Learn how to transform your OVHcloud customer account events as actionable data through Logs Data Platform, a fully managed solution that helps you store, archive, query, and visualize your logs.
Please refer to this documentation to learn more about Logs Data Platform before continuing with this guide.
Requirements
- an OVHcloud customer account
- a Logs Data Platform account within this OVHcloud account with at least one active stream configured (this guide will walk you through all the necessary steps)
Glossary
Logs Data Platform (LDP): Fully managed and secured log management platform proposed by OVHcloud. Find more information on the Logs Data Platform service page.
Data stream: A logical partition of logs that you create in an LDP account that you will use when ingesting, visualizing, or querying your logs. Multiple sources can be stored in the same data stream, and it is the unit for defining a logs pipeline (retention policy, archiving, live streaming, etc.), access rights, and alert policies.
Logs forwarding: Feature integrated into an OVHcloud product to ingest logs from its services to a data stream of an LDP account in the same OVHcloud account. The feature has to be enabled by the customer per service.
Logs forwarding subscription: When enabling the logs forwarding for a given OVHcloud service to a given LDP data stream, a subscription is created and attached to the data stream for further management by the customer.
Instructions
OVHcloud Account logs types
OVHcloud account offers three levels of logs:
- Audit Logs: Provide a security-relevant, chronological set of records documenting the sequence of actions in your OVHcloud account (i.e. logins, password change, etc.).
- Activity Logs: Provide all records of actions in your OVHcloud account from API calls and actions done in the Control Panel.
- Access policy logs: Provide all records of access evaluation in your OVHcloud account, including actions from third-party integration (i.e. actions authorized or unauthorized through IAM policies).
Enable logs forwarding
You can enable the forwarding of the OVHcloud account logs via API. You will have to target a stream of one of your LDP accounts. The logs will be forwarded to that stream. Enabling the forwarding will create a subscription for this stream ID.
Note that enabling the forwarding is free of charge, but you will be charged for the usage of your Logs Data Platform service as per the standard price plan. For LDP pricing refer to the Logs Data Platform product page.
To enable forwarding, you can use the following API call to forward API and Control Panel account activity logs:
For example:
The API requires a streamId
, which is the target data stream of your LDP account where your OVHcloud account logs will be forwarded to. You will get in response an operationId
, so you can use it to retrieve the subscriptionId
for further management purposes using the Logs Data Platform read operation endpoint.
You can find your streamId
in the Logs Data Platform
section of the OVHcloud Control Panel. Go to the Data streams
tab of your Logs Data Platform account. In the table, click the more options ...
button to the right of the target data stream, then click Copy stream ID
.
Alternatively, you can retrieve your streams using the Logs Data Platform API:
GET /dbaas/logs/{serviceName}/output/graylog/stream
GET /dbaas/logs/{serviceName}/output/graylog/stream/{streamId}
Access to OVHcloud account logs
Now that your OVHcloud account logs are ingested and stored in your Logs Data Platform data stream, you can query your logs and build dashboards to have a graphical representation using the web-based UI of Graylog.
- Retrieve the admin user (the Logs Data Platform service name) and the password in your Logs Data Platform account
Home
tab.
-
Open the Graylog
web-ui
. You can retrieve the link from your account home page, or use your access point depending on your account region (for example, the Beauharnois region is https://bhs2.logs.ovh.com/). -
Log in to Graylog using your Logs Data Platform service name and password.
- Search through your logs across the data stream of your Logs Data Platform account. You can refer to the Graylog writing search queries documentation for details on the search syntax.
For more details about how to use your logs with Logs Data Platform, refer to the documentation Logs Data Platform - Visualizing, querying, and exploiting your logs. This includes:
- How to set up alerts.
- How to view the logs in real time through a WebSocket.
- How to build visualization with OpenSearch Dashboards.
- How to integrate with OpenSearch API.
- How to to connect with Grafana.
Activity logs
For every action performed by users through the API or the Control Panel, an entry is generated with the following data:
Field | Value | Description |
---|---|---|
account | String | OVHcloud account concerned by the action |
client_ip | String | IP of the user who performed the action |
client_ip_geolocation | String | Geolocalisation of the user who performed the action |
client_ip_city_name | String | City name of the user who performed the action (if available) |
client_ip_country_code | String | Country code of the user who performed the action |
identities_array | Array of String | List of identities of the user who performed the action (user URN and user’s groups URN) |
method | GET, POST, PUT or DELETE | Method of the API |
path | String | API call concerned by the action |
request_id | String | Unique ID of the request |
service_name | String | OVHcloud services concerned by the action |
source | manager or api | If the action was performed through the Control Panel (manager) or the API (api) |
status_int | Number | HTTP code of request result |
url | String | URL called on the action |
user_agent | String | User agent of the user who performed the action |
username | String | Username of the user who performed the action |
Manage subscriptions
At any point, you can retrieve subscriptions attached to your Logs Data Platform data stream and choose to disable the forwarding by cancelling your subscription on your stream. So that your Logs Data Platform stream doesn't receive your audit logs anymore.
Note that this doesn't delete the logs that have been stored prior to the subscription cancellation, as data stored in a logs stream is immutable unless you delete the entire stream.
Currently, you can only manage your subscriptions via Logs Data Platform’s API.
The three following Logs Data Platform API routes respectively allow you to:
- Retrieve a list of
subscriptionId
s associated with a specific logs stream based on itsstreamId
.
GET /dbaas/logs/{serviceName}/output/graylog/stream/{streamId}/subscription
- Retrieve the information (such as the resource type, in this case account-api, account-iam and account-audit, and resource name – the name of the OVHcloud account) of the service associated with the subscription based on its
subscriptionId
.
GET /dbaas/logs/{serviceName}/output/graylog/stream/{streamId}/subscription/{subscriptionId}
- Delete a subscription based on its
subscriptionId
.
DELETE /dbaas/logs/{serviceName}/output/graylog/stream/{streamId}/subscription/{subscriptionId}
Go further
For more information and tutorials, please see our other Logs Data Platform support guides or explore the guides for other OVHcloud products and services.