Audit Reduction and Report Generation
Audit and Accountability Policy for 18F
The ELK Stack logging and monitoring system provides additional audit reduction and report generation capabilities for 18F DevOps and end users of the cloud.gov platform. With the elasticsearch capability 18F DevOps and SecOps teams can structure and customize audit logs queries to specific app instances, API calls, system metrics, user access, system components, network traffic flow and other functions. Kibana is used to generate customized dashboards and Logstash to generate reports for analysis and review.
Loggregator, the Cloud Foundry component responsible for logging, provides a stream of log output from your application and from Cloud Foundry system components that interact with your app during updates and execution. By default, Loggregator streams logs to your terminal. If you want to persist more than the limited amount of logging information that Loggregator can buffer, you can drain logs to a third-party log management service. See Third-Party Log Management Services. Cloud Foundry gathers and stores logs in a best-effort manner. If a client is unable to consume log lines quickly enough, the Loggregator buffer may need to overwrite some lines before the client has consumed them. a syslog drain or a CLI tail can usually keep up with the flow of application logs.