescription\u003e]"},{"line_number":404,"context_line":"                [--enable | --disable]"}],"source_content_type":"text/x-rst","patch_set":54,"id":"da4df55a_4fa61b54","line":401,"range":{"start_line":401,"start_character":7,"end_line":401,"end_character":14},"in_reply_to":"da4df55a_602db794","updated":"2016-12-27 02:58:20.000000000","message":"I agree with Akihiro.","commit_id":"8ab0ed5f07d7a8d1ecef87c3d61537aff8972d53"},{"author":{"_account_id":841,"name":"Akihiro Motoki","email":"amotoki@gmail.com","username":"amotoki"},"change_message_id":"0e5421b706526b8b2025f310879515aeda3a7a58","unresolved":false,"context_lines":[{"line_number":398,"context_line":""},{"line_number":399,"context_line":"For logging resource::"},{"line_number":400,"context_line":""},{"line_number":401,"context_line":"    os network logging create"},{"line_number":402,"context_line":"                --resource-type \u003cresource-type\u003e"},{"line_number":403,"context_line":"                [--description \u003cdescription\u003e]"},{"line_number":404,"context_line":"                [--enable | --disable]"}],"source_content_type":"text/x-rst","patch_set":54,"id":"da4df55a_602db794","line":401,"range":{"start_line":401,"start_character":7,"end_line":401,"end_character":14},"in_reply_to":"da4df55a_61cf8629","updated":"2016-12-26 16:25:20.000000000","message":"IMHO \u0027os network\u0027 is a good umbrella for networking related commands. In my understanding, this logging proposal can be extended to logging which is not directly related to security groups or FWaaS. For example, from my hat of operators, end users of LBaaS request loadbalancer logs of their load balancer instances. I think this concept can potentially be extended to such use cases. As my conclusion, \u0027os network logging\u0027 sounds reasonable to me.\n\nMy two cents.","commit_id":"8ab0ed5f07d7a8d1ecef87c3d61537aff8972d53"},{"author":{"_account_id":7715,"name":"Hirofumi Ichihara","email":"ichihara.hirofumi@gmail.com","username":"Hirofumi-Ichihara"},"change_message_id":"8806c188c25de8fef901a6c757f7b5c8a37c7893","unresolved":false,"context_lines":[{"line_number":176,"context_line":""},{"line_number":177,"context_line":"    (2) collect events related to a specific security group applied to a specific"},{"line_number":178,"context_line":"        VM by passing its security group ID to \u0027resource_id\u0027 and its bound Neutron"},{"line_number":179,"context_line":"        port ID to \u0027target_id\u0027."},{"line_number":180,"context_line":""},{"line_number":181,"context_line":"    (3) collect events related to all security groups being applied to a specific"},{"line_number":182,"context_line":"        VM by passing its Neutron port ID to \u0027target_id\u0027."}],"source_content_type":"text/x-rst","patch_set":55,"id":"da4df55a_1c8b58c4","line":179,"updated":"2016-12-28 02:13:06.000000000","message":"Just question: In case that there are VM1(associated security_groupA to the port1) and VM2(associated security_groupA to the port2), when we create a log resource with an id of security_groupA as \"resource_id\" and an id of VM1\u0027s port1 as \"target_id\", log system collects logs of VM1\u0027s security_groupA only(not collect logs of VM2\u0027s security_groupA). Is my understanding right?","commit_id":"c96388e90798b2ea56f4755dd099736dccb37089"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"99f62fd8456440259f6c0b85e61dc062e07596b5","unresolved":false,"context_lines":[{"line_number":176,"context_line":""},{"line_number":177,"context_line":"    (2) collect events related to a specific security group applied to a specific"},{"line_number":178,"context_line":"        VM by passing its security group ID to \u0027resource_id\u0027 and its bound Neutron"},{"line_number":179,"context_line":"        port ID to \u0027target_id\u0027."},{"line_number":180,"context_line":""},{"line_number":181,"context_line":"    (3) collect events related to all security groups being applied to a specific"},{"line_number":182,"context_line":"        VM by passing its Neutron port ID to \u0027target_id\u0027."}],"source_content_type":"text/x-rst","patch_set":55,"id":"da4df55a_3fdc8e72","line":179,"in_reply_to":"da4df55a_1c8b58c4","updated":"2016-12-28 02:42:18.000000000","message":"Yes, It is. This is exactly this use case meaning.","commit_id":"c96388e90798b2ea56f4755dd099736dccb37089"},{"author":{"_account_id":7715,"name":"Hirofumi Ichihara","email":"ichihara.hirofumi@gmail.com","username":"Hirofumi-Ichihara"},"change_message_id":"c26b47ecb769b2926ca204aeb8967b5d8feaafb5","unresolved":false,"context_lines":[{"line_number":176,"context_line":""},{"line_number":177,"context_line":"    (2) collect events related to a specific security group applied to a specific"},{"line_number":178,"context_line":"        VM by passing its security group ID to \u0027resource_id\u0027 and its bound Neutron"},{"line_number":179,"context_line":"        port ID to \u0027target_id\u0027."},{"line_number":180,"context_line":""},{"line_number":181,"context_line":"    (3) collect events related to all security groups being applied to a specific"},{"line_number":182,"context_line":"        VM by passing its Neutron port ID to \u0027target_id\u0027."}],"source_content_type":"text/x-rst","patch_set":55,"id":"da4df55a_dffb8279","line":179,"in_reply_to":"da4df55a_3fdc8e72","updated":"2016-12-28 02:54:20.000000000","message":"Thank you.","commit_id":"c96388e90798b2ea56f4755dd099736dccb37089"},{"author":{"_account_id":7715,"name":"Hirofumi Ichihara","email":"ichihara.hirofumi@gmail.com","username":"Hirofumi-Ichihara"},"change_message_id":"8806c188c25de8fef901a6c757f7b5c8a37c7893","unresolved":false,"context_lines":[{"line_number":315,"context_line":"|event         |enum   |RW(No  |N/A      |enum       |ACCEPT/DROP or ALL can be specified. |"},{"line_number":316,"context_line":"|              |       |update)|         |           |ALL is set as default.               |"},{"line_number":317,"context_line":"+--------------+-------+-------+---------+-----------+-------------------------------------+"},{"line_number":318,"context_line":"|target_id     |string |RW(No  |N/A      |uuid       |ID of resource (which could be a port|"},{"line_number":319,"context_line":"|              |       |       |         |           |ID in the initial implementation),   |"},{"line_number":320,"context_line":"|              |       |       |         |           |where we want to collect log. When a |"},{"line_number":321,"context_line":"|              |       |       |         |           |target_id is specified, events       |"}],"source_content_type":"text/x-rst","patch_set":55,"id":"da4df55a_9cbbc8e4","line":318,"range":{"start_line":318,"start_character":24,"end_line":318,"end_character":31},"updated":"2016-12-28 02:13:06.000000000","message":"nit: \"No update\"","commit_id":"c96388e90798b2ea56f4755dd099736dccb37089"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"99f62fd8456440259f6c0b85e61dc062e07596b5","unresolved":false,"context_lines":[{"line_number":315,"context_line":"|event         |enum   |RW(No  |N/A      |enum       |ACCEPT/DROP or ALL can be specified. |"},{"line_number":316,"context_line":"|              |       |update)|         |           |ALL is set as default.               |"},{"line_number":317,"context_line":"+--------------+-------+-------+---------+-----------+-------------------------------------+"},{"line_number":318,"context_line":"|target_id     |string |RW(No  |N/A      |uuid       |ID of resource (which could be a port|"},{"line_number":319,"context_line":"|              |       |       |         |           |ID in the initial implementation),   |"},{"line_number":320,"context_line":"|              |       |       |         |           |where we want to collect log. When a |"},{"line_number":321,"context_line":"|              |       |       |         |           |target_id is specified, events       |"}],"source_content_type":"text/x-rst","patch_set":55,"id":"da4df55a_dff0e2ff","line":318,"range":{"start_line":318,"start_character":24,"end_line":318,"end_character":31},"in_reply_to":"da4df55a_9cbbc8e4","updated":"2016-12-28 02:42:18.000000000","message":"Done! Thanks for your review :)","commit_id":"c96388e90798b2ea56f4755dd099736dccb37089"},{"author":{"_account_id":1653,"name":"garyk","email":"gkotton@vmware.com","username":"garyk"},"change_message_id":"2038c38613ac2234c459e52f64375cf7ccbfb23a","unresolved":false,"context_lines":[{"line_number":15,"context_line":"Problem Description"},{"line_number":16,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":17,"context_line":""},{"line_number":18,"context_line":"*Operators* (including cloud admin and developer) or tenants want to store logs"},{"line_number":19,"context_line":"of network traffic of:"},{"line_number":20,"context_line":""},{"line_number":21,"context_line":"  * North-south network traffic travels between an instance and external"}],"source_content_type":"text/x-rst","patch_set":56,"id":"ba5201f7_499f6203","line":18,"range":{"start_line":18,"start_character":39,"end_line":18,"end_character":48},"updated":"2017-01-02 07:19:52.000000000","message":"developers","commit_id":"03a47d2d678658df1ff6e4e979af4fcfd5088e32"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"bf1348162c15a7bc41432df663f5058d6c0a2087","unresolved":false,"context_lines":[{"line_number":15,"context_line":"Problem Description"},{"line_number":16,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":17,"context_line":""},{"line_number":18,"context_line":"*Operators* (including cloud admin and developer) or tenants want to store logs"},{"line_number":19,"context_line":"of network traffic of:"},{"line_number":20,"context_line":""},{"line_number":21,"context_line":"  * North-south network traffic travels between an instance and external"}],"source_content_type":"text/x-rst","patch_set":56,"id":"7a3c09a3_3c5fd373","line":18,"range":{"start_line":18,"start_character":39,"end_line":18,"end_character":48},"in_reply_to":"ba5201f7_499f6203","updated":"2017-01-13 06:49:18.000000000","message":"TODO","commit_id":"03a47d2d678658df1ff6e4e979af4fcfd5088e32"},{"author":{"_account_id":6854,"name":"YAMAMOTO Takashi","email":"yamamoto@midokura.com","username":"yamamoto"},"change_message_id":"b586897eaf6f3fa8ccd1fac579e9ad029abc3cfa","unresolved":false,"context_lines":[{"line_number":40,"context_line":""},{"line_number":41,"context_line":"* **Define format and ways to collect events related to security groups.**"},{"line_number":42,"context_line":""},{"line_number":43,"context_line":"The events related to security groups will be collected:"},{"line_number":44,"context_line":""},{"line_number":45,"context_line":"    (1) ACCEPT event"},{"line_number":46,"context_line":"    (2) DROP event"}],"source_content_type":"text/x-rst","patch_set":56,"id":"9a57fde8_eff761f3","line":43,"range":{"start_line":43,"start_character":46,"end_line":43,"end_character":55},"updated":"2017-01-12 09:22:13.000000000","message":"can you make it clear which packets would be logged?\n\neg. only the first packet of a flow for ACCEPT, every packets for DROP","commit_id":"03a47d2d678658df1ff6e4e979af4fcfd5088e32"},{"author":{"_account_id":6854,"name":"YAMAMOTO Takashi","email":"yamamoto@midokura.com","username":"yamamoto"},"change_message_id":"b586897eaf6f3fa8ccd1fac579e9ad029abc3cfa","unresolved":false,"context_lines":[{"line_number":43,"context_line":"The events related to security groups will be collected:"},{"line_number":44,"context_line":""},{"line_number":45,"context_line":"    (1) ACCEPT event"},{"line_number":46,"context_line":"    (2) DROP event"},{"line_number":47,"context_line":""},{"line_number":48,"context_line":"The scope of this spec implements logging API for security groups based on"},{"line_number":49,"context_line":"legacy hybrid version (iptables-based security groups firewall) for *operator only*."}],"source_content_type":"text/x-rst","patch_set":56,"id":"ba5201f7_f6a6b4bf","line":46,"range":{"start_line":46,"start_character":8,"end_line":46,"end_character":12},"updated":"2017-01-12 09:22:13.000000000","message":"can you make it clear, in case that multiple SGs are involved, to which SG a dropped packet is attributed?\n\neg. all SGs configured for the port.","commit_id":"03a47d2d678658df1ff6e4e979af4fcfd5088e32"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"fee5ff84701ae28708ddc83c2aa0046e2a47ecf9","unresolved":false,"context_lines":[{"line_number":43,"context_line":"The events related to security groups will be collected:"},{"line_number":44,"context_line":""},{"line_number":45,"context_line":"    (1) ACCEPT event"},{"line_number":46,"context_line":"    (2) DROP event"},{"line_number":47,"context_line":""},{"line_number":48,"context_line":"The scope of this spec implements logging API for security groups based on"},{"line_number":49,"context_line":"legacy hybrid version (iptables-based security groups firewall) for *operator only*."}],"source_content_type":"text/x-rst","patch_set":56,"id":"7a3c09a3_1b9e1963","line":46,"in_reply_to":"7a3c09a3_124b5e2b","updated":"2017-01-17 07:18:53.000000000","message":"\u003e but sooner or later you will need to explain it to users, who\u0027re likely less familiar with it than i am.\n\nDo you mean that we should add a note for that into spec or document guide?","commit_id":"03a47d2d678658df1ff6e4e979af4fcfd5088e32"},{"author":{"_account_id":6854,"name":"YAMAMOTO Takashi","email":"yamamoto@midokura.com","username":"yamamoto"},"change_message_id":"836e07ffccb2576c1532e3b8c2639012f00cccbb","unresolved":false,"context_lines":[{"line_number":43,"context_line":"The events related to security groups will be collected:"},{"line_number":44,"context_line":""},{"line_number":45,"context_line":"    (1) ACCEPT event"},{"line_number":46,"context_line":"    (2) DROP event"},{"line_number":47,"context_line":""},{"line_number":48,"context_line":"The scope of this spec implements logging API for security groups based on"},{"line_number":49,"context_line":"legacy hybrid version (iptables-based security groups firewall) for *operator only*."}],"source_content_type":"text/x-rst","patch_set":56,"id":"7a3c09a3_1bda9917","line":46,"in_reply_to":"7a3c09a3_1b9e1963","updated":"2017-01-17 07:27:37.000000000","message":"i just meant i don\u0027t want to investigate the iptables output to figure out the answer. :)\n\nbut it\u0027s better to have a clarification in the spec, of course.","commit_id":"03a47d2d678658df1ff6e4e979af4fcfd5088e32"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"dc8658ef625b722d0895af5207d204672d424a19","unresolved":false,"context_lines":[{"line_number":43,"context_line":"The events related to security groups will be collected:"},{"line_number":44,"context_line":""},{"line_number":45,"context_line":"    (1) ACCEPT event"},{"line_number":46,"context_line":"    (2) DROP event"},{"line_number":47,"context_line":""},{"line_number":48,"context_line":"The scope of this spec implements logging API for security groups based on"},{"line_number":49,"context_line":"legacy hybrid version (iptables-based security groups firewall) for *operator only*."}],"source_content_type":"text/x-rst","patch_set":56,"id":"7a3c09a3_e5355f46","line":46,"in_reply_to":"7a3c09a3_83881e24","updated":"2017-01-16 09:17:11.000000000","message":"Thanks for your attention. I appreciated your reviews. Let\u0027s me show you my idea: we will add *log-chain* at top of neutron-openvswi-FORWARD to log *all* ACCEPT event matching with security group rules. We will also insert log drop rules at top of neutron-openvswi-sg-fallback to log all DROP events which is unmatched with any security group rules. Iptables configuration would look likes: http://paste.openstack.org/show/595000/.\n\n\u003e also, can you answer my question about which SG is used for drop?\n\u003e can you make it clear, in case that multiple SGs are involved, to which SG a dropped packet is attributed?\neg. all SGs configured for the port.\n\nBecause there is no sg_rules used for drop, all packets which is unmatched with sg_rules of all SGs configured for the port  will be forwarded to sg_fallback chain. So we can log drop events of each VM.","commit_id":"03a47d2d678658df1ff6e4e979af4fcfd5088e32"},{"author":{"_account_id":6854,"name":"YAMAMOTO Takashi","email":"yamamoto@midokura.com","username":"yamamoto"},"change_message_id":"1c51e3c41789557b924bebd76a2d2905bcfcb411","unresolved":false,"context_lines":[{"line_number":43,"context_line":"The events related to security groups will be collected:"},{"line_number":44,"context_line":""},{"line_number":45,"context_line":"    (1) ACCEPT event"},{"line_number":46,"context_line":"    (2) DROP event"},{"line_number":47,"context_line":""},{"line_number":48,"context_line":"The scope of this spec implements logging API for security groups based on"},{"line_number":49,"context_line":"legacy hybrid version (iptables-based security groups firewall) for *operator only*."}],"source_content_type":"text/x-rst","patch_set":56,"id":"7a3c09a3_83881e24","line":46,"in_reply_to":"7a3c09a3_9fe27c9e","updated":"2017-01-16 02:44:36.000000000","message":"you mean to log every packets even for ESTABLISHED/RELATED state?\n\nalso, can you answer my question about which SG is used for drop?","commit_id":"03a47d2d678658df1ff6e4e979af4fcfd5088e32"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"bf1348162c15a7bc41432df663f5058d6c0a2087","unresolved":false,"context_lines":[{"line_number":43,"context_line":"The events related to security groups will be collected:"},{"line_number":44,"context_line":""},{"line_number":45,"context_line":"    (1) ACCEPT event"},{"line_number":46,"context_line":"    (2) DROP event"},{"line_number":47,"context_line":""},{"line_number":48,"context_line":"The scope of this spec implements logging API for security groups based on"},{"line_number":49,"context_line":"legacy hybrid version (iptables-based security groups firewall) for *operator only*."}],"source_content_type":"text/x-rst","patch_set":56,"id":"7a3c09a3_9fe27c9e","line":46,"in_reply_to":"7a3c09a3_c9cff2b1","updated":"2017-01-13 06:49:18.000000000","message":"We are going to log *all* ACCEPT/DROP events. In my understanding, packet travels on Iptables has a flow such as:\n\npacket-\u003eINPUT chain-\u003eFORWARD chain-\u003e neutron-openvswi-FORWARD-\u003e neutron-openvswi-sg-chain.\n\nMy idea is: Insert a neutron-openvswi-log-chain at top of neutron-openvswi-FORWARD. So we can log *all* ACCEPT/DROP events related to SGs. Here [1] is iptables configuration was generated by IptablesLoggingDriver[2].\n[1] http://paste.openstack.org/show/594795/\n[2] https://review.openstack.org/#/c/396104/11/neutron/services/logapi/agent/drivers/iptables_log.py\n\nMore detail please discuss on my implementation.","commit_id":"03a47d2d678658df1ff6e4e979af4fcfd5088e32"},{"author":{"_account_id":6854,"name":"YAMAMOTO Takashi","email":"yamamoto@midokura.com","username":"yamamoto"},"change_message_id":"99ff23f31c81830e39205df021129e79e7276239","unresolved":false,"context_lines":[{"line_number":43,"context_line":"The events related to security groups will be collected:"},{"line_number":44,"context_line":""},{"line_number":45,"context_line":"    (1) ACCEPT event"},{"line_number":46,"context_line":"    (2) DROP event"},{"line_number":47,"context_line":""},{"line_number":48,"context_line":"The scope of this spec implements logging API for security groups based on"},{"line_number":49,"context_line":"legacy hybrid version (iptables-based security groups firewall) for *operator only*."}],"source_content_type":"text/x-rst","patch_set":56,"id":"7a3c09a3_c9cff2b1","line":46,"in_reply_to":"7a3c09a3_d498746d","updated":"2017-01-13 02:51:33.000000000","message":"the fact we had different impressions seems like an indication of a need for a little more clarification.","commit_id":"03a47d2d678658df1ff6e4e979af4fcfd5088e32"},{"author":{"_account_id":6854,"name":"YAMAMOTO Takashi","email":"yamamoto@midokura.com","username":"yamamoto"},"change_message_id":"c33e3222459036fc9fefc3c8e40824212da96146","unresolved":false,"context_lines":[{"line_number":43,"context_line":"The events related to security groups will be collected:"},{"line_number":44,"context_line":""},{"line_number":45,"context_line":"    (1) ACCEPT event"},{"line_number":46,"context_line":"    (2) DROP event"},{"line_number":47,"context_line":""},{"line_number":48,"context_line":"The scope of this spec implements logging API for security groups based on"},{"line_number":49,"context_line":"legacy hybrid version (iptables-based security groups firewall) for *operator only*."}],"source_content_type":"text/x-rst","patch_set":56,"id":"7a3c09a3_f9016039","line":46,"in_reply_to":"7a3c09a3_e5355f46","updated":"2017-01-17 01:59:22.000000000","message":"all ACCEPT events, sure.\nbut my question was which packets would generate the ACCEPT events.  sorry if it was not clear.  is it every single packets, including ESTABLISHED/RELATED ones?\n\nsorry, i\u0027m not going to read the iptables output right now.  probably i\u0027m not familiar enough with iptables to review this spec?  but sooner or later you will need to explain it to users, who\u0027re likely less familiar with it than i am.","commit_id":"03a47d2d678658df1ff6e4e979af4fcfd5088e32"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"176d168d5760bbbf515e84c178e999f6ff53f74e","unresolved":false,"context_lines":[{"line_number":43,"context_line":"The events related to security groups will be collected:"},{"line_number":44,"context_line":""},{"line_number":45,"context_line":"    (1) ACCEPT event"},{"line_number":46,"context_line":"    (2) DROP event"},{"line_number":47,"context_line":""},{"line_number":48,"context_line":"The scope of this spec implements logging API for security groups based on"},{"line_number":49,"context_line":"legacy hybrid version (iptables-based security groups firewall) for *operator only*."}],"source_content_type":"text/x-rst","patch_set":56,"id":"7a3c09a3_124b5e2b","line":46,"in_reply_to":"7a3c09a3_f9016039","updated":"2017-01-17 04:53:20.000000000","message":"\u003e is it every single packets, including ESTABLISHED/RELATED ones?\n\nYes, it is.","commit_id":"03a47d2d678658df1ff6e4e979af4fcfd5088e32"},{"author":{"_account_id":748,"name":"Armando Migliaccio","email":"armamig@gmail.com","username":"armando-migliaccio"},"change_message_id":"c8e32e217aee3a9da08117e5c5b3dc17bc75ed95","unresolved":false,"context_lines":[{"line_number":43,"context_line":"The events related to security groups will be collected:"},{"line_number":44,"context_line":""},{"line_number":45,"context_line":"    (1) ACCEPT event"},{"line_number":46,"context_line":"    (2) DROP event"},{"line_number":47,"context_line":""},{"line_number":48,"context_line":"The scope of this spec implements logging API for security groups based on"},{"line_number":49,"context_line":"legacy hybrid version (iptables-based security groups firewall) for *operator only*."}],"source_content_type":"text/x-rst","patch_set":56,"id":"7a3c09a3_d498746d","line":46,"in_reply_to":"ba5201f7_f6a6b4bf","updated":"2017-01-12 21:59:17.000000000","message":"I was under the impression that *all* ACCEPT/DROP events will be logged, but I suppose being more precise here won\u0027t hurt.","commit_id":"03a47d2d678658df1ff6e4e979af4fcfd5088e32"},{"author":{"_account_id":8873,"name":"Assaf Muller","email":"amuller@redhat.com","username":"amuller"},"change_message_id":"6d702e958c182221884c1268854f6e7736f41c53","unresolved":false,"context_lines":[{"line_number":50,"context_line":"It also lays out a model which can be extended to other resources (e.g Firewall"},{"line_number":51,"context_line":"logging) easily."},{"line_number":52,"context_line":""},{"line_number":53,"context_line":"In case of OVS firewall: The OVS currently doesn\u0027t support a convenient way to"},{"line_number":54,"context_line":"log all ACCEPT and DROP events. We could use \"packet-in based solution\" to produce"},{"line_number":55,"context_line":"a log line per packet to a file by inserting an \u0027action\u003dcontroller\u0027 to each OVS"},{"line_number":56,"context_line":"firewall\u0027s flow. It\u0027s complex to implement and will be inherently slow as much"}],"source_content_type":"text/x-rst","patch_set":56,"id":"9a57fde8_6aa34d9f","line":53,"updated":"2017-01-12 14:36:12.000000000","message":"Let\u0027s make sure there is some validation involved on API requests. A logging API request to a Neutron deployment configured for the OVS firewall should not return 200 OK then silently fail to configure the backend.","commit_id":"03a47d2d678658df1ff6e4e979af4fcfd5088e32"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"bf1348162c15a7bc41432df663f5058d6c0a2087","unresolved":false,"context_lines":[{"line_number":50,"context_line":"It also lays out a model which can be extended to other resources (e.g Firewall"},{"line_number":51,"context_line":"logging) easily."},{"line_number":52,"context_line":""},{"line_number":53,"context_line":"In case of OVS firewall: The OVS currently doesn\u0027t support a convenient way to"},{"line_number":54,"context_line":"log all ACCEPT and DROP events. We could use \"packet-in based solution\" to produce"},{"line_number":55,"context_line":"a log line per packet to a file by inserting an \u0027action\u003dcontroller\u0027 to each OVS"},{"line_number":56,"context_line":"firewall\u0027s flow. It\u0027s complex to implement and will be inherently slow as much"}],"source_content_type":"text/x-rst","patch_set":56,"id":"7a3c09a3_447cc720","line":53,"in_reply_to":"7a3c09a3_9487cc11","updated":"2017-01-13 06:49:18.000000000","message":"Actually, I have same idea with you too. In my current implementation, I have a validation to perform checking whether backend support logging or not at [1] and the API will not return 200 OK if backend doesn\u0027t support logging as [2].\n[1] https://review.openstack.org/#/c/395504/12/neutron/extensions/loggingapi.py@42\n[2] https://review.openstack.org/#/c/395504/12/neutron/extensions/loggingapi.py@81","commit_id":"03a47d2d678658df1ff6e4e979af4fcfd5088e32"},{"author":{"_account_id":748,"name":"Armando Migliaccio","email":"armamig@gmail.com","username":"armando-migliaccio"},"change_message_id":"c8e32e217aee3a9da08117e5c5b3dc17bc75ed95","unresolved":false,"context_lines":[{"line_number":50,"context_line":"It also lays out a model which can be extended to other resources (e.g Firewall"},{"line_number":51,"context_line":"logging) easily."},{"line_number":52,"context_line":""},{"line_number":53,"context_line":"In case of OVS firewall: The OVS currently doesn\u0027t support a convenient way to"},{"line_number":54,"context_line":"log all ACCEPT and DROP events. We could use \"packet-in based solution\" to produce"},{"line_number":55,"context_line":"a log line per packet to a file by inserting an \u0027action\u003dcontroller\u0027 to each OVS"},{"line_number":56,"context_line":"firewall\u0027s flow. It\u0027s complex to implement and will be inherently slow as much"}],"source_content_type":"text/x-rst","patch_set":56,"id":"7a3c09a3_9487cc11","line":53,"in_reply_to":"9a57fde8_6aa34d9f","updated":"2017-01-12 21:59:17.000000000","message":"That\u0027s a good point and we should make sure that backends unable to support this capability should not fail silently. However, do we really want to put time and energy into a reference implementation for OVS that\u0027s practically DOA? iptables-bases security groups and OVS have been a reason for derision for many cycles now, personally, I\u0027d encourage the team to work on this from a linux bridge perspective, and not focus on the OVS implementation at all.","commit_id":"03a47d2d678658df1ff6e4e979af4fcfd5088e32"},{"author":{"_account_id":8726,"name":"Victor Morales","email":"chipahuac@hotmail.com","username":"electrocucaracha"},"change_message_id":"087c0e3c1ea61182cba3b9f8b5df1912d01e8c37","unresolved":false,"context_lines":[{"line_number":76,"context_line":"             |  get_logs()           |"},{"line_number":77,"context_line":"             |  get_log()            |"},{"line_number":78,"context_line":"             |  create_log()         |"},{"line_number":79,"context_line":"             |  update_log()         |"},{"line_number":80,"context_line":"             |  delete_log()         |"},{"line_number":81,"context_line":"             +-----------------------+"},{"line_number":82,"context_line":""}],"source_content_type":"text/x-rst","patch_set":56,"id":"ba5201f7_54e027cd","line":79,"range":{"start_line":79,"start_character":16,"end_line":79,"end_character":28},"updated":"2017-01-06 18:38:39.000000000","message":"I was thinking in the use cases for updating a log entry. From security perspective altering an entry opens the possibility to store information that is untrusted. And from debugging perspective, all this changes can be done by the developer and/or operator from the database.","commit_id":"03a47d2d678658df1ff6e4e979af4fcfd5088e32"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"ecf17ee224a186adda03c17ef2475e8494182d4a","unresolved":false,"context_lines":[{"line_number":76,"context_line":"             |  get_logs()           |"},{"line_number":77,"context_line":"             |  get_log()            |"},{"line_number":78,"context_line":"             |  create_log()         |"},{"line_number":79,"context_line":"             |  update_log()         |"},{"line_number":80,"context_line":"             |  delete_log()         |"},{"line_number":81,"context_line":"             +-----------------------+"},{"line_number":82,"context_line":""}],"source_content_type":"text/x-rst","patch_set":56,"id":"ba5201f7_d991199c","line":79,"range":{"start_line":79,"start_character":16,"end_line":79,"end_character":28},"in_reply_to":"ba5201f7_40aaacd3","updated":"2017-01-12 01:53:47.000000000","message":"Yes, It is.","commit_id":"03a47d2d678658df1ff6e4e979af4fcfd5088e32"},{"author":{"_account_id":841,"name":"Akihiro Motoki","email":"amotoki@gmail.com","username":"amotoki"},"change_message_id":"74086885edb7e83a65ad3df66f28ccebcf84abbc","unresolved":false,"context_lines":[{"line_number":76,"context_line":"             |  get_logs()           |"},{"line_number":77,"context_line":"             |  get_log()            |"},{"line_number":78,"context_line":"             |  create_log()         |"},{"line_number":79,"context_line":"             |  update_log()         |"},{"line_number":80,"context_line":"             |  delete_log()         |"},{"line_number":81,"context_line":"             +-----------------------+"},{"line_number":82,"context_line":""}],"source_content_type":"text/x-rst","patch_set":56,"id":"ba5201f7_db17c9a0","line":79,"range":{"start_line":79,"start_character":16,"end_line":79,"end_character":28},"in_reply_to":"ba5201f7_54e027cd","updated":"2017-01-09 10:16:04.000000000","message":"If you look at the API detail below, you will notice that only updateable fields are \u0027name\u0027, \u0027description\u0027 and \u0027enabled\u0027. Do you see what kind of security concern?","commit_id":"03a47d2d678658df1ff6e4e979af4fcfd5088e32"},{"author":{"_account_id":8726,"name":"Victor Morales","email":"chipahuac@hotmail.com","username":"electrocucaracha"},"change_message_id":"2968d2b385de4e479aaa83e80de80baa585f920c","unresolved":false,"context_lines":[{"line_number":76,"context_line":"             |  get_logs()           |"},{"line_number":77,"context_line":"             |  get_log()            |"},{"line_number":78,"context_line":"             |  create_log()         |"},{"line_number":79,"context_line":"             |  update_log()         |"},{"line_number":80,"context_line":"             |  delete_log()         |"},{"line_number":81,"context_line":"             +-----------------------+"},{"line_number":82,"context_line":""}],"source_content_type":"text/x-rst","patch_set":56,"id":"ba5201f7_40aaacd3","line":79,"range":{"start_line":79,"start_character":16,"end_line":79,"end_character":28},"in_reply_to":"ba5201f7_db17c9a0","updated":"2017-01-10 18:24:49.000000000","message":"Hey Akihiro, thanks for highlight the fields that could be changed.  I was misunderstanding this blueprint, monasca will store log entries and neutron will enable/disable that process, right?","commit_id":"03a47d2d678658df1ff6e4e979af4fcfd5088e32"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"b392bc501908067d0664a957f095e7a7a8ac5457","unresolved":false,"context_lines":[{"line_number":76,"context_line":"             |  get_logs()           |"},{"line_number":77,"context_line":"             |  get_log()            |"},{"line_number":78,"context_line":"             |  create_log()         |"},{"line_number":79,"context_line":"             |  update_log()         |"},{"line_number":80,"context_line":"             |  delete_log()         |"},{"line_number":81,"context_line":"             +-----------------------+"},{"line_number":82,"context_line":""}],"source_content_type":"text/x-rst","patch_set":56,"id":"ba5201f7_e7459617","line":79,"range":{"start_line":79,"start_character":16,"end_line":79,"end_character":28},"in_reply_to":"ba5201f7_db17c9a0","updated":"2017-01-10 09:22:02.000000000","message":"Thanks your explanation.:)","commit_id":"03a47d2d678658df1ff6e4e979af4fcfd5088e32"},{"author":{"_account_id":1653,"name":"garyk","email":"gkotton@vmware.com","username":"garyk"},"change_message_id":"2038c38613ac2234c459e52f64375cf7ccbfb23a","unresolved":false,"context_lines":[{"line_number":150,"context_line":"        cfg.StrOpt(\u0027local_output_log_base\u0027,"},{"line_number":151,"context_line":"                   default\u003d\u0027/var/log/neutron/\u0027"},{"line_number":152,"context_line":"                   help\u003d_(\"Where log-data is stored in local.\"))"},{"line_number":153,"context_line":"        cfg.StrOpt(\u0027size\u0027,"},{"line_number":154,"context_line":"                   default\u003d1048576,"},{"line_number":155,"context_line":"                   help\u003d(\"Log files are rotated when they grow bigger then size bytes.\")),"},{"line_number":156,"context_line":"        cfg.StrOpt(\u0027rotate\u0027,"}],"source_content_type":"text/x-rst","patch_set":56,"id":"ba5201f7_49b6828b","line":153,"range":{"start_line":153,"start_character":20,"end_line":153,"end_character":24},"updated":"2017-01-02 07:19:52.000000000","message":"is this the size of the entire log file or the file per tenant?","commit_id":"03a47d2d678658df1ff6e4e979af4fcfd5088e32"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"e810835d067846290c9dd66a6bd963fd94d6abc4","unresolved":false,"context_lines":[{"line_number":150,"context_line":"        cfg.StrOpt(\u0027local_output_log_base\u0027,"},{"line_number":151,"context_line":"                   default\u003d\u0027/var/log/neutron/\u0027"},{"line_number":152,"context_line":"                   help\u003d_(\"Where log-data is stored in local.\"))"},{"line_number":153,"context_line":"        cfg.StrOpt(\u0027size\u0027,"},{"line_number":154,"context_line":"                   default\u003d1048576,"},{"line_number":155,"context_line":"                   help\u003d(\"Log files are rotated when they grow bigger then size bytes.\")),"},{"line_number":156,"context_line":"        cfg.StrOpt(\u0027rotate\u0027,"}],"source_content_type":"text/x-rst","patch_set":56,"id":"ba5201f7_937dbae9","line":153,"range":{"start_line":153,"start_character":20,"end_line":153,"end_character":24},"in_reply_to":"ba5201f7_49b6828b","updated":"2017-01-04 08:58:41.000000000","message":"This is size of a file such as: /var/log/neutron/\u003clog-id\u003e.log","commit_id":"03a47d2d678658df1ff6e4e979af4fcfd5088e32"},{"author":{"_account_id":841,"name":"Akihiro Motoki","email":"amotoki@gmail.com","username":"amotoki"},"change_message_id":"74086885edb7e83a65ad3df66f28ccebcf84abbc","unresolved":false,"context_lines":[{"line_number":150,"context_line":"        cfg.StrOpt(\u0027local_output_log_base\u0027,"},{"line_number":151,"context_line":"                   default\u003d\u0027/var/log/neutron/\u0027"},{"line_number":152,"context_line":"                   help\u003d_(\"Where log-data is stored in local.\"))"},{"line_number":153,"context_line":"        cfg.StrOpt(\u0027size\u0027,"},{"line_number":154,"context_line":"                   default\u003d1048576,"},{"line_number":155,"context_line":"                   help\u003d(\"Log files are rotated when they grow bigger then size bytes.\")),"},{"line_number":156,"context_line":"        cfg.StrOpt(\u0027rotate\u0027,"}],"source_content_type":"text/x-rst","patch_set":56,"id":"ba5201f7_bb177443","line":153,"range":{"start_line":153,"start_character":20,"end_line":153,"end_character":24},"in_reply_to":"ba5201f7_937dbae9","updated":"2017-01-09 10:16:04.000000000","message":"It looks like that naming of \u0027size\u0027 and \u0027rotate\u0027 is inspired by logrotate. I am okay with the current namings as long as it belongs to an appropriate conf section, but some more meaningful name is welcome.","commit_id":"03a47d2d678658df1ff6e4e979af4fcfd5088e32"},{"author":{"_account_id":748,"name":"Armando Migliaccio","email":"armamig@gmail.com","username":"armando-migliaccio"},"change_message_id":"c8e32e217aee3a9da08117e5c5b3dc17bc75ed95","unresolved":false,"context_lines":[{"line_number":194,"context_line":""},{"line_number":195,"context_line":"This spec needs more works in the future:"},{"line_number":196,"context_line":""},{"line_number":197,"context_line":"    * implementing for OVS firewall."},{"line_number":198,"context_line":"    * exposing the logging API for tenants which need more specific requirement:"},{"line_number":199,"context_line":""},{"line_number":200,"context_line":"        * a mechanism to expose logging API for tenant (e.g by using RBAC)."}],"source_content_type":"text/x-rst","patch_set":56,"id":"7a3c09a3_5762c6d9","line":197,"updated":"2017-01-12 21:59:17.000000000","message":"I discourage the implementation of this API on top of iptables/OVS.","commit_id":"03a47d2d678658df1ff6e4e979af4fcfd5088e32"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"bf1348162c15a7bc41432df663f5058d6c0a2087","unresolved":false,"context_lines":[{"line_number":194,"context_line":""},{"line_number":195,"context_line":"This spec needs more works in the future:"},{"line_number":196,"context_line":""},{"line_number":197,"context_line":"    * implementing for OVS firewall."},{"line_number":198,"context_line":"    * exposing the logging API for tenants which need more specific requirement:"},{"line_number":199,"context_line":""},{"line_number":200,"context_line":"        * a mechanism to expose logging API for tenant (e.g by using RBAC)."}],"source_content_type":"text/x-rst","patch_set":56,"id":"7a3c09a3_2446db23","line":197,"in_reply_to":"7a3c09a3_5762c6d9","updated":"2017-01-13 06:49:18.000000000","message":"I consider removing it to make the spec more clearly.","commit_id":"03a47d2d678658df1ff6e4e979af4fcfd5088e32"},{"author":{"_account_id":6854,"name":"YAMAMOTO Takashi","email":"yamamoto@midokura.com","username":"yamamoto"},"change_message_id":"b586897eaf6f3fa8ccd1fac579e9ad029abc3cfa","unresolved":false,"context_lines":[{"line_number":251,"context_line":"    step4: Operator use external services (e.g Monasca) that can run the cron"},{"line_number":252,"context_line":"           script to consume log-data."},{"line_number":253,"context_line":""},{"line_number":254,"context_line":"Example logging format"},{"line_number":255,"context_line":"----------------------"},{"line_number":256,"context_line":""},{"line_number":257,"context_line":"Logging output should include timestamp, hostname, resource log ID, action"}],"source_content_type":"text/x-rst","patch_set":56,"id":"9a57fde8_4f622dda","line":254,"range":{"start_line":254,"start_character":0,"end_line":254,"end_character":22},"updated":"2017-01-12 09:22:13.000000000","message":"can you make it clear this format is just for the reference implementation?","commit_id":"03a47d2d678658df1ff6e4e979af4fcfd5088e32"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"bf1348162c15a7bc41432df663f5058d6c0a2087","unresolved":false,"context_lines":[{"line_number":251,"context_line":"    step4: Operator use external services (e.g Monasca) that can run the cron"},{"line_number":252,"context_line":"           script to consume log-data."},{"line_number":253,"context_line":""},{"line_number":254,"context_line":"Example logging format"},{"line_number":255,"context_line":"----------------------"},{"line_number":256,"context_line":""},{"line_number":257,"context_line":"Logging output should include timestamp, hostname, resource log ID, action"}],"source_content_type":"text/x-rst","patch_set":56,"id":"7a3c09a3_5f8654ba","line":254,"range":{"start_line":254,"start_character":0,"end_line":254,"end_character":22},"in_reply_to":"9a57fde8_4f622dda","updated":"2017-01-13 06:49:18.000000000","message":"TODO","commit_id":"03a47d2d678658df1ff6e4e979af4fcfd5088e32"},{"author":{"_account_id":1653,"name":"garyk","email":"gkotton@vmware.com","username":"garyk"},"change_message_id":"2038c38613ac2234c459e52f64375cf7ccbfb23a","unresolved":false,"context_lines":[{"line_number":276,"context_line":"    DPT\u003d12865 SEQ\u003d3123701752 ACK\u003d0 WINDOW\u003d28200 SYN URGP\u003d0 MARK\u003d0"},{"line_number":277,"context_line":""},{"line_number":278,"context_line":""},{"line_number":279,"context_line":"Data Model Impact"},{"line_number":280,"context_line":"-----------------"},{"line_number":281,"context_line":""},{"line_number":282,"context_line":"This model defines a generic model for all logging resources like security groups"}],"source_content_type":"text/x-rst","patch_set":56,"id":"ba5201f7_294f7e93","line":279,"updated":"2017-01-02 07:19:52.000000000","message":"For me there are a number of pieces missing here. Not sure if this is the correct section but please feel free to comment:\n1. On each of the nodes we the log files. How will the admin/tenant be able to access these log files to check the specific security groups? Is that something that is addressed by this spec or is orthogonal to the discussion\n2. Related to the above - how will the tenant see the information (you stated above that this may be for the tenant to check if the security groups are working","commit_id":"03a47d2d678658df1ff6e4e979af4fcfd5088e32"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"e810835d067846290c9dd66a6bd963fd94d6abc4","unresolved":false,"context_lines":[{"line_number":276,"context_line":"    DPT\u003d12865 SEQ\u003d3123701752 ACK\u003d0 WINDOW\u003d28200 SYN URGP\u003d0 MARK\u003d0"},{"line_number":277,"context_line":""},{"line_number":278,"context_line":""},{"line_number":279,"context_line":"Data Model Impact"},{"line_number":280,"context_line":"-----------------"},{"line_number":281,"context_line":""},{"line_number":282,"context_line":"This model defines a generic model for all logging resources like security groups"}],"source_content_type":"text/x-rst","patch_set":56,"id":"ba5201f7_999f9bb3","line":279,"in_reply_to":"ba5201f7_294f7e93","updated":"2017-01-04 08:58:41.000000000","message":"1. What are addressed by this spec:\n\n* Enable logging for security groups.\n* Gather security events to log files such as /var/log/neutron/\u003clog-id\u003e.log. These log files can be used to detect illegal connection or other compliant cases. Admin can access directly to compute nodes or use third party tools (e.g Monasca) to take log files for further analysis.\n\n2. What should be more discussion:\n\n* A way to consume these log files explicitly is out of neutron spec.\n* Expose this feature for tenant should be discussed in next spec.","commit_id":"03a47d2d678658df1ff6e4e979af4fcfd5088e32"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"b392bc501908067d0664a957f095e7a7a8ac5457","unresolved":false,"context_lines":[{"line_number":276,"context_line":"    DPT\u003d12865 SEQ\u003d3123701752 ACK\u003d0 WINDOW\u003d28200 SYN URGP\u003d0 MARK\u003d0"},{"line_number":277,"context_line":""},{"line_number":278,"context_line":""},{"line_number":279,"context_line":"Data Model Impact"},{"line_number":280,"context_line":"-----------------"},{"line_number":281,"context_line":""},{"line_number":282,"context_line":"This model defines a generic model for all logging resources like security groups"}],"source_content_type":"text/x-rst","patch_set":56,"id":"ba5201f7_4181f28e","line":279,"in_reply_to":"ba5201f7_561c846a","updated":"2017-01-10 09:22:02.000000000","message":"\u003e In my understanding, what this spec specifies is how to allow admins to enable security group logging. It is out of scope of this neutron spec how admins consume security group logs.\n\n\u003e Exposing this feature to non-admin (tenant) users is out of scope of this proposal and it is one of the next steps.\n\nYou read my head. :)\n\n\u003e I would strongly suggest the authors to document how to consume security group logs in *production environment* (collected by this feature) in the documentation like networking guide.\n\nThanks for your suggestion.","commit_id":"03a47d2d678658df1ff6e4e979af4fcfd5088e32"},{"author":{"_account_id":841,"name":"Akihiro Motoki","email":"amotoki@gmail.com","username":"amotoki"},"change_message_id":"74086885edb7e83a65ad3df66f28ccebcf84abbc","unresolved":false,"context_lines":[{"line_number":276,"context_line":"    DPT\u003d12865 SEQ\u003d3123701752 ACK\u003d0 WINDOW\u003d28200 SYN URGP\u003d0 MARK\u003d0"},{"line_number":277,"context_line":""},{"line_number":278,"context_line":""},{"line_number":279,"context_line":"Data Model Impact"},{"line_number":280,"context_line":"-----------------"},{"line_number":281,"context_line":""},{"line_number":282,"context_line":"This model defines a generic model for all logging resources like security groups"}],"source_content_type":"text/x-rst","patch_set":56,"id":"ba5201f7_561c846a","line":279,"in_reply_to":"ba5201f7_999f9bb3","updated":"2017-01-09 10:16:04.000000000","message":"In my understanding, what this spec specifies is how to allow admins to enable security group logging. It is out of scope of this neutron spec how admins consume security group logs.\n\nOn the other hand, I would strongly suggest the authors to document how to consume security group logs in *production environment* (collected by this feature) in the documentation like networking guide. Monasca is one example, but personally I would like to see more examples (such as ELK configurations) because I believe more operators use ELK compared to Monasca.\n\nExposing this feature to non-admin (tenant) users is out of scope of this proposal and it is one of the next steps.","commit_id":"03a47d2d678658df1ff6e4e979af4fcfd5088e32"},{"author":{"_account_id":1653,"name":"garyk","email":"gkotton@vmware.com","username":"garyk"},"change_message_id":"74de15585dbdeb62a734e76391326243e5b3a015","unresolved":false,"context_lines":[{"line_number":276,"context_line":"    DPT\u003d12865 SEQ\u003d3123701752 ACK\u003d0 WINDOW\u003d28200 SYN URGP\u003d0 MARK\u003d0"},{"line_number":277,"context_line":""},{"line_number":278,"context_line":""},{"line_number":279,"context_line":"Data Model Impact"},{"line_number":280,"context_line":"-----------------"},{"line_number":281,"context_line":""},{"line_number":282,"context_line":"This model defines a generic model for all logging resources like security groups"}],"source_content_type":"text/x-rst","patch_set":56,"id":"ba5201f7_a62d89ff","line":279,"in_reply_to":"ba5201f7_999f9bb3","updated":"2017-01-09 06:35:58.000000000","message":"for me this is confusing - is this for the neutron agents or the neutron service (maybe I have not understood what is written above).\nThe logging will need to be done on each compute and network node. Can you specifically state this.\nThe gathering - does that mean after the fact - that as an admin I can take alook at the events/log files?","commit_id":"03a47d2d678658df1ff6e4e979af4fcfd5088e32"},{"author":{"_account_id":1653,"name":"garyk","email":"gkotton@vmware.com","username":"garyk"},"change_message_id":"862c475d9071518c11ca93a5520e4abb345f35cd","unresolved":false,"context_lines":[{"line_number":312,"context_line":"|              |       |       |         |           |For detail usage refer to            |"},{"line_number":313,"context_line":"|              |       |       |         |           |`Expected API behavior`_             |"},{"line_number":314,"context_line":"+--------------+-------+-------+---------+-----------+-------------------------------------+"},{"line_number":315,"context_line":"|event         |enum   |RW(No  |N/A      |enum       |ACCEPT/DROP or ALL can be specified. |"},{"line_number":316,"context_line":"|              |       |update)|         |           |ALL is set as default.               |"},{"line_number":317,"context_line":"+--------------+-------+-------+---------+-----------+-------------------------------------+"},{"line_number":318,"context_line":"|target_id     |string |RW(No  |N/A      |uuid       |ID of resource (which could be a port|"}],"source_content_type":"text/x-rst","patch_set":56,"id":"ba5201f7_30d3e4d6","line":315,"range":{"start_line":315,"start_character":16,"end_line":315,"end_character":20},"updated":"2017-01-12 05:53:42.000000000","message":"Please change this to string and then i am good. I know that it is a nit.","commit_id":"03a47d2d678658df1ff6e4e979af4fcfd5088e32"},{"author":{"_account_id":1653,"name":"garyk","email":"gkotton@vmware.com","username":"garyk"},"change_message_id":"2b15a4f8d9acc19f4a78d8a10d080d29cc92f01e","unresolved":false,"context_lines":[{"line_number":312,"context_line":"|              |       |       |         |           |For detail usage refer to            |"},{"line_number":313,"context_line":"|              |       |       |         |           |`Expected API behavior`_             |"},{"line_number":314,"context_line":"+--------------+-------+-------+---------+-----------+-------------------------------------+"},{"line_number":315,"context_line":"|event         |enum   |RW(No  |N/A      |enum       |ACCEPT/DROP or ALL can be specified. |"},{"line_number":316,"context_line":"|              |       |update)|         |           |ALL is set as default.               |"},{"line_number":317,"context_line":"+--------------+-------+-------+---------+-----------+-------------------------------------+"},{"line_number":318,"context_line":"|target_id     |string |RW(No  |N/A      |uuid       |ID of resource (which could be a port|"}],"source_content_type":"text/x-rst","patch_set":56,"id":"ba5201f7_d2f16302","line":315,"updated":"2017-01-09 08:41:05.000000000","message":"maybe the event should be a string and it is grouped with the resource type. for example if i would like to do logging for say resource allocations - ACCEPT/DENY would be limiting","commit_id":"03a47d2d678658df1ff6e4e979af4fcfd5088e32"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"df9a68e5e4e13ed3088741053d32593dd18e5c48","unresolved":false,"context_lines":[{"line_number":312,"context_line":"|              |       |       |         |           |For detail usage refer to            |"},{"line_number":313,"context_line":"|              |       |       |         |           |`Expected API behavior`_             |"},{"line_number":314,"context_line":"+--------------+-------+-------+---------+-----------+-------------------------------------+"},{"line_number":315,"context_line":"|event         |enum   |RW(No  |N/A      |enum       |ACCEPT/DROP or ALL can be specified. |"},{"line_number":316,"context_line":"|              |       |update)|         |           |ALL is set as default.               |"},{"line_number":317,"context_line":"+--------------+-------+-------+---------+-----------+-------------------------------------+"},{"line_number":318,"context_line":"|target_id     |string |RW(No  |N/A      |uuid       |ID of resource (which could be a port|"}],"source_content_type":"text/x-rst","patch_set":56,"id":"ba5201f7_56cf807e","line":315,"range":{"start_line":315,"start_character":16,"end_line":315,"end_character":20},"in_reply_to":"ba5201f7_30d3e4d6","updated":"2017-01-12 07:54:28.000000000","message":"Thanks, I will do.","commit_id":"03a47d2d678658df1ff6e4e979af4fcfd5088e32"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"b392bc501908067d0664a957f095e7a7a8ac5457","unresolved":false,"context_lines":[{"line_number":312,"context_line":"|              |       |       |         |           |For detail usage refer to            |"},{"line_number":313,"context_line":"|              |       |       |         |           |`Expected API behavior`_             |"},{"line_number":314,"context_line":"+--------------+-------+-------+---------+-----------+-------------------------------------+"},{"line_number":315,"context_line":"|event         |enum   |RW(No  |N/A      |enum       |ACCEPT/DROP or ALL can be specified. |"},{"line_number":316,"context_line":"|              |       |update)|         |           |ALL is set as default.               |"},{"line_number":317,"context_line":"+--------------+-------+-------+---------+-----------+-------------------------------------+"},{"line_number":318,"context_line":"|target_id     |string |RW(No  |N/A      |uuid       |ID of resource (which could be a port|"}],"source_content_type":"text/x-rst","patch_set":56,"id":"ba5201f7_24cebc5a","line":315,"in_reply_to":"ba5201f7_36f46086","updated":"2017-01-10 09:22:02.000000000","message":"It should be a string type for extending in future.","commit_id":"03a47d2d678658df1ff6e4e979af4fcfd5088e32"},{"author":{"_account_id":841,"name":"Akihiro Motoki","email":"amotoki@gmail.com","username":"amotoki"},"change_message_id":"74086885edb7e83a65ad3df66f28ccebcf84abbc","unresolved":false,"context_lines":[{"line_number":312,"context_line":"|              |       |       |         |           |For detail usage refer to            |"},{"line_number":313,"context_line":"|              |       |       |         |           |`Expected API behavior`_             |"},{"line_number":314,"context_line":"+--------------+-------+-------+---------+-----------+-------------------------------------+"},{"line_number":315,"context_line":"|event         |enum   |RW(No  |N/A      |enum       |ACCEPT/DROP or ALL can be specified. |"},{"line_number":316,"context_line":"|              |       |update)|         |           |ALL is set as default.               |"},{"line_number":317,"context_line":"+--------------+-------+-------+---------+-----------+-------------------------------------+"},{"line_number":318,"context_line":"|target_id     |string |RW(No  |N/A      |uuid       |ID of resource (which could be a port|"}],"source_content_type":"text/x-rst","patch_set":56,"id":"ba5201f7_36f46086","line":315,"in_reply_to":"ba5201f7_d2f16302","updated":"2017-01-09 10:16:04.000000000","message":"Good point. Valid values for \u0027event\u0027 field depend on resource_type.\n\nHonestly I am not sure which is better a string or an enum. A string might be an easier way. If there is a reason to use enum (for example, performance reason), the field should be defined per resource_type (like SG_ACCEPT, SG_DROP, SG_ALL), but it might have a problem in extensibility.","commit_id":"03a47d2d678658df1ff6e4e979af4fcfd5088e32"},{"author":{"_account_id":841,"name":"Akihiro Motoki","email":"amotoki@gmail.com","username":"amotoki"},"change_message_id":"74086885edb7e83a65ad3df66f28ccebcf84abbc","unresolved":false,"context_lines":[{"line_number":321,"context_line":"|              |       |       |         |           |target_id is specified, events       |"},{"line_number":322,"context_line":"|              |       |       |         |           |related to it will be colleted.      |"},{"line_number":323,"context_line":"|              |       |       |         |           |For detail usage refer to            |"},{"line_number":324,"context_line":"|              |       |       |         |           |`Expected API behavior`_             |"},{"line_number":325,"context_line":"+--------------+-------+-------+---------+-----------+-------------------------------------+"},{"line_number":326,"context_line":""},{"line_number":327,"context_line":""}],"source_content_type":"text/x-rst","patch_set":56,"id":"ba5201f7_b6ecd02a","line":324,"updated":"2017-01-09 10:16:04.000000000","message":"resource_id and target_id refer to other resources. In the implementation, you need to take care of race conditions carefully.\n\nFor example, project A creates SG A and admin creates a logging entry related to SG A. In this case project A can delete SG A when the logging entry related to SG A. The logging entry should work without error even after SG A has been deleted.\n\nIt is not necessarily mentioned in the spec, but it must be considered in the implementation.\n\nIf you have a chance to respin this spec, some mention would be appreciated.","commit_id":"03a47d2d678658df1ff6e4e979af4fcfd5088e32"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"b392bc501908067d0664a957f095e7a7a8ac5457","unresolved":false,"context_lines":[{"line_number":321,"context_line":"|              |       |       |         |           |target_id is specified, events       |"},{"line_number":322,"context_line":"|              |       |       |         |           |related to it will be colleted.      |"},{"line_number":323,"context_line":"|              |       |       |         |           |For detail usage refer to            |"},{"line_number":324,"context_line":"|              |       |       |         |           |`Expected API behavior`_             |"},{"line_number":325,"context_line":"+--------------+-------+-------+---------+-----------+-------------------------------------+"},{"line_number":326,"context_line":""},{"line_number":327,"context_line":""}],"source_content_type":"text/x-rst","patch_set":56,"id":"ba5201f7_e73f56d4","line":324,"in_reply_to":"ba5201f7_b6ecd02a","updated":"2017-01-10 09:22:02.000000000","message":"Actually, I have already considered about it on my implementation. Could you please review it on https://review.openstack.org/#/c/395504/10/neutron/services/logapi/logging_plugin.py@58 and https://review.openstack.org/#/c/395504/10/neutron/services/logapi/logging_plugin.py@69. Thanks.","commit_id":"03a47d2d678658df1ff6e4e979af4fcfd5088e32"},{"author":{"_account_id":841,"name":"Akihiro Motoki","email":"amotoki@gmail.com","username":"amotoki"},"change_message_id":"74086885edb7e83a65ad3df66f28ccebcf84abbc","unresolved":false,"context_lines":[{"line_number":346,"context_line":"            \u0027description\u0027: {\u0027allow_post\u0027: True, \u0027allow_put\u0027: True,"},{"line_number":347,"context_line":"                            \u0027validate\u0027: {\u0027type:string\u0027: attr.DESCRIPTION_MAX_LEN},"},{"line_number":348,"context_line":"                            \u0027default\u0027: \u0027\u0027, \u0027is_visible\u0027: True},"},{"line_number":349,"context_line":"            \u0027resource_type\u0027: {\u0027allow_post\u0027: True, \u0027allow_put\u0027: True,"},{"line_number":350,"context_line":"                              \u0027required_by_policy\u0027: True,"},{"line_number":351,"context_line":"                              \u0027validate\u0027: {\u0027type:validate_log_resource_type\u0027: None},"},{"line_number":352,"context_line":"                              \u0027is_visible\u0027: True},"}],"source_content_type":"text/x-rst","patch_set":56,"id":"ba5201f7_91f1af97","line":349,"range":{"start_line":349,"start_character":62,"end_line":349,"end_character":67},"updated":"2017-01-09 10:16:04.000000000","message":"Should it be False? resource_id, target_id and event cannot be updated. It sounds odd that  resource_type is updateable.","commit_id":"03a47d2d678658df1ff6e4e979af4fcfd5088e32"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"b392bc501908067d0664a957f095e7a7a8ac5457","unresolved":false,"context_lines":[{"line_number":346,"context_line":"            \u0027description\u0027: {\u0027allow_post\u0027: True, \u0027allow_put\u0027: True,"},{"line_number":347,"context_line":"                            \u0027validate\u0027: {\u0027type:string\u0027: attr.DESCRIPTION_MAX_LEN},"},{"line_number":348,"context_line":"                            \u0027default\u0027: \u0027\u0027, \u0027is_visible\u0027: True},"},{"line_number":349,"context_line":"            \u0027resource_type\u0027: {\u0027allow_post\u0027: True, \u0027allow_put\u0027: True,"},{"line_number":350,"context_line":"                              \u0027required_by_policy\u0027: True,"},{"line_number":351,"context_line":"                              \u0027validate\u0027: {\u0027type:validate_log_resource_type\u0027: None},"},{"line_number":352,"context_line":"                              \u0027is_visible\u0027: True},"}],"source_content_type":"text/x-rst","patch_set":56,"id":"ba5201f7_24f5dc82","line":349,"range":{"start_line":349,"start_character":62,"end_line":349,"end_character":67},"in_reply_to":"ba5201f7_91f1af97","updated":"2017-01-10 09:22:02.000000000","message":"Yes, It should. This is my mistake.","commit_id":"03a47d2d678658df1ff6e4e979af4fcfd5088e32"},{"author":{"_account_id":1653,"name":"garyk","email":"gkotton@vmware.com","username":"garyk"},"change_message_id":"2038c38613ac2234c459e52f64375cf7ccbfb23a","unresolved":false,"context_lines":[{"line_number":378,"context_line":"+------------------+-------------------------------------------------+-------+"},{"line_number":379,"context_line":"|log               |/logging/logs                                    |GET    |"},{"line_number":380,"context_line":"+------------------+-------------------------------------------------+-------+"},{"line_number":381,"context_line":"|log               |/logging/logs/{id}                               |GET    |"},{"line_number":382,"context_line":"+------------------+-------------------------------------------------+-------+"},{"line_number":383,"context_line":"|log               |/logging/logs/{id}                               |DELETE |"},{"line_number":384,"context_line":"+------------------+-------------------------------------------------+-------+"}],"source_content_type":"text/x-rst","patch_set":56,"id":"ba5201f7_895eaa43","line":381,"updated":"2017-01-02 07:19:52.000000000","message":"So the logging returns an ID. What does this mean? Is this the name of the file on the compute nodes? What do I do with this ID?","commit_id":"03a47d2d678658df1ff6e4e979af4fcfd5088e32"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"e810835d067846290c9dd66a6bd963fd94d6abc4","unresolved":false,"context_lines":[{"line_number":378,"context_line":"+------------------+-------------------------------------------------+-------+"},{"line_number":379,"context_line":"|log               |/logging/logs                                    |GET    |"},{"line_number":380,"context_line":"+------------------+-------------------------------------------------+-------+"},{"line_number":381,"context_line":"|log               |/logging/logs/{id}                               |GET    |"},{"line_number":382,"context_line":"+------------------+-------------------------------------------------+-------+"},{"line_number":383,"context_line":"|log               |/logging/logs/{id}                               |DELETE |"},{"line_number":384,"context_line":"+------------------+-------------------------------------------------+-------+"}],"source_content_type":"text/x-rst","patch_set":56,"id":"ba5201f7_b9e8dfb5","line":381,"in_reply_to":"ba5201f7_895eaa43","updated":"2017-01-04 08:58:41.000000000","message":"When you perform \u0027POST /v2.0/logging/logs\u0027. The logging service will return a log object which looks like:\n\n{\n    \"log\": {\n        \"name\": \"security group log\",\n        \"description\": \"Log for project demo.\",\n        \"id\": \"46ebaec0-0570-43ac-82f6-60d2b03168c4\",\n        \"project_id\": \"92a5a4f4245a4abbafacb7ca73b027b0\",\n        \"tenant_id\": \"92a5a4f4245a4abbafacb7ca73b027b0\",\n        \"enabled\": true,\n        \"resource_type\": \"security_group\",\n        \"resource_id\": null,\n        \"target_id\": null,\n        \"event\": \"ALL\"\n    }\n}\n\nLog-id is also used to specify the filename in compute nodes. \n\n\u003e How will the admin/tenant be able to access these log files to check the specific security groups?\n\nIf you want to log a specific security group, you should passing its security group ID to resource_id, then you can check the log file.","commit_id":"03a47d2d678658df1ff6e4e979af4fcfd5088e32"},{"author":{"_account_id":1653,"name":"garyk","email":"gkotton@vmware.com","username":"garyk"},"change_message_id":"2038c38613ac2234c459e52f64375cf7ccbfb23a","unresolved":false,"context_lines":[{"line_number":470,"context_line":"Alternatives"},{"line_number":471,"context_line":"------------"},{"line_number":472,"context_line":""},{"line_number":473,"context_line":"Changing the security-group API by adding \u0027logging\u0027 attribute to Security"},{"line_number":474,"context_line":"Group API resource. It would break the compatibility with the EC2 API [3]_."},{"line_number":475,"context_line":"And we should avoid changing FWaaS API by extend it [4]_."},{"line_number":476,"context_line":""}],"source_content_type":"text/x-rst","patch_set":56,"id":"ba5201f7_89778ad3","line":473,"updated":"2017-01-02 07:19:52.000000000","message":"i am actually in favor of extending the API of the security groups to have logging enabled per security group. I think that its a lot easier to understand and for a admin/tenant to make use of it.","commit_id":"03a47d2d678658df1ff6e4e979af4fcfd5088e32"},{"author":{"_account_id":841,"name":"Akihiro Motoki","email":"amotoki@gmail.com","username":"amotoki"},"change_message_id":"74086885edb7e83a65ad3df66f28ccebcf84abbc","unresolved":false,"context_lines":[{"line_number":470,"context_line":"Alternatives"},{"line_number":471,"context_line":"------------"},{"line_number":472,"context_line":""},{"line_number":473,"context_line":"Changing the security-group API by adding \u0027logging\u0027 attribute to Security"},{"line_number":474,"context_line":"Group API resource. It would break the compatibility with the EC2 API [3]_."},{"line_number":475,"context_line":"And we should avoid changing FWaaS API by extend it [4]_."},{"line_number":476,"context_line":""}],"source_content_type":"text/x-rst","patch_set":56,"id":"ba5201f7_962a6c2e","line":473,"in_reply_to":"ba5201f7_0bf43284","updated":"2017-01-09 10:16:04.000000000","message":"IMHO there is a case where a regular project creates a security group and admin defines a logging for the security group created by the regular project. I see a merit in defining the logging API separately. This is my main point. Gary\u0027s opinion works if a regular project defines a logging entry for its security group.\n\nIn addition, some other APIs like FWaaS seem to have the same demands. It sounds reasonable to me to define a separate API.\n\nMy two cents.","commit_id":"03a47d2d678658df1ff6e4e979af4fcfd5088e32"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"e810835d067846290c9dd66a6bd963fd94d6abc4","unresolved":false,"context_lines":[{"line_number":470,"context_line":"Alternatives"},{"line_number":471,"context_line":"------------"},{"line_number":472,"context_line":""},{"line_number":473,"context_line":"Changing the security-group API by adding \u0027logging\u0027 attribute to Security"},{"line_number":474,"context_line":"Group API resource. It would break the compatibility with the EC2 API [3]_."},{"line_number":475,"context_line":"And we should avoid changing FWaaS API by extend it [4]_."},{"line_number":476,"context_line":""}],"source_content_type":"text/x-rst","patch_set":56,"id":"ba5201f7_0bf43284","line":473,"in_reply_to":"ba5201f7_89778ad3","updated":"2017-01-04 08:58:41.000000000","message":"TBH, extending the security groups to have logging per security group is easier to understand. However, in my opinion, it can not resolve other common use cases: Collecting security events related to a specific port.\nOn the others hand, making logging feature be generic API help us be easier to apply it to other resources such as firewall. How do you think about that?","commit_id":"03a47d2d678658df1ff6e4e979af4fcfd5088e32"},{"author":{"_account_id":1653,"name":"garyk","email":"gkotton@vmware.com","username":"garyk"},"change_message_id":"2038c38613ac2234c459e52f64375cf7ccbfb23a","unresolved":false,"context_lines":[{"line_number":471,"context_line":"------------"},{"line_number":472,"context_line":""},{"line_number":473,"context_line":"Changing the security-group API by adding \u0027logging\u0027 attribute to Security"},{"line_number":474,"context_line":"Group API resource. It would break the compatibility with the EC2 API [3]_."},{"line_number":475,"context_line":"And we should avoid changing FWaaS API by extend it [4]_."},{"line_number":476,"context_line":""},{"line_number":477,"context_line":"Hence, the logging API allow enable logging is necessary."}],"source_content_type":"text/x-rst","patch_set":56,"id":"ba5201f7_a9744ecf","line":474,"updated":"2017-01-02 07:19:52.000000000","message":"Does this matter? I think that for a very long time we have not been compatible with the EC2 API","commit_id":"03a47d2d678658df1ff6e4e979af4fcfd5088e32"},{"author":{"_account_id":8726,"name":"Victor Morales","email":"chipahuac@hotmail.com","username":"electrocucaracha"},"change_message_id":"2968d2b385de4e479aaa83e80de80baa585f920c","unresolved":false,"context_lines":[{"line_number":502,"context_line":"  * Oslo versioned object database implementation"},{"line_number":503,"context_line":"  * Iptables based reference implementation"},{"line_number":504,"context_line":"  * OSC support"},{"line_number":505,"context_line":"  * Python-neutronclient support"},{"line_number":506,"context_line":""},{"line_number":507,"context_line":""},{"line_number":508,"context_line":"Dependencies"}],"source_content_type":"text/x-rst","patch_set":56,"id":"ba5201f7_00cd04b7","line":505,"range":{"start_line":505,"start_character":4,"end_line":505,"end_character":32},"updated":"2017-01-10 18:24:49.000000000","message":"Isn\u0027t this in process to be deprecated?","commit_id":"03a47d2d678658df1ff6e4e979af4fcfd5088e32"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"ecf17ee224a186adda03c17ef2475e8494182d4a","unresolved":false,"context_lines":[{"line_number":502,"context_line":"  * Oslo versioned object database implementation"},{"line_number":503,"context_line":"  * Iptables based reference implementation"},{"line_number":504,"context_line":"  * OSC support"},{"line_number":505,"context_line":"  * Python-neutronclient support"},{"line_number":506,"context_line":""},{"line_number":507,"context_line":""},{"line_number":508,"context_line":"Dependencies"}],"source_content_type":"text/x-rst","patch_set":56,"id":"ba5201f7_19bac10a","line":505,"range":{"start_line":505,"start_character":4,"end_line":505,"end_character":32},"in_reply_to":"ba5201f7_00cd04b7","updated":"2017-01-12 01:53:47.000000000","message":"Yes, It should be optional.","commit_id":"03a47d2d678658df1ff6e4e979af4fcfd5088e32"},{"author":{"_account_id":6854,"name":"YAMAMOTO Takashi","email":"yamamoto@midokura.com","username":"yamamoto"},"change_message_id":"0271878534e575035ed7183513edf3df16ce9586","unresolved":false,"context_lines":[{"line_number":180,"context_line":"    (4) collect events related to security groups in a tenant: in this case"},{"line_number":181,"context_line":"        operators do not pass any value to \u0027resource_id\u0027 or \u0027target_id\u0027."},{"line_number":182,"context_line":""},{"line_number":183,"context_line":"More details, we can log all ACCEPT events of every packets matched with"},{"line_number":184,"context_line":"security group rules including ESTABLISHED/RELATED ones. We can also log all DROP"},{"line_number":185,"context_line":"events of packets unmatched with any security group rules of all security groups"},{"line_number":186,"context_line":"configured on port(s), and log DROP events of INVALID packets as well."}],"source_content_type":"text/x-rst","patch_set":58,"id":"7a3c09a3_b6a40508","line":183,"range":{"start_line":183,"start_character":14,"end_line":183,"end_character":20},"updated":"2017-01-18 00:18:57.000000000","message":"i\u0027m not sure who \"we\" here are and what \"can\" imply.","commit_id":"05538ad6424a6ce6b801320d8c18bdf73df84733"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"b64e8ae51b696b3e2d22302bfb5aa0f587f59ee1","unresolved":false,"context_lines":[{"line_number":180,"context_line":"    (4) collect events related to security groups in a tenant: in this case"},{"line_number":181,"context_line":"        operators do not pass any value to \u0027resource_id\u0027 or \u0027target_id\u0027."},{"line_number":182,"context_line":""},{"line_number":183,"context_line":"More details, we can log all ACCEPT events of every packets matched with"},{"line_number":184,"context_line":"security group rules including ESTABLISHED/RELATED ones. We can also log all DROP"},{"line_number":185,"context_line":"events of packets unmatched with any security group rules of all security groups"},{"line_number":186,"context_line":"configured on port(s), and log DROP events of INVALID packets as well."}],"source_content_type":"text/x-rst","patch_set":58,"id":"7a3c09a3_04a59c45","line":183,"range":{"start_line":183,"start_character":14,"end_line":183,"end_character":20},"in_reply_to":"7a3c09a3_b6a40508","updated":"2017-01-18 08:38:38.000000000","message":"I mean that *logging system* will log these events depend on each use case.","commit_id":"05538ad6424a6ce6b801320d8c18bdf73df84733"},{"author":{"_account_id":6854,"name":"YAMAMOTO Takashi","email":"yamamoto@midokura.com","username":"yamamoto"},"change_message_id":"0271878534e575035ed7183513edf3df16ce9586","unresolved":false,"context_lines":[{"line_number":181,"context_line":"        operators do not pass any value to \u0027resource_id\u0027 or \u0027target_id\u0027."},{"line_number":182,"context_line":""},{"line_number":183,"context_line":"More details, we can log all ACCEPT events of every packets matched with"},{"line_number":184,"context_line":"security group rules including ESTABLISHED/RELATED ones. We can also log all DROP"},{"line_number":185,"context_line":"events of packets unmatched with any security group rules of all security groups"},{"line_number":186,"context_line":"configured on port(s), and log DROP events of INVALID packets as well."},{"line_number":187,"context_line":""}],"source_content_type":"text/x-rst","patch_set":58,"id":"7a3c09a3_b3b5f77e","line":184,"range":{"start_line":184,"start_character":31,"end_line":184,"end_character":50},"updated":"2017-01-18 00:18:57.000000000","message":"\"in case of iptables-based implementation\"","commit_id":"05538ad6424a6ce6b801320d8c18bdf73df84733"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"b64e8ae51b696b3e2d22302bfb5aa0f587f59ee1","unresolved":false,"context_lines":[{"line_number":181,"context_line":"        operators do not pass any value to \u0027resource_id\u0027 or \u0027target_id\u0027."},{"line_number":182,"context_line":""},{"line_number":183,"context_line":"More details, we can log all ACCEPT events of every packets matched with"},{"line_number":184,"context_line":"security group rules including ESTABLISHED/RELATED ones. We can also log all DROP"},{"line_number":185,"context_line":"events of packets unmatched with any security group rules of all security groups"},{"line_number":186,"context_line":"configured on port(s), and log DROP events of INVALID packets as well."},{"line_number":187,"context_line":""}],"source_content_type":"text/x-rst","patch_set":58,"id":"7a3c09a3_aed3bed3","line":184,"range":{"start_line":184,"start_character":31,"end_line":184,"end_character":50},"in_reply_to":"7a3c09a3_b3b5f77e","updated":"2017-01-18 08:38:38.000000000","message":"I will add that when i respin this spec.","commit_id":"05538ad6424a6ce6b801320d8c18bdf73df84733"},{"author":{"_account_id":6854,"name":"YAMAMOTO Takashi","email":"yamamoto@midokura.com","username":"yamamoto"},"change_message_id":"0271878534e575035ed7183513edf3df16ce9586","unresolved":false,"context_lines":[{"line_number":183,"context_line":"More details, we can log all ACCEPT events of every packets matched with"},{"line_number":184,"context_line":"security group rules including ESTABLISHED/RELATED ones. We can also log all DROP"},{"line_number":185,"context_line":"events of packets unmatched with any security group rules of all security groups"},{"line_number":186,"context_line":"configured on port(s), and log DROP events of INVALID packets as well."},{"line_number":187,"context_line":""},{"line_number":188,"context_line":"Please note that, depends on above use cases, if a new VM or a new security group or"},{"line_number":189,"context_line":"a new security group rule is launched, its related security events will be collected,"}],"source_content_type":"text/x-rst","patch_set":58,"id":"7a3c09a3_f3613f06","line":186,"range":{"start_line":186,"start_character":46,"end_line":186,"end_character":53},"updated":"2017-01-18 00:18:57.000000000","message":"\"in case of iptables-based implementation\"","commit_id":"05538ad6424a6ce6b801320d8c18bdf73df84733"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"b64e8ae51b696b3e2d22302bfb5aa0f587f59ee1","unresolved":false,"context_lines":[{"line_number":183,"context_line":"More details, we can log all ACCEPT events of every packets matched with"},{"line_number":184,"context_line":"security group rules including ESTABLISHED/RELATED ones. We can also log all DROP"},{"line_number":185,"context_line":"events of packets unmatched with any security group rules of all security groups"},{"line_number":186,"context_line":"configured on port(s), and log DROP events of INVALID packets as well."},{"line_number":187,"context_line":""},{"line_number":188,"context_line":"Please note that, depends on above use cases, if a new VM or a new security group or"},{"line_number":189,"context_line":"a new security group rule is launched, its related security events will be collected,"}],"source_content_type":"text/x-rst","patch_set":58,"id":"7a3c09a3_a470480c","line":186,"range":{"start_line":186,"start_character":46,"end_line":186,"end_character":53},"in_reply_to":"7a3c09a3_f3613f06","updated":"2017-01-18 08:38:38.000000000","message":"ditto","commit_id":"05538ad6424a6ce6b801320d8c18bdf73df84733"},{"author":{"_account_id":11762,"name":"Han Zhou","email":"zhouhan@gmail.com","username":"hanzhou"},"change_message_id":"c48b6a283bce320df980ddd795c5c3b5d77e8e6d","unresolved":false,"context_lines":[{"line_number":201,"context_line":"    (4) collect events related to security groups in a tenant: in this case"},{"line_number":202,"context_line":"        operators do not pass any value to \u0027resource_id\u0027 or \u0027target_id\u0027."},{"line_number":203,"context_line":""},{"line_number":204,"context_line":"More details, this API will log first packet has conntrack state *NEW*, which is matched"},{"line_number":205,"context_line":"with a security group rule for ACCEPT events. It will also log all packets unmatched with"},{"line_number":206,"context_line":"any security group rules of all security groups configured on port(s) and *INVALID* packets"},{"line_number":207,"context_line":"for DROP events."}],"source_content_type":"text/x-rst","patch_set":59,"id":"3a461143_a5e0c2cd","line":204,"range":{"start_line":204,"start_character":59,"end_line":204,"end_character":70},"updated":"2017-01-26 22:33:44.000000000","message":"This seems to be implementation details, but state *NEW* is not enough for logging. Consider that log is enabled when a connection is already established, user/operator would still want to see the existed connection appearing in logs.","commit_id":"c04463bb7a070d50fb60a226f385b111a7a2e60a"},{"author":{"_account_id":13702,"name":"yushiro","username":"yushiro","inactive":true},"change_message_id":"f6524183b81acc4c24d638c6d6ef03d97479b667","unresolved":false,"context_lines":[{"line_number":201,"context_line":"    (4) collect events related to security groups in a tenant: in this case"},{"line_number":202,"context_line":"        operators do not pass any value to \u0027resource_id\u0027 or \u0027target_id\u0027."},{"line_number":203,"context_line":""},{"line_number":204,"context_line":"More details, this API will log first packet has conntrack state *NEW*, which is matched"},{"line_number":205,"context_line":"with a security group rule for ACCEPT events. It will also log all packets unmatched with"},{"line_number":206,"context_line":"any security group rules of all security groups configured on port(s) and *INVALID* packets"},{"line_number":207,"context_line":"for DROP events."}],"source_content_type":"text/x-rst","patch_set":59,"id":"3a461143_8893d34e","line":204,"range":{"start_line":204,"start_character":59,"end_line":204,"end_character":70},"in_reply_to":"3a461143_a5e0c2cd","updated":"2017-01-27 07:24:25.000000000","message":"Sorry. This is wrong description.  In iptables based implementation, this API\nwill log *all* packet which is matched with security group rule for ACCEPT events\nat any states. It will also log all packets unmatched with any security group rules of all security groups configured on port(s) and *INVALID* packets for DROP events.","commit_id":"c04463bb7a070d50fb60a226f385b111a7a2e60a"},{"author":{"_account_id":1561,"name":"Russell Bryant","email":"rbryant@redhat.com","username":"russellb"},"change_message_id":"17c1c3aca5ea7e3454c5b36d3d99febf5035ca41","unresolved":false,"context_lines":[{"line_number":131,"context_line":"to iptables. Please refer to [2]_ for more details."},{"line_number":132,"context_line":""},{"line_number":133,"context_line":"For OVS firewall: OVSFirewallLoggingDriver will be a controller program (e.g use ryu)"},{"line_number":134,"context_line":"run in each compute node to handle packet_in to produce a log line per packet to a file."},{"line_number":135,"context_line":"In order to do that: controller program will insert \"actions\u003dcontroller\" to flows matched with"},{"line_number":136,"context_line":"security group rules has conntrack state is NEW to generate a packet_in message for ACCEPT"},{"line_number":137,"context_line":"event. The controller program will also insert flows with \u0027actions\u003dcontroller\u0027 before flows"}],"source_content_type":"text/x-rst","patch_set":60,"id":"ba2be162_cee617e8","line":134,"updated":"2017-02-28 14:14:19.000000000","message":"This is not going to perform well if you do this for every packet.  You really need some kind of rate limiting in the kernel or else this can easily cause significant performance impact to the host.  FWIW, that is being looked at as a part of implementing security group logging for OVN.","commit_id":"92fb5bfd09904ac6a6ff8b6c8f9c4ce179c140a6"},{"author":{"_account_id":13702,"name":"yushiro","username":"yushiro","inactive":true},"change_message_id":"af88070e0aba056f0467c86e476a6ab184417aae","unresolved":false,"context_lines":[{"line_number":131,"context_line":"to iptables. Please refer to [2]_ for more details."},{"line_number":132,"context_line":""},{"line_number":133,"context_line":"For OVS firewall: OVSFirewallLoggingDriver will be a controller program (e.g use ryu)"},{"line_number":134,"context_line":"run in each compute node to handle packet_in to produce a log line per packet to a file."},{"line_number":135,"context_line":"In order to do that: controller program will insert \"actions\u003dcontroller\" to flows matched with"},{"line_number":136,"context_line":"security group rules has conntrack state is NEW to generate a packet_in message for ACCEPT"},{"line_number":137,"context_line":"event. The controller program will also insert flows with \u0027actions\u003dcontroller\u0027 before flows"}],"source_content_type":"text/x-rst","patch_set":60,"id":"9a30ddce_dd180b21","line":134,"in_reply_to":"ba2be162_cee617e8","updated":"2017-03-09 12:59:26.000000000","message":"Thanks for your comment, Russel.  You\u0027re right.  I considered rate limit/burst limit features for logging.  Could you confirm next PS?","commit_id":"92fb5bfd09904ac6a6ff8b6c8f9c4ce179c140a6"},{"author":{"_account_id":9200,"name":"IWAMOTO Toshihiro","email":"iwamoto@valinux.co.jp","username":"toshii"},"change_message_id":"d665287d9894c60c3934f06dc4b8b999a91acd50","unresolved":false,"context_lines":[{"line_number":136,"context_line":"security group rules has conntrack state is NEW to generate a packet_in message for ACCEPT"},{"line_number":137,"context_line":"event. The controller program will also insert flows with \u0027actions\u003dcontroller\u0027 before flows"},{"line_number":138,"context_line":"has \u0027actions\u003ddrop\u0027 to generate packet_in messages for DROP event. For a flow example would"},{"line_number":139,"context_line":"look like::"},{"line_number":140,"context_line":""},{"line_number":141,"context_line":"    priority\u003d70,ct_state\u003d+est-rel-rpl,icmp,reg5\u003d0x1,dl_src\u003dfa:16:3e:a4:22:10 actions\u003dresubmit(,73)"},{"line_number":142,"context_line":"    priority\u003d70,ct_state\u003d+new-est,icmp,reg5\u003d0x1,dl_src\u003dfa:16:3e:a4:22:10 actions\u003dresubmit(,73),controller"}],"source_content_type":"text/x-rst","patch_set":60,"id":"fa31d9ce_51ca6d6f","line":139,"updated":"2017-02-13 09:02:31.000000000","message":"Are you going to use the existing controller (of_interface\u003dnative) or start another controller for logging. In the latter case, you\u0027ll need to use Nicira extension to specify controller_id in controller actions.","commit_id":"92fb5bfd09904ac6a6ff8b6c8f9c4ce179c140a6"},{"author":{"_account_id":13702,"name":"yushiro","username":"yushiro","inactive":true},"change_message_id":"af88070e0aba056f0467c86e476a6ab184417aae","unresolved":false,"context_lines":[{"line_number":136,"context_line":"security group rules has conntrack state is NEW to generate a packet_in message for ACCEPT"},{"line_number":137,"context_line":"event. The controller program will also insert flows with \u0027actions\u003dcontroller\u0027 before flows"},{"line_number":138,"context_line":"has \u0027actions\u003ddrop\u0027 to generate packet_in messages for DROP event. For a flow example would"},{"line_number":139,"context_line":"look like::"},{"line_number":140,"context_line":""},{"line_number":141,"context_line":"    priority\u003d70,ct_state\u003d+est-rel-rpl,icmp,reg5\u003d0x1,dl_src\u003dfa:16:3e:a4:22:10 actions\u003dresubmit(,73)"},{"line_number":142,"context_line":"    priority\u003d70,ct_state\u003d+new-est,icmp,reg5\u003d0x1,dl_src\u003dfa:16:3e:a4:22:10 actions\u003dresubmit(,73),controller"}],"source_content_type":"text/x-rst","patch_set":60,"id":"da36d5c6_2aaa2086","line":139,"in_reply_to":"fa31d9ce_51ca6d6f","updated":"2017-03-09 12:59:26.000000000","message":"Initially, we\u0027ll use native one.","commit_id":"92fb5bfd09904ac6a6ff8b6c8f9c4ce179c140a6"},{"author":{"_account_id":9200,"name":"IWAMOTO Toshihiro","email":"iwamoto@valinux.co.jp","username":"toshii"},"change_message_id":"d665287d9894c60c3934f06dc4b8b999a91acd50","unresolved":false,"context_lines":[{"line_number":141,"context_line":"    priority\u003d70,ct_state\u003d+est-rel-rpl,icmp,reg5\u003d0x1,dl_src\u003dfa:16:3e:a4:22:10 actions\u003dresubmit(,73)"},{"line_number":142,"context_line":"    priority\u003d70,ct_state\u003d+new-est,icmp,reg5\u003d0x1,dl_src\u003dfa:16:3e:a4:22:10 actions\u003dresubmit(,73),controller"},{"line_number":143,"context_line":"    priority\u003d50,ct_state\u003d+inv+trk actions\u003dcontroller"},{"line_number":144,"context_line":"    priority\u003d50,ct_state\u003d+inv+trk actions\u003ddrop"},{"line_number":145,"context_line":"    priority\u003d50,ct_mark\u003d0x1,reg5\u003d0x1 actions\u003ddrop"},{"line_number":146,"context_line":"    priority\u003d50,ct_state\u003d+est-rel+rpl,ct_zone\u003d644,ct_mark\u003d0,reg5\u003d0x1 actions\u003dNORMAL"},{"line_number":147,"context_line":"    priority\u003d50,ct_state\u003d-new-est+rel-inv,ct_zone\u003d644,ct_mark\u003d0,reg5\u003d0x1actions\u003dNORMAL"}],"source_content_type":"text/x-rst","patch_set":60,"id":"fa31d9ce_f1ca81a0","line":144,"updated":"2017-02-13 09:02:31.000000000","message":"The openflow spec says if there are multiple matched rules at the same priority, the result is undefined. You\u0027ll want to avoid L143 and L144 to coexist.\n\nIn this case actions\u003dcontroller should stop further processing and actions\u003ddrop wouldn\u0027t be needed, iiuc.","commit_id":"92fb5bfd09904ac6a6ff8b6c8f9c4ce179c140a6"},{"author":{"_account_id":13702,"name":"yushiro","username":"yushiro","inactive":true},"change_message_id":"af88070e0aba056f0467c86e476a6ab184417aae","unresolved":false,"context_lines":[{"line_number":141,"context_line":"    priority\u003d70,ct_state\u003d+est-rel-rpl,icmp,reg5\u003d0x1,dl_src\u003dfa:16:3e:a4:22:10 actions\u003dresubmit(,73)"},{"line_number":142,"context_line":"    priority\u003d70,ct_state\u003d+new-est,icmp,reg5\u003d0x1,dl_src\u003dfa:16:3e:a4:22:10 actions\u003dresubmit(,73),controller"},{"line_number":143,"context_line":"    priority\u003d50,ct_state\u003d+inv+trk actions\u003dcontroller"},{"line_number":144,"context_line":"    priority\u003d50,ct_state\u003d+inv+trk actions\u003ddrop"},{"line_number":145,"context_line":"    priority\u003d50,ct_mark\u003d0x1,reg5\u003d0x1 actions\u003ddrop"},{"line_number":146,"context_line":"    priority\u003d50,ct_state\u003d+est-rel+rpl,ct_zone\u003d644,ct_mark\u003d0,reg5\u003d0x1 actions\u003dNORMAL"},{"line_number":147,"context_line":"    priority\u003d50,ct_state\u003d-new-est+rel-inv,ct_zone\u003d644,ct_mark\u003d0,reg5\u003d0x1actions\u003dNORMAL"}],"source_content_type":"text/x-rst","patch_set":60,"id":"da36d5c6_ea9f2863","line":144,"in_reply_to":"fa31d9ce_f1ca81a0","updated":"2017-03-09 12:59:26.000000000","message":"OK, I\u0027ll remove L.144(actions\u003ddrop)","commit_id":"92fb5bfd09904ac6a6ff8b6c8f9c4ce179c140a6"},{"author":{"_account_id":9200,"name":"IWAMOTO Toshihiro","email":"iwamoto@valinux.co.jp","username":"toshii"},"change_message_id":"d665287d9894c60c3934f06dc4b8b999a91acd50","unresolved":false,"context_lines":[{"line_number":203,"context_line":"        operators do not pass any value to \u0027resource_id\u0027 or \u0027target_id\u0027."},{"line_number":204,"context_line":""},{"line_number":205,"context_line":"More details, this API will log all packet which is matched with security"},{"line_number":206,"context_line":"group rule for ACCEPT events at any states. It will also log all packets"},{"line_number":207,"context_line":"which is unmatched with any security group rules of all security groups"},{"line_number":208,"context_line":"configured on port(s) and *INVALID* packets for DROP events."},{"line_number":209,"context_line":""}],"source_content_type":"text/x-rst","patch_set":60,"id":"fa31d9ce_568503ab","line":206,"updated":"2017-02-13 09:02:31.000000000","message":"In PS58 comments, Yamamoto-san implied ovsfw logging cannot log packets in some states. Please reflect that.\n\nI\u0027m not sure when ovsfw will replace iptables impl., but my advice is to avoid implementing extra features in  IptablesLoggingDriver which (feature) cannot be implemented in the ovsfw counterpart. ;)","commit_id":"92fb5bfd09904ac6a6ff8b6c8f9c4ce179c140a6"},{"author":{"_account_id":13702,"name":"yushiro","username":"yushiro","inactive":true},"change_message_id":"af88070e0aba056f0467c86e476a6ab184417aae","unresolved":false,"context_lines":[{"line_number":203,"context_line":"        operators do not pass any value to \u0027resource_id\u0027 or \u0027target_id\u0027."},{"line_number":204,"context_line":""},{"line_number":205,"context_line":"More details, this API will log all packet which is matched with security"},{"line_number":206,"context_line":"group rule for ACCEPT events at any states. It will also log all packets"},{"line_number":207,"context_line":"which is unmatched with any security group rules of all security groups"},{"line_number":208,"context_line":"configured on port(s) and *INVALID* packets for DROP events."},{"line_number":209,"context_line":""}],"source_content_type":"text/x-rst","patch_set":60,"id":"ba2be162_4b2059f8","line":206,"in_reply_to":"fa31d9ce_568503ab","updated":"2017-03-09 12:59:26.000000000","message":"Thanks for your comment.  I discussed in PTG and decided to capture first ACCEPT packet.  It should be aligned same level implementation b/w OVS native firewall and iptables.","commit_id":"92fb5bfd09904ac6a6ff8b6c8f9c4ce179c140a6"}],"specs/pike/logging-API-for-security-group-rules.rst":[{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"3fbd40dea392895f24d0b6d17422df6c5c434e9c","unresolved":false,"context_lines":[{"line_number":235,"context_line":""},{"line_number":236,"context_line":"This spec needs more works in the future:"},{"line_number":237,"context_line":""},{"line_number":238,"context_line":"* Implementation for OVS firewall logging."},{"line_number":239,"context_line":"* exposing the logging API for tenants (e.g by using RBAC)."},{"line_number":240,"context_line":""},{"line_number":241,"context_line":""}],"source_content_type":"text/x-rst","patch_set":61,"id":"1a1ced50_a5491e33","line":238,"range":{"start_line":238,"start_character":0,"end_line":238,"end_character":42},"updated":"2017-03-23 01:59:36.000000000","message":"It should be removed.","commit_id":"9491892b736a7eea4f2780421be5ffe50266d1a0"},{"author":{"_account_id":9200,"name":"IWAMOTO Toshihiro","email":"iwamoto@valinux.co.jp","username":"toshii"},"change_message_id":"6babc46042186ff8d3e5f61a01fb2c3d833443b7","unresolved":false,"context_lines":[{"line_number":10,"context_line":""},{"line_number":11,"context_line":"https://bugs.launchpad.net/neutron/+bug/1468366"},{"line_number":12,"context_line":""},{"line_number":13,"context_line":"This spec implements a way to capture and store events related tosecurity"},{"line_number":14,"context_line":"groups."},{"line_number":15,"context_line":""},{"line_number":16,"context_line":"Problem Description"}],"source_content_type":"text/x-rst","patch_set":64,"id":"5ff73747_6007da19","line":13,"range":{"start_line":13,"start_character":65,"end_line":13,"end_character":73},"updated":"2017-05-02 01:56:24.000000000","message":"missing space.","commit_id":"461f1f9638c8b771439ccbcffe99efc7f4e4d077"},{"author":{"_account_id":13702,"name":"yushiro","username":"yushiro","inactive":true},"change_message_id":"4ed19453d0c6b15005434f29849d8f6d51399ab9","unresolved":false,"context_lines":[{"line_number":10,"context_line":""},{"line_number":11,"context_line":"https://bugs.launchpad.net/neutron/+bug/1468366"},{"line_number":12,"context_line":""},{"line_number":13,"context_line":"This spec implements a way to capture and store events related tosecurity"},{"line_number":14,"context_line":"groups."},{"line_number":15,"context_line":""},{"line_number":16,"context_line":"Problem Description"}],"source_content_type":"text/x-rst","patch_set":64,"id":"5ff73747_50c11e2e","line":13,"range":{"start_line":13,"start_character":65,"end_line":13,"end_character":73},"in_reply_to":"5ff73747_6007da19","updated":"2017-05-04 07:32:17.000000000","message":"Done","commit_id":"461f1f9638c8b771439ccbcffe99efc7f4e4d077"},{"author":{"_account_id":9200,"name":"IWAMOTO Toshihiro","email":"iwamoto@valinux.co.jp","username":"toshii"},"change_message_id":"6babc46042186ff8d3e5f61a01fb2c3d833443b7","unresolved":false,"context_lines":[{"line_number":27,"context_line":""},{"line_number":28,"context_line":"In addition, these logs can also be used for debugging security groups (help"},{"line_number":29,"context_line":"project make sure security group rules work as expected or not). However"},{"line_number":30,"context_line":"this is not the main goal since other approaches existed (e.g TaaS, tcpdump)"},{"line_number":31,"context_line":"to fix the same problem."},{"line_number":32,"context_line":""},{"line_number":33,"context_line":"In Neutron, all traffic allowed/dropped on instances are managed by security"}],"source_content_type":"text/x-rst","patch_set":64,"id":"5ff73747_003ed6b6","line":30,"range":{"start_line":30,"start_character":49,"end_line":30,"end_character":56},"updated":"2017-05-02 01:56:24.000000000","message":"present tense fits better here, IMO.","commit_id":"461f1f9638c8b771439ccbcffe99efc7f4e4d077"},{"author":{"_account_id":13702,"name":"yushiro","username":"yushiro","inactive":true},"change_message_id":"4ed19453d0c6b15005434f29849d8f6d51399ab9","unresolved":false,"context_lines":[{"line_number":27,"context_line":""},{"line_number":28,"context_line":"In addition, these logs can also be used for debugging security groups (help"},{"line_number":29,"context_line":"project make sure security group rules work as expected or not). However"},{"line_number":30,"context_line":"this is not the main goal since other approaches existed (e.g TaaS, tcpdump)"},{"line_number":31,"context_line":"to fix the same problem."},{"line_number":32,"context_line":""},{"line_number":33,"context_line":"In Neutron, all traffic allowed/dropped on instances are managed by security"}],"source_content_type":"text/x-rst","patch_set":64,"id":"5ff73747_b0f8627c","line":30,"range":{"start_line":30,"start_character":49,"end_line":30,"end_character":56},"in_reply_to":"5ff73747_003ed6b6","updated":"2017-05-04 07:32:17.000000000","message":"Done","commit_id":"461f1f9638c8b771439ccbcffe99efc7f4e4d077"},{"author":{"_account_id":9200,"name":"IWAMOTO Toshihiro","email":"iwamoto@valinux.co.jp","username":"toshii"},"change_message_id":"6babc46042186ff8d3e5f61a01fb2c3d833443b7","unresolved":false,"context_lines":[{"line_number":45,"context_line":"more details."},{"line_number":46,"context_line":""},{"line_number":47,"context_line":"This spec implements logging API for security groups for OVS native firewall"},{"line_number":48,"context_line":"(OVS) and Iptables-based (Linux Brigde) for *operator-only*. It also lays out"},{"line_number":49,"context_line":"a model which can be extended to other resources (e.g Firewall logging) easily."},{"line_number":50,"context_line":""},{"line_number":51,"context_line":"Initially, we have both PoC for OVS native firewall and Iptables-based logging."}],"source_content_type":"text/x-rst","patch_set":64,"id":"5ff73747_eb706b74","line":48,"range":{"start_line":48,"start_character":43,"end_line":48,"end_character":61},"updated":"2017-05-02 01:56:24.000000000","message":"operator !\u003d project admin ?\n\nIIUC, the logging API is available to project admins but log files aren\u0027t.  What do you mean here?","commit_id":"461f1f9638c8b771439ccbcffe99efc7f4e4d077"},{"author":{"_account_id":841,"name":"Akihiro Motoki","email":"amotoki@gmail.com","username":"amotoki"},"change_message_id":"c92397f8b94f07ba45bf51a4c3bbb1d5b2e321b4","unresolved":false,"context_lines":[{"line_number":45,"context_line":"more details."},{"line_number":46,"context_line":""},{"line_number":47,"context_line":"This spec implements logging API for security groups for OVS native firewall"},{"line_number":48,"context_line":"(OVS) and Iptables-based (Linux Brigde) for *operator-only*. It also lays out"},{"line_number":49,"context_line":"a model which can be extended to other resources (e.g Firewall logging) easily."},{"line_number":50,"context_line":""},{"line_number":51,"context_line":"Initially, we have both PoC for OVS native firewall and Iptables-based logging."}],"source_content_type":"text/x-rst","patch_set":64,"id":"3f044301_a21828d3","line":48,"in_reply_to":"5ff73747_50e0fe96","updated":"2017-05-17 13:01:44.000000000","message":"\u0027operator\u0027 looks good to me as it means folks who can access their infra or backend services. The meaning of \"admin\" varies depending on a context and we now have \u0027admin\u0027, \u0027domain admin\u0027 or something. in addition we have \u0027service\u0027 users now.","commit_id":"461f1f9638c8b771439ccbcffe99efc7f4e4d077"},{"author":{"_account_id":13702,"name":"yushiro","username":"yushiro","inactive":true},"change_message_id":"4ed19453d0c6b15005434f29849d8f6d51399ab9","unresolved":false,"context_lines":[{"line_number":45,"context_line":"more details."},{"line_number":46,"context_line":""},{"line_number":47,"context_line":"This spec implements logging API for security groups for OVS native firewall"},{"line_number":48,"context_line":"(OVS) and Iptables-based (Linux Brigde) for *operator-only*. It also lays out"},{"line_number":49,"context_line":"a model which can be extended to other resources (e.g Firewall logging) easily."},{"line_number":50,"context_line":""},{"line_number":51,"context_line":"Initially, we have both PoC for OVS native firewall and Iptables-based logging."}],"source_content_type":"text/x-rst","patch_set":64,"id":"5ff73747_50e0fe96","line":48,"in_reply_to":"5ff73747_eb706b74","updated":"2017-05-04 07:32:17.000000000","message":"It is similar to \u0027admin privileged\u0027 and including \u0027project admin\u0027.  But this description came from some core-reviewer so I won\u0027t change this one.","commit_id":"461f1f9638c8b771439ccbcffe99efc7f4e4d077"},{"author":{"_account_id":9200,"name":"IWAMOTO Toshihiro","email":"iwamoto@valinux.co.jp","username":"toshii"},"change_message_id":"6babc46042186ff8d3e5f61a01fb2c3d833443b7","unresolved":false,"context_lines":[{"line_number":49,"context_line":"a model which can be extended to other resources (e.g Firewall logging) easily."},{"line_number":50,"context_line":""},{"line_number":51,"context_line":"Initially, we have both PoC for OVS native firewall and Iptables-based logging."},{"line_number":52,"context_line":"The OVS native firewall logging will be completely support first as it now"},{"line_number":53,"context_line":"becoming a default driver, Iptables-based logging will be finished later."},{"line_number":54,"context_line":"This API was considered to work consistently between OVS native firewall and"},{"line_number":55,"context_line":"Iptables-based logging."}],"source_content_type":"text/x-rst","patch_set":64,"id":"5ff73747_80a0a6f5","line":52,"range":{"start_line":52,"start_character":68,"end_line":52,"end_character":71},"updated":"2017-05-02 01:56:24.000000000","message":"it is ?","commit_id":"461f1f9638c8b771439ccbcffe99efc7f4e4d077"},{"author":{"_account_id":9200,"name":"IWAMOTO Toshihiro","email":"iwamoto@valinux.co.jp","username":"toshii"},"change_message_id":"6babc46042186ff8d3e5f61a01fb2c3d833443b7","unresolved":false,"context_lines":[{"line_number":49,"context_line":"a model which can be extended to other resources (e.g Firewall logging) easily."},{"line_number":50,"context_line":""},{"line_number":51,"context_line":"Initially, we have both PoC for OVS native firewall and Iptables-based logging."},{"line_number":52,"context_line":"The OVS native firewall logging will be completely support first as it now"},{"line_number":53,"context_line":"becoming a default driver, Iptables-based logging will be finished later."},{"line_number":54,"context_line":"This API was considered to work consistently between OVS native firewall and"},{"line_number":55,"context_line":"Iptables-based logging."}],"source_content_type":"text/x-rst","patch_set":64,"id":"5ff73747_e061aad4","line":52,"range":{"start_line":52,"start_character":51,"end_line":52,"end_character":59},"updated":"2017-05-02 01:56:24.000000000","message":"supported?","commit_id":"461f1f9638c8b771439ccbcffe99efc7f4e4d077"},{"author":{"_account_id":13702,"name":"yushiro","username":"yushiro","inactive":true},"change_message_id":"4ed19453d0c6b15005434f29849d8f6d51399ab9","unresolved":false,"context_lines":[{"line_number":49,"context_line":"a model which can be extended to other resources (e.g Firewall logging) easily."},{"line_number":50,"context_line":""},{"line_number":51,"context_line":"Initially, we have both PoC for OVS native firewall and Iptables-based logging."},{"line_number":52,"context_line":"The OVS native firewall logging will be completely support first as it now"},{"line_number":53,"context_line":"becoming a default driver, Iptables-based logging will be finished later."},{"line_number":54,"context_line":"This API was considered to work consistently between OVS native firewall and"},{"line_number":55,"context_line":"Iptables-based logging."}],"source_content_type":"text/x-rst","patch_set":64,"id":"5ff73747_309452e8","line":52,"range":{"start_line":52,"start_character":68,"end_line":52,"end_character":71},"in_reply_to":"5ff73747_80a0a6f5","updated":"2017-05-04 07:32:17.000000000","message":"Done","commit_id":"461f1f9638c8b771439ccbcffe99efc7f4e4d077"},{"author":{"_account_id":13702,"name":"yushiro","username":"yushiro","inactive":true},"change_message_id":"4ed19453d0c6b15005434f29849d8f6d51399ab9","unresolved":false,"context_lines":[{"line_number":49,"context_line":"a model which can be extended to other resources (e.g Firewall logging) easily."},{"line_number":50,"context_line":""},{"line_number":51,"context_line":"Initially, we have both PoC for OVS native firewall and Iptables-based logging."},{"line_number":52,"context_line":"The OVS native firewall logging will be completely support first as it now"},{"line_number":53,"context_line":"becoming a default driver, Iptables-based logging will be finished later."},{"line_number":54,"context_line":"This API was considered to work consistently between OVS native firewall and"},{"line_number":55,"context_line":"Iptables-based logging."}],"source_content_type":"text/x-rst","patch_set":64,"id":"5ff73747_f0e82a7d","line":52,"range":{"start_line":52,"start_character":51,"end_line":52,"end_character":59},"in_reply_to":"5ff73747_e061aad4","updated":"2017-05-04 07:32:17.000000000","message":"Done","commit_id":"461f1f9638c8b771439ccbcffe99efc7f4e4d077"},{"author":{"_account_id":9200,"name":"IWAMOTO Toshihiro","email":"iwamoto@valinux.co.jp","username":"toshii"},"change_message_id":"6babc46042186ff8d3e5f61a01fb2c3d833443b7","unresolved":false,"context_lines":[{"line_number":142,"context_line":"* For ingress tables::"},{"line_number":143,"context_line":""},{"line_number":144,"context_line":"    table\u003d82, priority\u003d73,ct_state\u003d+new-est,icmp,reg5\u003d0xa,dl_dst\u003dfa:16:3e:1d:d0:8b actions\u003dct(commit,zone\u003dNXM_NX_REG6[0..15]),strip_vlan,output:10,CONTROLLER:65535"},{"line_number":145,"context_line":"    table\u003d82, priority\u003d70,ct_state\u003d+new-est,icmp,reg5\u003d0xa,dl_dst\u003dfa:16:3e:1d:d0:8b actions\u003dct(commit,zone\u003dNXM_NX_REG6[0..15]),strip_vlan,output:10"},{"line_number":146,"context_line":"    table\u003d82, priority\u003d70,ct_state\u003d+est-rel-rpl,icmp,reg5\u003d0xa,dl_dst\u003dfa:16:3e:1d:d0:8b actions\u003dstrip_vlan,output:10"},{"line_number":147,"context_line":"    table\u003d82, priority\u003d53,ct_mark\u003d0x1,reg5\u003d0xa actions\u003dCONTROLLER:65535"},{"line_number":148,"context_line":"    table\u003d82, priority\u003d50,ct_mark\u003d0x1,reg5\u003d0xa actions\u003ddrop"}],"source_content_type":"text/x-rst","patch_set":64,"id":"5ff73747_80a666c0","line":145,"updated":"2017-05-02 01:56:24.000000000","message":"This flow is redundant.\nOr is it by design?","commit_id":"461f1f9638c8b771439ccbcffe99efc7f4e4d077"},{"author":{"_account_id":841,"name":"Akihiro Motoki","email":"amotoki@gmail.com","username":"amotoki"},"change_message_id":"042f489a054696000e4e4ac8a9bad7564590f8fa","unresolved":false,"context_lines":[{"line_number":142,"context_line":"* For ingress tables::"},{"line_number":143,"context_line":""},{"line_number":144,"context_line":"    table\u003d82, priority\u003d73,ct_state\u003d+new-est,icmp,reg5\u003d0xa,dl_dst\u003dfa:16:3e:1d:d0:8b actions\u003dct(commit,zone\u003dNXM_NX_REG6[0..15]),strip_vlan,output:10,CONTROLLER:65535"},{"line_number":145,"context_line":"    table\u003d82, priority\u003d70,ct_state\u003d+new-est,icmp,reg5\u003d0xa,dl_dst\u003dfa:16:3e:1d:d0:8b actions\u003dct(commit,zone\u003dNXM_NX_REG6[0..15]),strip_vlan,output:10"},{"line_number":146,"context_line":"    table\u003d82, priority\u003d70,ct_state\u003d+est-rel-rpl,icmp,reg5\u003d0xa,dl_dst\u003dfa:16:3e:1d:d0:8b actions\u003dstrip_vlan,output:10"},{"line_number":147,"context_line":"    table\u003d82, priority\u003d53,ct_mark\u003d0x1,reg5\u003d0xa actions\u003dCONTROLLER:65535"},{"line_number":148,"context_line":"    table\u003d82, priority\u003d50,ct_mark\u003d0x1,reg5\u003d0xa actions\u003ddrop"}],"source_content_type":"text/x-rst","patch_set":64,"id":"ff0f0b1f_8812eab0","line":145,"in_reply_to":"1f013ff3_6e576804","updated":"2017-05-18 03:14:07.000000000","message":"Is it a highly architecture decision or just an implementation decision? If the latter, we can discuss it in the code review rather than the spec review. If your -1 is due to the implementation approach in the current proposed code review, it should be done in the code review.\n\nIn my understanding, this kind of flow rules or equivalent ones are required for logging. Although the action might be different somehow, some similar behavior is required.\n\nWe already have a consensus in almost all portions and I think we can move this ahead. After the code review, we may reach some better approach. If so, you can update the spec document accordingly.\n\nIs it worth discussed in the spec review?","commit_id":"461f1f9638c8b771439ccbcffe99efc7f4e4d077"},{"author":{"_account_id":9200,"name":"IWAMOTO Toshihiro","email":"iwamoto@valinux.co.jp","username":"toshii"},"change_message_id":"6df96272b43167fa5890ad96a917aea140567edf","unresolved":false,"context_lines":[{"line_number":142,"context_line":"* For ingress tables::"},{"line_number":143,"context_line":""},{"line_number":144,"context_line":"    table\u003d82, priority\u003d73,ct_state\u003d+new-est,icmp,reg5\u003d0xa,dl_dst\u003dfa:16:3e:1d:d0:8b actions\u003dct(commit,zone\u003dNXM_NX_REG6[0..15]),strip_vlan,output:10,CONTROLLER:65535"},{"line_number":145,"context_line":"    table\u003d82, priority\u003d70,ct_state\u003d+new-est,icmp,reg5\u003d0xa,dl_dst\u003dfa:16:3e:1d:d0:8b actions\u003dct(commit,zone\u003dNXM_NX_REG6[0..15]),strip_vlan,output:10"},{"line_number":146,"context_line":"    table\u003d82, priority\u003d70,ct_state\u003d+est-rel-rpl,icmp,reg5\u003d0xa,dl_dst\u003dfa:16:3e:1d:d0:8b actions\u003dstrip_vlan,output:10"},{"line_number":147,"context_line":"    table\u003d82, priority\u003d53,ct_mark\u003d0x1,reg5\u003d0xa actions\u003dCONTROLLER:65535"},{"line_number":148,"context_line":"    table\u003d82, priority\u003d50,ct_mark\u003d0x1,reg5\u003d0xa actions\u003ddrop"}],"source_content_type":"text/x-rst","patch_set":64,"id":"1f013ff3_6e576804","line":145,"in_reply_to":"1f013ff3_9f8c2180","updated":"2017-05-17 04:07:28.000000000","message":"Your impl copies a lot of ovsfw code to generate such flows with the same match fields and a higher priority.  IMO, such code is hard to maintain and when these codes get out of sync, you can get a broken logging or broken firewall without any warnings.\n\nI think it\u0027s highly desirable to integrate logging flow codes into ovsfw to avoid such trouble. When they are integrated, we won\u0027t need such redundancy in flows.","commit_id":"461f1f9638c8b771439ccbcffe99efc7f4e4d077"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"c76a72c491410d4de2e3bb9695d9db14b141a721","unresolved":false,"context_lines":[{"line_number":142,"context_line":"* For ingress tables::"},{"line_number":143,"context_line":""},{"line_number":144,"context_line":"    table\u003d82, priority\u003d73,ct_state\u003d+new-est,icmp,reg5\u003d0xa,dl_dst\u003dfa:16:3e:1d:d0:8b actions\u003dct(commit,zone\u003dNXM_NX_REG6[0..15]),strip_vlan,output:10,CONTROLLER:65535"},{"line_number":145,"context_line":"    table\u003d82, priority\u003d70,ct_state\u003d+new-est,icmp,reg5\u003d0xa,dl_dst\u003dfa:16:3e:1d:d0:8b actions\u003dct(commit,zone\u003dNXM_NX_REG6[0..15]),strip_vlan,output:10"},{"line_number":146,"context_line":"    table\u003d82, priority\u003d70,ct_state\u003d+est-rel-rpl,icmp,reg5\u003d0xa,dl_dst\u003dfa:16:3e:1d:d0:8b actions\u003dstrip_vlan,output:10"},{"line_number":147,"context_line":"    table\u003d82, priority\u003d53,ct_mark\u003d0x1,reg5\u003d0xa actions\u003dCONTROLLER:65535"},{"line_number":148,"context_line":"    table\u003d82, priority\u003d50,ct_mark\u003d0x1,reg5\u003d0xa actions\u003ddrop"}],"source_content_type":"text/x-rst","patch_set":64,"id":"1f013ff3_9f8c2180","line":145,"in_reply_to":"3f044301_30d09b1f","updated":"2017-05-17 03:26:28.000000000","message":"Actually, we are designing these flows to separate sg-rule-flows of security group and sg-rule-log-flows of loggingapi extension. Therefore we can manage and remove sg-rule-log-flows easier. What do you think? Do you have a better solution for that?","commit_id":"461f1f9638c8b771439ccbcffe99efc7f4e4d077"},{"author":{"_account_id":9200,"name":"IWAMOTO Toshihiro","email":"iwamoto@valinux.co.jp","username":"toshii"},"change_message_id":"c9f10ed1049d0d66df63d6e619d7151f5d4cdcd3","unresolved":false,"context_lines":[{"line_number":142,"context_line":"* For ingress tables::"},{"line_number":143,"context_line":""},{"line_number":144,"context_line":"    table\u003d82, priority\u003d73,ct_state\u003d+new-est,icmp,reg5\u003d0xa,dl_dst\u003dfa:16:3e:1d:d0:8b actions\u003dct(commit,zone\u003dNXM_NX_REG6[0..15]),strip_vlan,output:10,CONTROLLER:65535"},{"line_number":145,"context_line":"    table\u003d82, priority\u003d70,ct_state\u003d+new-est,icmp,reg5\u003d0xa,dl_dst\u003dfa:16:3e:1d:d0:8b actions\u003dct(commit,zone\u003dNXM_NX_REG6[0..15]),strip_vlan,output:10"},{"line_number":146,"context_line":"    table\u003d82, priority\u003d70,ct_state\u003d+est-rel-rpl,icmp,reg5\u003d0xa,dl_dst\u003dfa:16:3e:1d:d0:8b actions\u003dstrip_vlan,output:10"},{"line_number":147,"context_line":"    table\u003d82, priority\u003d53,ct_mark\u003d0x1,reg5\u003d0xa actions\u003dCONTROLLER:65535"},{"line_number":148,"context_line":"    table\u003d82, priority\u003d50,ct_mark\u003d0x1,reg5\u003d0xa actions\u003ddrop"}],"source_content_type":"text/x-rst","patch_set":64,"id":"3f044301_30d09b1f","line":145,"in_reply_to":"5ff73747_3030d207","updated":"2017-05-08 02:18:32.000000000","message":"So you chose to mask ovsfw flows with the same matching fields but with a higher priority. Won\u0027t that cause future maintenance headaches?","commit_id":"461f1f9638c8b771439ccbcffe99efc7f4e4d077"},{"author":{"_account_id":13702,"name":"yushiro","username":"yushiro","inactive":true},"change_message_id":"4ed19453d0c6b15005434f29849d8f6d51399ab9","unresolved":false,"context_lines":[{"line_number":142,"context_line":"* For ingress tables::"},{"line_number":143,"context_line":""},{"line_number":144,"context_line":"    table\u003d82, priority\u003d73,ct_state\u003d+new-est,icmp,reg5\u003d0xa,dl_dst\u003dfa:16:3e:1d:d0:8b actions\u003dct(commit,zone\u003dNXM_NX_REG6[0..15]),strip_vlan,output:10,CONTROLLER:65535"},{"line_number":145,"context_line":"    table\u003d82, priority\u003d70,ct_state\u003d+new-est,icmp,reg5\u003d0xa,dl_dst\u003dfa:16:3e:1d:d0:8b actions\u003dct(commit,zone\u003dNXM_NX_REG6[0..15]),strip_vlan,output:10"},{"line_number":146,"context_line":"    table\u003d82, priority\u003d70,ct_state\u003d+est-rel-rpl,icmp,reg5\u003d0xa,dl_dst\u003dfa:16:3e:1d:d0:8b actions\u003dstrip_vlan,output:10"},{"line_number":147,"context_line":"    table\u003d82, priority\u003d53,ct_mark\u003d0x1,reg5\u003d0xa actions\u003dCONTROLLER:65535"},{"line_number":148,"context_line":"    table\u003d82, priority\u003d50,ct_mark\u003d0x1,reg5\u003d0xa actions\u003ddrop"}],"source_content_type":"text/x-rst","patch_set":64,"id":"5ff73747_3030d207","line":145,"in_reply_to":"5ff73747_80a666c0","updated":"2017-05-04 07:32:17.000000000","message":"Not redundant but current design.  \u0027priority\u003d73...\u0027 is flow log rule which will be inserted for logging.","commit_id":"461f1f9638c8b771439ccbcffe99efc7f4e4d077"},{"author":{"_account_id":9200,"name":"IWAMOTO Toshihiro","email":"iwamoto@valinux.co.jp","username":"toshii"},"change_message_id":"9e4c060ee133346537461af9110992ded0fad582","unresolved":false,"context_lines":[{"line_number":142,"context_line":"* For ingress tables::"},{"line_number":143,"context_line":""},{"line_number":144,"context_line":"    table\u003d82, priority\u003d73,ct_state\u003d+new-est,icmp,reg5\u003d0xa,dl_dst\u003dfa:16:3e:1d:d0:8b actions\u003dct(commit,zone\u003dNXM_NX_REG6[0..15]),strip_vlan,output:10,CONTROLLER:65535"},{"line_number":145,"context_line":"    table\u003d82, priority\u003d70,ct_state\u003d+new-est,icmp,reg5\u003d0xa,dl_dst\u003dfa:16:3e:1d:d0:8b actions\u003dct(commit,zone\u003dNXM_NX_REG6[0..15]),strip_vlan,output:10"},{"line_number":146,"context_line":"    table\u003d82, priority\u003d70,ct_state\u003d+est-rel-rpl,icmp,reg5\u003d0xa,dl_dst\u003dfa:16:3e:1d:d0:8b actions\u003dstrip_vlan,output:10"},{"line_number":147,"context_line":"    table\u003d82, priority\u003d53,ct_mark\u003d0x1,reg5\u003d0xa actions\u003dCONTROLLER:65535"},{"line_number":148,"context_line":"    table\u003d82, priority\u003d50,ct_mark\u003d0x1,reg5\u003d0xa actions\u003ddrop"}],"source_content_type":"text/x-rst","patch_set":64,"id":"ff0f0b1f_23f3ffa0","line":145,"in_reply_to":"ff0f0b1f_8812eab0","updated":"2017-05-18 03:59:50.000000000","message":"I thought those redundant flows imply a specific implementation.\n\nOk. Let\u0027s move forward and update this flow example later, if needed.","commit_id":"461f1f9638c8b771439ccbcffe99efc7f4e4d077"},{"author":{"_account_id":9200,"name":"IWAMOTO Toshihiro","email":"iwamoto@valinux.co.jp","username":"toshii"},"change_message_id":"6babc46042186ff8d3e5f61a01fb2c3d833443b7","unresolved":false,"context_lines":[{"line_number":145,"context_line":"    table\u003d82, priority\u003d70,ct_state\u003d+new-est,icmp,reg5\u003d0xa,dl_dst\u003dfa:16:3e:1d:d0:8b actions\u003dct(commit,zone\u003dNXM_NX_REG6[0..15]),strip_vlan,output:10"},{"line_number":146,"context_line":"    table\u003d82, priority\u003d70,ct_state\u003d+est-rel-rpl,icmp,reg5\u003d0xa,dl_dst\u003dfa:16:3e:1d:d0:8b actions\u003dstrip_vlan,output:10"},{"line_number":147,"context_line":"    table\u003d82, priority\u003d53,ct_mark\u003d0x1,reg5\u003d0xa actions\u003dCONTROLLER:65535"},{"line_number":148,"context_line":"    table\u003d82, priority\u003d50,ct_mark\u003d0x1,reg5\u003d0xa actions\u003ddrop"},{"line_number":149,"context_line":"    table\u003d82, priority\u003d50,ct_state\u003d+inv+trk actions\u003ddrop"},{"line_number":150,"context_line":"    table\u003d82, priority\u003d50,ct_state\u003d+est-rel+rpl,ct_zone\u003d1,ct_mark\u003d0,reg5\u003d0xa,dl_dst\u003dfa:16:3e:1d:d0:8b actions\u003dstrip_vlan,output:10"},{"line_number":151,"context_line":"    table\u003d82, priority\u003d50,ct_state\u003d-new-est+rel-inv,ct_zone\u003d1,ct_mark\u003d0,reg5\u003d0xa,dl_dst\u003dfa:16:3e:1d:d0:8b actions\u003dstrip_vlan,output:10"}],"source_content_type":"text/x-rst","patch_set":64,"id":"5ff73747_a08cc235","line":148,"updated":"2017-05-02 01:56:24.000000000","message":"ditto","commit_id":"461f1f9638c8b771439ccbcffe99efc7f4e4d077"},{"author":{"_account_id":13702,"name":"yushiro","username":"yushiro","inactive":true},"change_message_id":"4ed19453d0c6b15005434f29849d8f6d51399ab9","unresolved":false,"context_lines":[{"line_number":145,"context_line":"    table\u003d82, priority\u003d70,ct_state\u003d+new-est,icmp,reg5\u003d0xa,dl_dst\u003dfa:16:3e:1d:d0:8b actions\u003dct(commit,zone\u003dNXM_NX_REG6[0..15]),strip_vlan,output:10"},{"line_number":146,"context_line":"    table\u003d82, priority\u003d70,ct_state\u003d+est-rel-rpl,icmp,reg5\u003d0xa,dl_dst\u003dfa:16:3e:1d:d0:8b actions\u003dstrip_vlan,output:10"},{"line_number":147,"context_line":"    table\u003d82, priority\u003d53,ct_mark\u003d0x1,reg5\u003d0xa actions\u003dCONTROLLER:65535"},{"line_number":148,"context_line":"    table\u003d82, priority\u003d50,ct_mark\u003d0x1,reg5\u003d0xa actions\u003ddrop"},{"line_number":149,"context_line":"    table\u003d82, priority\u003d50,ct_state\u003d+inv+trk actions\u003ddrop"},{"line_number":150,"context_line":"    table\u003d82, priority\u003d50,ct_state\u003d+est-rel+rpl,ct_zone\u003d1,ct_mark\u003d0,reg5\u003d0xa,dl_dst\u003dfa:16:3e:1d:d0:8b actions\u003dstrip_vlan,output:10"},{"line_number":151,"context_line":"    table\u003d82, priority\u003d50,ct_state\u003d-new-est+rel-inv,ct_zone\u003d1,ct_mark\u003d0,reg5\u003d0xa,dl_dst\u003dfa:16:3e:1d:d0:8b actions\u003dstrip_vlan,output:10"}],"source_content_type":"text/x-rst","patch_set":64,"id":"5ff73747_fb55abfb","line":148,"in_reply_to":"5ff73747_a08cc235","updated":"2017-05-04 07:32:17.000000000","message":"Plz check #145","commit_id":"461f1f9638c8b771439ccbcffe99efc7f4e4d077"},{"author":{"_account_id":9200,"name":"IWAMOTO Toshihiro","email":"iwamoto@valinux.co.jp","username":"toshii"},"change_message_id":"6babc46042186ff8d3e5f61a01fb2c3d833443b7","unresolved":false,"context_lines":[{"line_number":150,"context_line":"    table\u003d82, priority\u003d50,ct_state\u003d+est-rel+rpl,ct_zone\u003d1,ct_mark\u003d0,reg5\u003d0xa,dl_dst\u003dfa:16:3e:1d:d0:8b actions\u003dstrip_vlan,output:10"},{"line_number":151,"context_line":"    table\u003d82, priority\u003d50,ct_state\u003d-new-est+rel-inv,ct_zone\u003d1,ct_mark\u003d0,reg5\u003d0xa,dl_dst\u003dfa:16:3e:1d:d0:8b actions\u003dstrip_vlan,output:10"},{"line_number":152,"context_line":"    table\u003d82, priority\u003d43,ct_state\u003d-est,reg5\u003d0xa actions\u003dCONTROLLER:65535"},{"line_number":153,"context_line":"    table\u003d82, priority\u003d40,ct_state\u003d-est,reg5\u003d0xa actions\u003ddrop"},{"line_number":154,"context_line":"    table\u003d82, priority\u003d40,ct_state\u003d+est,ip,reg5\u003d0xa actions\u003dct(commit,zone\u003dNXM_NX_REG6[0..15],exec(load:0x1-\u003eNXM_NX_CT_MARK[]))"},{"line_number":155,"context_line":"    table\u003d82, priority\u003d40,ct_state\u003d+est,ipv6,reg5\u003d0xa actions\u003dct(commit,zone\u003dNXM_NX_REG6[0..15],exec(load:0x1-\u003eNXM_NX_CT_MARK[]))"},{"line_number":156,"context_line":"    table\u003d82, priority\u003d0 actions\u003ddrop"}],"source_content_type":"text/x-rst","patch_set":64,"id":"5ff73747_e0752a33","line":153,"updated":"2017-05-02 01:56:24.000000000","message":"ditto","commit_id":"461f1f9638c8b771439ccbcffe99efc7f4e4d077"},{"author":{"_account_id":13702,"name":"yushiro","username":"yushiro","inactive":true},"change_message_id":"4ed19453d0c6b15005434f29849d8f6d51399ab9","unresolved":false,"context_lines":[{"line_number":150,"context_line":"    table\u003d82, priority\u003d50,ct_state\u003d+est-rel+rpl,ct_zone\u003d1,ct_mark\u003d0,reg5\u003d0xa,dl_dst\u003dfa:16:3e:1d:d0:8b actions\u003dstrip_vlan,output:10"},{"line_number":151,"context_line":"    table\u003d82, priority\u003d50,ct_state\u003d-new-est+rel-inv,ct_zone\u003d1,ct_mark\u003d0,reg5\u003d0xa,dl_dst\u003dfa:16:3e:1d:d0:8b actions\u003dstrip_vlan,output:10"},{"line_number":152,"context_line":"    table\u003d82, priority\u003d43,ct_state\u003d-est,reg5\u003d0xa actions\u003dCONTROLLER:65535"},{"line_number":153,"context_line":"    table\u003d82, priority\u003d40,ct_state\u003d-est,reg5\u003d0xa actions\u003ddrop"},{"line_number":154,"context_line":"    table\u003d82, priority\u003d40,ct_state\u003d+est,ip,reg5\u003d0xa actions\u003dct(commit,zone\u003dNXM_NX_REG6[0..15],exec(load:0x1-\u003eNXM_NX_CT_MARK[]))"},{"line_number":155,"context_line":"    table\u003d82, priority\u003d40,ct_state\u003d+est,ipv6,reg5\u003d0xa actions\u003dct(commit,zone\u003dNXM_NX_REG6[0..15],exec(load:0x1-\u003eNXM_NX_CT_MARK[]))"},{"line_number":156,"context_line":"    table\u003d82, priority\u003d0 actions\u003ddrop"}],"source_content_type":"text/x-rst","patch_set":64,"id":"5ff73747_db5aef28","line":153,"in_reply_to":"5ff73747_e0752a33","updated":"2017-05-04 07:32:17.000000000","message":"Plz check #145","commit_id":"461f1f9638c8b771439ccbcffe99efc7f4e4d077"},{"author":{"_account_id":9200,"name":"IWAMOTO Toshihiro","email":"iwamoto@valinux.co.jp","username":"toshii"},"change_message_id":"6babc46042186ff8d3e5f61a01fb2c3d833443b7","unresolved":false,"context_lines":[{"line_number":171,"context_line":"    table\u003d72, priority\u003d40,ct_state\u003d+est,ipv6,reg5\u003d0xa actions\u003dct(commit,zone\u003dNXM_NX_REG6[0..15],exec(load:0x1-\u003eNXM_NX_CT_MARK[]))"},{"line_number":172,"context_line":"    table\u003d72,  priority\u003d0 actions\u003ddrop"},{"line_number":173,"context_line":""},{"line_number":174,"context_line":"The reference implementation can be found in [4]_."},{"line_number":175,"context_line":""},{"line_number":176,"context_line":"For Iptables-based: IptablesLoggingDriver implementation is quite clear."},{"line_number":177,"context_line":"IptablesLoggingDriver just adds NFLOG rules to iptables. Please refer to [4]_"}],"source_content_type":"text/x-rst","patch_set":64,"id":"5ff73747_cbb6cf3e","line":174,"updated":"2017-05-02 01:56:24.000000000","message":"You achieve project isolation by port number?\nI think it is better to explicitly mention that.","commit_id":"461f1f9638c8b771439ccbcffe99efc7f4e4d077"},{"author":{"_account_id":13702,"name":"yushiro","username":"yushiro","inactive":true},"change_message_id":"4ed19453d0c6b15005434f29849d8f6d51399ab9","unresolved":false,"context_lines":[{"line_number":171,"context_line":"    table\u003d72, priority\u003d40,ct_state\u003d+est,ipv6,reg5\u003d0xa actions\u003dct(commit,zone\u003dNXM_NX_REG6[0..15],exec(load:0x1-\u003eNXM_NX_CT_MARK[]))"},{"line_number":172,"context_line":"    table\u003d72,  priority\u003d0 actions\u003ddrop"},{"line_number":173,"context_line":""},{"line_number":174,"context_line":"The reference implementation can be found in [4]_."},{"line_number":175,"context_line":""},{"line_number":176,"context_line":"For Iptables-based: IptablesLoggingDriver implementation is quite clear."},{"line_number":177,"context_line":"IptablesLoggingDriver just adds NFLOG rules to iptables. Please refer to [4]_"}],"source_content_type":"text/x-rst","patch_set":64,"id":"3f044301_46bce368","line":174,"in_reply_to":"5ff73747_cbb6cf3e","updated":"2017-05-04 07:32:17.000000000","message":"Correct.  I\u0027ll add this description into paragraph #133","commit_id":"461f1f9638c8b771439ccbcffe99efc7f4e4d077"},{"author":{"_account_id":9200,"name":"IWAMOTO Toshihiro","email":"iwamoto@valinux.co.jp","username":"toshii"},"change_message_id":"6babc46042186ff8d3e5f61a01fb2c3d833443b7","unresolved":false,"context_lines":[{"line_number":174,"context_line":"The reference implementation can be found in [4]_."},{"line_number":175,"context_line":""},{"line_number":176,"context_line":"For Iptables-based: IptablesLoggingDriver implementation is quite clear."},{"line_number":177,"context_line":"IptablesLoggingDriver just adds NFLOG rules to iptables. Please refer to [4]_"},{"line_number":178,"context_line":"for more details."},{"line_number":179,"context_line":""},{"line_number":180,"context_line":"Cloud deployers can choose **log_driver** for OVS native firewall driver or"}],"source_content_type":"text/x-rst","patch_set":64,"id":"5ff73747_60feba6b","line":177,"updated":"2017-05-02 01:56:24.000000000","message":"Saying \"look at the implementation\" in a spec is like challenging the meaning of specs, IMO ;)\nAnd [4] doesn\u0027t seem to contain iptables code.","commit_id":"461f1f9638c8b771439ccbcffe99efc7f4e4d077"},{"author":{"_account_id":13702,"name":"yushiro","username":"yushiro","inactive":true},"change_message_id":"4ed19453d0c6b15005434f29849d8f6d51399ab9","unresolved":false,"context_lines":[{"line_number":174,"context_line":"The reference implementation can be found in [4]_."},{"line_number":175,"context_line":""},{"line_number":176,"context_line":"For Iptables-based: IptablesLoggingDriver implementation is quite clear."},{"line_number":177,"context_line":"IptablesLoggingDriver just adds NFLOG rules to iptables. Please refer to [4]_"},{"line_number":178,"context_line":"for more details."},{"line_number":179,"context_line":""},{"line_number":180,"context_line":"Cloud deployers can choose **log_driver** for OVS native firewall driver or"}],"source_content_type":"text/x-rst","patch_set":64,"id":"5ff73747_db866fdc","line":177,"in_reply_to":"5ff73747_60feba6b","updated":"2017-05-04 07:32:17.000000000","message":"No-no, we didn\u0027t say such representation.  TBH, We just wanted to inform that feasibility with having some WIPs.\nRegarding [4]_, I missed link.  https://review.openstack.org/#/c/445827/","commit_id":"461f1f9638c8b771439ccbcffe99efc7f4e4d077"},{"author":{"_account_id":9200,"name":"IWAMOTO Toshihiro","email":"iwamoto@valinux.co.jp","username":"toshii"},"change_message_id":"6babc46042186ff8d3e5f61a01fb2c3d833443b7","unresolved":false,"context_lines":[{"line_number":446,"context_line":""},{"line_number":447,"context_line":"The volume of log highly depends on user traffic. It affects performance and"},{"line_number":448,"context_line":"it is a potential security impact (a kind of DoS)."},{"line_number":449,"context_line":""},{"line_number":450,"context_line":""},{"line_number":451,"context_line":"Notifications Impact"},{"line_number":452,"context_line":"--------------------"}],"source_content_type":"text/x-rst","patch_set":64,"id":"5ff73747_abb82310","line":449,"updated":"2017-05-02 01:56:24.000000000","message":"Will it cause information leak via log files when misconfigured or badly implemented?","commit_id":"461f1f9638c8b771439ccbcffe99efc7f4e4d077"},{"author":{"_account_id":15471,"name":"Nguyen Phuong An","email":"annp.cs51@gmail.com","username":"An-FVL"},"change_message_id":"c76a72c491410d4de2e3bb9695d9db14b141a721","unresolved":false,"context_lines":[{"line_number":446,"context_line":""},{"line_number":447,"context_line":"The volume of log highly depends on user traffic. It affects performance and"},{"line_number":448,"context_line":"it is a potential security impact (a kind of DoS)."},{"line_number":449,"context_line":""},{"line_number":450,"context_line":""},{"line_number":451,"context_line":"Notifications Impact"},{"line_number":452,"context_line":"--------------------"}],"source_content_type":"text/x-rst","patch_set":64,"id":"1f013ff3_ff4a0525","line":449,"in_reply_to":"3f044301_d0ebb7d9","updated":"2017-05-17 03:26:28.000000000","message":"Thanks for your understanding.","commit_id":"461f1f9638c8b771439ccbcffe99efc7f4e4d077"},{"author":{"_account_id":9200,"name":"IWAMOTO Toshihiro","email":"iwamoto@valinux.co.jp","username":"toshii"},"change_message_id":"c9f10ed1049d0d66df63d6e619d7151f5d4cdcd3","unresolved":false,"context_lines":[{"line_number":446,"context_line":""},{"line_number":447,"context_line":"The volume of log highly depends on user traffic. It affects performance and"},{"line_number":448,"context_line":"it is a potential security impact (a kind of DoS)."},{"line_number":449,"context_line":""},{"line_number":450,"context_line":""},{"line_number":451,"context_line":"Notifications Impact"},{"line_number":452,"context_line":"--------------------"}],"source_content_type":"text/x-rst","patch_set":64,"id":"3f044301_d0ebb7d9","line":449,"in_reply_to":"5ff73747_5b17ffee","updated":"2017-05-08 02:18:32.000000000","message":"In theory, you are right.\nYou are going to mix potentially sensible data into a single large bag. It\u0027s ok as long as things are done right.","commit_id":"461f1f9638c8b771439ccbcffe99efc7f4e4d077"},{"author":{"_account_id":13702,"name":"yushiro","username":"yushiro","inactive":true},"change_message_id":"4ed19453d0c6b15005434f29849d8f6d51399ab9","unresolved":false,"context_lines":[{"line_number":446,"context_line":""},{"line_number":447,"context_line":"The volume of log highly depends on user traffic. It affects performance and"},{"line_number":448,"context_line":"it is a potential security impact (a kind of DoS)."},{"line_number":449,"context_line":""},{"line_number":450,"context_line":""},{"line_number":451,"context_line":"Notifications Impact"},{"line_number":452,"context_line":"--------------------"}],"source_content_type":"text/x-rst","patch_set":64,"id":"5ff73747_5b17ffee","line":449,"in_reply_to":"5ff73747_abb82310","updated":"2017-05-04 07:32:17.000000000","message":"Sorry.  I don\u0027t understand \u0027badly implemented\u0027.  If it is occurred misconfiguration, unnecessary log data will be stored into syslog(for example)  OVS flow rule for logging is inserted via port-number, so that I believe it won\u0027t leak information.","commit_id":"461f1f9638c8b771439ccbcffe99efc7f4e4d077"},{"author":{"_account_id":9200,"name":"IWAMOTO Toshihiro","email":"iwamoto@valinux.co.jp","username":"toshii"},"change_message_id":"6babc46042186ff8d3e5f61a01fb2c3d833443b7","unresolved":false,"context_lines":[{"line_number":490,"context_line":"Performance Impact"},{"line_number":491,"context_line":"------------------"},{"line_number":492,"context_line":""},{"line_number":493,"context_line":"Currently, logged data will be stored into files. So this may be raised a little"},{"line_number":494,"context_line":"bit performance overhead."},{"line_number":495,"context_line":""},{"line_number":496,"context_line":"IPv6 Impact"}],"source_content_type":"text/x-rst","patch_set":64,"id":"5ff73747_2b42d30f","line":493,"range":{"start_line":493,"start_character":62,"end_line":493,"end_character":71},"updated":"2017-05-02 01:56:24.000000000","message":"increase","commit_id":"461f1f9638c8b771439ccbcffe99efc7f4e4d077"},{"author":{"_account_id":13702,"name":"yushiro","username":"yushiro","inactive":true},"change_message_id":"4ed19453d0c6b15005434f29849d8f6d51399ab9","unresolved":false,"context_lines":[{"line_number":490,"context_line":"Performance Impact"},{"line_number":491,"context_line":"------------------"},{"line_number":492,"context_line":""},{"line_number":493,"context_line":"Currently, logged data will be stored into files. So this may be raised a little"},{"line_number":494,"context_line":"bit performance overhead."},{"line_number":495,"context_line":""},{"line_number":496,"context_line":"IPv6 Impact"}],"source_content_type":"text/x-rst","patch_set":64,"id":"5ff73747_bbade3eb","line":493,"range":{"start_line":493,"start_character":62,"end_line":493,"end_character":71},"in_reply_to":"5ff73747_2b42d30f","updated":"2017-05-04 07:32:17.000000000","message":"Done","commit_id":"461f1f9638c8b771439ccbcffe99efc7f4e4d077"},{"author":{"_account_id":841,"name":"Akihiro Motoki","email":"amotoki@gmail.com","username":"amotoki"},"change_message_id":"12133283a537a4b71eac5211e181359b4a67b730","unresolved":false,"context_lines":[{"line_number":50,"context_line":""},{"line_number":51,"context_line":"Initially, we have both PoC for OVS native firewall and Iptables-based logging."},{"line_number":52,"context_line":"The OVS native firewall logging will be completely supported first as it  is"},{"line_number":53,"context_line":"now becoming a default driver, Iptables-based logging will be finished later."},{"line_number":54,"context_line":"This API was considered to work consistently between OVS native firewall and"},{"line_number":55,"context_line":"Iptables-based logging."},{"line_number":56,"context_line":""}],"source_content_type":"text/x-rst","patch_set":65,"id":"3f044301_e21d10be","line":53,"range":{"start_line":53,"start_character":13,"end_line":53,"end_character":15},"updated":"2017-05-05 08:06:22.000000000","message":"the","commit_id":"ebbf3f487cb4e91b7a3094990cf8228f6bc5ffbd"},{"author":{"_account_id":13702,"name":"yushiro","username":"yushiro","inactive":true},"change_message_id":"6c0a185e259d19a80c8c6882925f5afdcc3726f3","unresolved":false,"context_lines":[{"line_number":50,"context_line":""},{"line_number":51,"context_line":"Initially, we have both PoC for OVS native firewall and Iptables-based logging."},{"line_number":52,"context_line":"The OVS native firewall logging will be completely supported first as it  is"},{"line_number":53,"context_line":"now becoming a default driver, Iptables-based logging will be finished later."},{"line_number":54,"context_line":"This API was considered to work consistently between OVS native firewall and"},{"line_number":55,"context_line":"Iptables-based logging."},{"line_number":56,"context_line":""}],"source_content_type":"text/x-rst","patch_set":65,"id":"1f013ff3_aab598f0","line":53,"range":{"start_line":53,"start_character":13,"end_line":53,"end_character":15},"in_reply_to":"3f044301_e21d10be","updated":"2017-05-15 11:49:52.000000000","message":"Done","commit_id":"ebbf3f487cb4e91b7a3094990cf8228f6bc5ffbd"},{"author":{"_account_id":841,"name":"Akihiro Motoki","email":"amotoki@gmail.com","username":"amotoki"},"change_message_id":"12133283a537a4b71eac5211e181359b4a67b730","unresolved":false,"context_lines":[{"line_number":51,"context_line":"Initially, we have both PoC for OVS native firewall and Iptables-based logging."},{"line_number":52,"context_line":"The OVS native firewall logging will be completely supported first as it  is"},{"line_number":53,"context_line":"now becoming a default driver, Iptables-based logging will be finished later."},{"line_number":54,"context_line":"This API was considered to work consistently between OVS native firewall and"},{"line_number":55,"context_line":"Iptables-based logging."},{"line_number":56,"context_line":""},{"line_number":57,"context_line":"Regarding **multiple driver environment**, this feature will have a similar"}],"source_content_type":"text/x-rst","patch_set":65,"id":"3f044301_6287c0d9","line":54,"range":{"start_line":54,"start_character":9,"end_line":54,"end_character":12},"updated":"2017-05-05 08:06:22.000000000","message":"is?","commit_id":"ebbf3f487cb4e91b7a3094990cf8228f6bc5ffbd"},{"author":{"_account_id":13702,"name":"yushiro","username":"yushiro","inactive":true},"change_message_id":"6c0a185e259d19a80c8c6882925f5afdcc3726f3","unresolved":false,"context_lines":[{"line_number":51,"context_line":"Initially, we have both PoC for OVS native firewall and Iptables-based logging."},{"line_number":52,"context_line":"The OVS native firewall logging will be completely supported first as it  is"},{"line_number":53,"context_line":"now becoming a default driver, Iptables-based logging will be finished later."},{"line_number":54,"context_line":"This API was considered to work consistently between OVS native firewall and"},{"line_number":55,"context_line":"Iptables-based logging."},{"line_number":56,"context_line":""},{"line_number":57,"context_line":"Regarding **multiple driver environment**, this feature will have a similar"}],"source_content_type":"text/x-rst","patch_set":65,"id":"1f013ff3_8abadcdb","line":54,"range":{"start_line":54,"start_character":9,"end_line":54,"end_character":12},"in_reply_to":"3f044301_6287c0d9","updated":"2017-05-15 11:49:52.000000000","message":"Done","commit_id":"ebbf3f487cb4e91b7a3094990cf8228f6bc5ffbd"},{"author":{"_account_id":841,"name":"Akihiro Motoki","email":"amotoki@gmail.com","username":"amotoki"},"change_message_id":"12133283a537a4b71eac5211e181359b4a67b730","unresolved":false,"context_lines":[{"line_number":85,"context_line":"The LoggingExtension is an agent extension. It is common for all logging"},{"line_number":86,"context_line":"resources like security groups and firewall. The LoggingExtension will receive"},{"line_number":87,"context_line":"CREATED/UPDATED/DELETED events of the logging resource and pass these events"},{"line_number":88,"context_line":"to logging drivers. Each logging driver defines the resources are supported by"},{"line_number":89,"context_line":"it. In case of security group, we can have a security group logging driver"},{"line_number":90,"context_line":"implemented as OVSFirewallLogging or IptablesLoggingDriver."},{"line_number":91,"context_line":""},{"line_number":92,"context_line":"Class design of LoggingExtension would look like::"}],"source_content_type":"text/x-rst","patch_set":65,"id":"3f044301_829e4c05","line":89,"range":{"start_line":88,"start_character":48,"end_line":89,"end_character":3},"updated":"2017-05-05 08:06:22.000000000","message":"-\u003e the resources it supports","commit_id":"ebbf3f487cb4e91b7a3094990cf8228f6bc5ffbd"},{"author":{"_account_id":13702,"name":"yushiro","username":"yushiro","inactive":true},"change_message_id":"6c0a185e259d19a80c8c6882925f5afdcc3726f3","unresolved":false,"context_lines":[{"line_number":85,"context_line":"The LoggingExtension is an agent extension. It is common for all logging"},{"line_number":86,"context_line":"resources like security groups and firewall. The LoggingExtension will receive"},{"line_number":87,"context_line":"CREATED/UPDATED/DELETED events of the logging resource and pass these events"},{"line_number":88,"context_line":"to logging drivers. Each logging driver defines the resources are supported by"},{"line_number":89,"context_line":"it. In case of security group, we can have a security group logging driver"},{"line_number":90,"context_line":"implemented as OVSFirewallLogging or IptablesLoggingDriver."},{"line_number":91,"context_line":""},{"line_number":92,"context_line":"Class design of LoggingExtension would look like::"}],"source_content_type":"text/x-rst","patch_set":65,"id":"1f013ff3_05323ff2","line":89,"range":{"start_line":88,"start_character":48,"end_line":89,"end_character":3},"in_reply_to":"3f044301_829e4c05","updated":"2017-05-15 11:49:52.000000000","message":"Done","commit_id":"ebbf3f487cb4e91b7a3094990cf8228f6bc5ffbd"},{"author":{"_account_id":841,"name":"Akihiro Motoki","email":"amotoki@gmail.com","username":"amotoki"},"change_message_id":"12133283a537a4b71eac5211e181359b4a67b730","unresolved":false,"context_lines":[{"line_number":170,"context_line":"    table\u003d72, priority\u003d40,ct_state\u003d-est,reg5\u003d0xa actions\u003ddrop"},{"line_number":171,"context_line":"    table\u003d72, priority\u003d40,ct_state\u003d+est,ip,reg5\u003d0xa actions\u003dct(commit,zone\u003dNXM_NX_REG6[0..15],exec(load:0x1-\u003eNXM_NX_CT_MARK[]))"},{"line_number":172,"context_line":"    table\u003d72, priority\u003d40,ct_state\u003d+est,ipv6,reg5\u003d0xa actions\u003dct(commit,zone\u003dNXM_NX_REG6[0..15],exec(load:0x1-\u003eNXM_NX_CT_MARK[]))"},{"line_number":173,"context_line":"    table\u003d72,  priority\u003d0 actions\u003ddrop"},{"line_number":174,"context_line":""},{"line_number":175,"context_line":"The reference implementation can be found in [5]_."},{"line_number":176,"context_line":""}],"source_content_type":"text/x-rst","patch_set":65,"id":"3f044301_826c0c09","line":173,"range":{"start_line":173,"start_character":13,"end_line":173,"end_character":15},"updated":"2017-05-05 08:06:22.000000000","message":"nit: two spaces","commit_id":"ebbf3f487cb4e91b7a3094990cf8228f6bc5ffbd"},{"author":{"_account_id":13702,"name":"yushiro","username":"yushiro","inactive":true},"change_message_id":"6c0a185e259d19a80c8c6882925f5afdcc3726f3","unresolved":false,"context_lines":[{"line_number":170,"context_line":"    table\u003d72, priority\u003d40,ct_state\u003d-est,reg5\u003d0xa actions\u003ddrop"},{"line_number":171,"context_line":"    table\u003d72, priority\u003d40,ct_state\u003d+est,ip,reg5\u003d0xa actions\u003dct(commit,zone\u003dNXM_NX_REG6[0..15],exec(load:0x1-\u003eNXM_NX_CT_MARK[]))"},{"line_number":172,"context_line":"    table\u003d72, priority\u003d40,ct_state\u003d+est,ipv6,reg5\u003d0xa actions\u003dct(commit,zone\u003dNXM_NX_REG6[0..15],exec(load:0x1-\u003eNXM_NX_CT_MARK[]))"},{"line_number":173,"context_line":"    table\u003d72,  priority\u003d0 actions\u003ddrop"},{"line_number":174,"context_line":""},{"line_number":175,"context_line":"The reference implementation can be found in [5]_."},{"line_number":176,"context_line":""}],"source_content_type":"text/x-rst","patch_set":65,"id":"1f013ff3_eaa040a8","line":173,"range":{"start_line":173,"start_character":13,"end_line":173,"end_character":15},"in_reply_to":"3f044301_826c0c09","updated":"2017-05-15 11:49:52.000000000","message":"Done","commit_id":"ebbf3f487cb4e91b7a3094990cf8228f6bc5ffbd"},{"author":{"_account_id":841,"name":"Akihiro Motoki","email":"amotoki@gmail.com","username":"amotoki"},"change_message_id":"12133283a537a4b71eac5211e181359b4a67b730","unresolved":false,"context_lines":[{"line_number":237,"context_line":"Future work beyond this spec"},{"line_number":238,"context_line":"----------------------------"},{"line_number":239,"context_line":""},{"line_number":240,"context_line":"This spec needs more works in the future:"},{"line_number":241,"context_line":""},{"line_number":242,"context_line":"* Extending logging for FWaaS v2."},{"line_number":243,"context_line":"* Exposing the logging API for projects (e.g by using RBAC)."}],"source_content_type":"text/x-rst","patch_set":65,"id":"3f044301_fd3491e0","line":240,"range":{"start_line":240,"start_character":0,"end_line":240,"end_character":41},"updated":"2017-05-05 08:06:22.000000000","message":"It is a bit confusing.\n\n The following related topics are not covered by this spec.","commit_id":"ebbf3f487cb4e91b7a3094990cf8228f6bc5ffbd"},{"author":{"_account_id":13702,"name":"yushiro","username":"yushiro","inactive":true},"change_message_id":"6c0a185e259d19a80c8c6882925f5afdcc3726f3","unresolved":false,"context_lines":[{"line_number":237,"context_line":"Future work beyond this spec"},{"line_number":238,"context_line":"----------------------------"},{"line_number":239,"context_line":""},{"line_number":240,"context_line":"This spec needs more works in the future:"},{"line_number":241,"context_line":""},{"line_number":242,"context_line":"* Extending logging for FWaaS v2."},{"line_number":243,"context_line":"* Exposing the logging API for projects (e.g by using RBAC)."}],"source_content_type":"text/x-rst","patch_set":65,"id":"1f013ff3_ea628016","line":240,"range":{"start_line":240,"start_character":0,"end_line":240,"end_character":41},"in_reply_to":"3f044301_fd3491e0","updated":"2017-05-15 11:49:52.000000000","message":"Thanks.  Yes, your understanding is correct.  I\u0027ll remove this sentence.","commit_id":"ebbf3f487cb4e91b7a3094990cf8228f6bc5ffbd"},{"author":{"_account_id":841,"name":"Akihiro Motoki","email":"amotoki@gmail.com","username":"amotoki"},"change_message_id":"12133283a537a4b71eac5211e181359b4a67b730","unresolved":false,"context_lines":[{"line_number":307,"context_line":"log object ID, vm port ID, source mac, destination mac, source IP address,"},{"line_number":308,"context_line":"destination IP address, protocol, source L4 port and destination L4 port."},{"line_number":309,"context_line":"Making the format configurable is out of the scope though. The sample log-data"},{"line_number":310,"context_line":"for initial implementation would look like:"},{"line_number":311,"context_line":""},{"line_number":312,"context_line":"* log-data of an ACCEPT event::"},{"line_number":313,"context_line":""}],"source_content_type":"text/x-rst","patch_set":65,"id":"3f044301_6cd3153a","line":310,"updated":"2017-05-05 08:06:22.000000000","message":"The format might need to be discussed more in the code review.\nAt least the detail format needs to be well defined so that operators can parse it. I see some inconsistencies now:\n\n- some string values are quoted but some are not\n- \u0027log_id\u0027 is used but we use \u0027logging_resource_id\u0027 in other places of the spec\n- The order of \u0027src\u0027 and \u0027dst\u0027 looks random\n- Some operators may want to use more precise timestamp (sub-second, yeah)\n\nI don\u0027t think it blocks the spec but it would be nice if the format is configurable in the implementation.","commit_id":"ebbf3f487cb4e91b7a3094990cf8228f6bc5ffbd"},{"author":{"_account_id":13702,"name":"yushiro","username":"yushiro","inactive":true},"change_message_id":"6c0a185e259d19a80c8c6882925f5afdcc3726f3","unresolved":false,"context_lines":[{"line_number":307,"context_line":"log object ID, vm port ID, source mac, destination mac, source IP address,"},{"line_number":308,"context_line":"destination IP address, protocol, source L4 port and destination L4 port."},{"line_number":309,"context_line":"Making the format configurable is out of the scope though. The sample log-data"},{"line_number":310,"context_line":"for initial implementation would look like:"},{"line_number":311,"context_line":""},{"line_number":312,"context_line":"* log-data of an ACCEPT event::"},{"line_number":313,"context_line":""}],"source_content_type":"text/x-rst","patch_set":65,"id":"1f013ff3_6512235b","line":310,"in_reply_to":"3f044301_6cd3153a","updated":"2017-05-15 11:49:52.000000000","message":"Thanks for your comment.  Yes, I think it should be discussed in code review.  OK, I just write current impl and store your comment as a material of decision for the format.","commit_id":"ebbf3f487cb4e91b7a3094990cf8228f6bc5ffbd"},{"author":{"_account_id":841,"name":"Akihiro Motoki","email":"amotoki@gmail.com","username":"amotoki"},"change_message_id":"12133283a537a4b71eac5211e181359b4a67b730","unresolved":false,"context_lines":[{"line_number":353,"context_line":"|              |       |       |         |           |implemenation                        |"},{"line_number":354,"context_line":"+--------------+-------+-------+---------+-----------+-------------------------------------+"},{"line_number":355,"context_line":"|resource_id   |string |RW(No  |N/A      |uuid       |ID of resource which is enabled to   |"},{"line_number":356,"context_line":"|              |(UUID) |update)|N/A      |           |be logged. When a resource_id (which |"},{"line_number":357,"context_line":"|              |       |       |         |           |could be a security group ID in the  |"},{"line_number":358,"context_line":"|              |       |       |         |           |initial implementation) is specified,|"},{"line_number":359,"context_line":"|              |       |       |         |           |its related events will be collected.|"}],"source_content_type":"text/x-rst","patch_set":65,"id":"3f044301_4ca059f5","line":356,"range":{"start_line":356,"start_character":32,"end_line":356,"end_character":36},"updated":"2017-05-05 08:06:22.000000000","message":"Double N/A","commit_id":"ebbf3f487cb4e91b7a3094990cf8228f6bc5ffbd"},{"author":{"_account_id":13702,"name":"yushiro","username":"yushiro","inactive":true},"change_message_id":"6c0a185e259d19a80c8c6882925f5afdcc3726f3","unresolved":false,"context_lines":[{"line_number":353,"context_line":"|              |       |       |         |           |implemenation                        |"},{"line_number":354,"context_line":"+--------------+-------+-------+---------+-----------+-------------------------------------+"},{"line_number":355,"context_line":"|resource_id   |string |RW(No  |N/A      |uuid       |ID of resource which is enabled to   |"},{"line_number":356,"context_line":"|              |(UUID) |update)|N/A      |           |be logged. When a resource_id (which |"},{"line_number":357,"context_line":"|              |       |       |         |           |could be a security group ID in the  |"},{"line_number":358,"context_line":"|              |       |       |         |           |initial implementation) is specified,|"},{"line_number":359,"context_line":"|              |       |       |         |           |its related events will be collected.|"}],"source_content_type":"text/x-rst","patch_set":65,"id":"1f013ff3_aa459872","line":356,"range":{"start_line":356,"start_character":32,"end_line":356,"end_character":36},"in_reply_to":"3f044301_4ca059f5","updated":"2017-05-15 11:49:52.000000000","message":"Fixed 1 N/A!!","commit_id":"ebbf3f487cb4e91b7a3094990cf8228f6bc5ffbd"},{"author":{"_account_id":841,"name":"Akihiro Motoki","email":"amotoki@gmail.com","username":"amotoki"},"change_message_id":"12133283a537a4b71eac5211e181359b4a67b730","unresolved":false,"context_lines":[{"line_number":457,"context_line":"Operators CLI Impact"},{"line_number":458,"context_line":"--------------------"},{"line_number":459,"context_line":""},{"line_number":460,"context_line":"Additional methods will be added to python-openstackclient to create, update,"},{"line_number":461,"context_line":"delete, list and get logging resource."},{"line_number":462,"context_line":""},{"line_number":463,"context_line":"For logging resource::"}],"source_content_type":"text/x-rst","patch_set":65,"id":"3f044301_4cee1923","line":460,"range":{"start_line":460,"start_character":36,"end_line":460,"end_character":58},"updated":"2017-05-05 08:06:22.000000000","message":"I think neutron OSC plugin would be better.","commit_id":"ebbf3f487cb4e91b7a3094990cf8228f6bc5ffbd"},{"author":{"_account_id":13702,"name":"yushiro","username":"yushiro","inactive":true},"change_message_id":"6c0a185e259d19a80c8c6882925f5afdcc3726f3","unresolved":false,"context_lines":[{"line_number":457,"context_line":"Operators CLI Impact"},{"line_number":458,"context_line":"--------------------"},{"line_number":459,"context_line":""},{"line_number":460,"context_line":"Additional methods will be added to python-openstackclient to create, update,"},{"line_number":461,"context_line":"delete, list and get logging resource."},{"line_number":462,"context_line":""},{"line_number":463,"context_line":"For logging resource::"}],"source_content_type":"text/x-rst","patch_set":65,"id":"1f013ff3_8a4adc7d","line":460,"range":{"start_line":460,"start_character":36,"end_line":460,"end_character":58},"in_reply_to":"3f044301_4cee1923","updated":"2017-05-15 11:49:52.000000000","message":"Done","commit_id":"ebbf3f487cb4e91b7a3094990cf8228f6bc5ffbd"}]}