Scenario: Analyzing Logs
Send log data to Logging Analytics.
This scenario involves creating a log group and a connector. The connector (Connector Hub) processes and moves log data from Logging to the log group in Logging Analytics.
Required IAM Policy
If you're a member of the Administrators group, you already have the required access to execute this scenario. Otherwise, you need access to Logging Analytics to create the log group and access to Connector Hub to create the connector.
The workflow for creating the connector includes a default policy when needed to provide permission for writing to the target service. If you're new to policies, see Getting Started with Policies and Common Policies.
Setting Up This Scenario
Setup is easy in the Console. Alternatively, you can use the Oracle Cloud Infrastructure CLI or API, which lets you execute the individual operations yourself.
Using the Console
This section walks through creating a log group and a connector using the Console.
For help with troubleshooting, see Troubleshooting Connectors.
Task 1: Create the log group
Use Logging Analytics to create the log group. For instructions, see Create Log Groups.
This example walks through using the Console to create a connector that sends log data from Logging to the log group you created using Logging Analytics. In this example, the connector filters VCN flow log.
- Open the navigation menu and click Analytics & AI. Under Messaging, click Connector Hub.
- Choose the Compartment where you want to create the service connector.
- Select Create connector.
-
On the Create connector page, filter VCN flow log to your log group:
- Type a Connector name such as "VCN Flow Log Error Analysis."
- Select the Resource compartment where you want to store the new connector.
- Under Configure connector, select your source and target services to move log data to the log group:
- Source: Logging
- Target: Logging Analytics
- Under Configure source connection, select your VCN flow log:
- Compartment: The compartment containing the VCN flow log data.
- Log group: The log group containing the VCN flow log data.
- Logs: The log object name for your VCN flow logs.
-
Under Configure task, filter the log data to rejected traffic:
- Property: data.action
- Operator: =
- Value: REJECT
If you are interested in rejected traffic for a particular port or address, add another filter. For example, select the property data.destinationPort or data.destinationAddress.
- Under Configure target connection, enter the log
group that you want to send the filtered log data to:
- Select the Compartment containing the log group.
- Select the Log group (the log group you created ).
- If prompted to create a policy (required for access to create or update a service connector), select Create.
- Select Create.
Using the CLI
This section walks through creating the log group and connector using the CLI.
For information about using the API and signing requests, see REST API documentation and Security Credentials. For information about SDKs, see SDKs and the CLI.
-
Create a log group: Open a command prompt and run the
oci log-analytics log-group create
command:oci log-analytics log-group create --display-name "<display_name>" --compartment-id <compartment_OCID> --namespace-name "<namespace_name>"
-
Create a connector: Open a command prompt and run the
oci sch service-connector create
command:oci sch service-connector create --display-name "<display_name>" --compartment-id <compartment_OCID> --source [<source_in_JSON>] --tasks [<tasks_in_JSON>] --target [<targets_in_JSON>]
For help with troubleshooting, see Troubleshooting Connectors and Troubleshooting Notifications.
Using the API
This section walks through creating the log group and connector using the API.
For information about using the API and signing requests, see REST API documentation and Security Credentials. For information about SDKs, see SDKs and the CLI.
Use the following operations:
-
CreateLogAnalyticsLogGroup: Create a log group.
Example CreateLogAnalyticsLogGroup requestpost /20200601/namespaces/<namespaceName>/logAnalyticsLogGroups Host: loganalytics.us-phoenix-1.oci.oraclecloud.com <authorization and other headers> { "compartmentId": "<compartment_OCID>", "displayName": "My Log Group" }
-
CreateServiceConnector: Create a connector.
Example CreateServiceConnector requestPOST /20200909/serviceConnectors Host: service-connector-hub.us-phoenix-1.oraclecloud.com <authorization and other headers> { "compartmentId": "<compartment_OCID>", "description": "My connector description", "displayName": "My Connector", "source": { "kind": "logging", "logSources": [ { "compartmentId": "<compartment_OCID>", "logGroupId": "<log_group_OCID>", "logId": "<log_OCID>" } ] }, "target": { "compartmentId": "<compartment_OCID>", "kind": "loggingAnalytics", "logGroupId": "<logging_analytics_log_group_OCID>" }, "tasks": [ { "condition": "data.action='REJECT'", "kind": "logRule" } ] } }
For help with troubleshooting, see Troubleshooting Connectors and Troubleshooting Notifications.