Politiques créées lors de l'intégration de Log Analytics
En tant que nouvel utilisateur, si vous voulez commencer à utiliser Oracle Log Analytics, puis à partir du menu de la console OCI, naviguez jusqu'à Observabilité et gestion, cliquez sur Log Analytics, puis sur Commencer à utiliser Log Analytics dans la page d'intégration. L'assistant crée automatiquement des politiques pour activer Oracle Log Analytics et configurer la collecte des journaux du service de vérification pour OCI.
Les politiques suivantes sont créées :
- logging_analytics_automatic_service_policies
Cette politique permet d'activer Oracle Log Analytics et inclut les énoncés suivants :
define tenancy sampledata as <sampledata_tenancy_OCID> endorse group Administrators to read loganalytics-features-family in tenancy sampledata endorse group Administrators to read loganalytics-resources-family in tenancy sampledata endorse group Administrators to read compartments in tenancy sampledata allow service loganalytics to READ loganalytics-features-family in tenancy allow service loganalytics to READ compartments in tenancy - logging_analytics_automatic_ingestion_policies
La politique sert à configurer la collecte des journaux de vérification OCI et comprend les énoncés suivants :
allow resource loganalyticsvrp LogAnalyticsVirtualResource to {EVENTRULE_READ} in tenancy allow resource loganalyticsvrp LogAnalyticsVirtualResource to {LOAD_BALANCER_READ} in tenancy allow resource loganalyticsvrp LogAnalyticsVirtualResource to {BUCKET_READ} in tenancy allow resource loganalyticsvrp LogAnalyticsVirtualResource to read functions-family in tenancy allow resource loganalyticsvrp LogAnalyticsVirtualResource to read api-gateway-family in tenancy allow resource loganalyticsvrp LogAnalyticsVirtualResource to {VCN_READ, SUBNET_READ, VNIC_READ} in tenancy allow resource loganalyticsvrp LogAnalyticsVirtualResource to {APPROVED_SENDER_READ} in tenancy allow resource loganalyticsvrp LogAnalyticsVirtualResource to {IPSEC_CONNECTION_READ} in tenancy allow resource loganalyticsvrp LogAnalyticsVirtualResource to {WEB_APP_FIREWALL_READ} in tenancy allow resource loganalyticsvrp LogAnalyticsVirtualResource to read operator-control-family in tenancy allow resource loganalyticsvrp LogAnalyticsVirtualResource to {NETWORK_FIREWALL_READ} in tenancy allow resource loganalyticsvrp LogAnalyticsVirtualResource to {DEVOPS_DEPLOYMENT_READ} in tenancy allow resource loganalyticsvrp LogAnalyticsVirtualResource to {DEVOPS_DEPLOY_PIPELINE_READ} in tenancy allow resource loganalyticsvrp LogAnalyticsVirtualResource to {DEVOPS_DEPLOY_STAGE_READ} in tenancy allow resource loganalyticsvrp LogAnalyticsVirtualResource to {APM_DOMAIN_READ} in tenancy allow resource loganalyticsvrp LogAnalyticsVirtualResource to {SERVICE_CONNECTOR_READ} in tenancy allow resource loganalyticsvrp LogAnalyticsVirtualResource to {DATAFLOW_APPLICATION_READ} in tenancy allow resource loganalyticsvrp LogAnalyticsVirtualResource to {MEDIA_WORKFLOW_READ} in tenancy allow resource loganalyticsvrp LogAnalyticsVirtualResource to {MEDIA_WORKFLOW_JOB_READ} in tenancy allow resource loganalyticsvrp LogAnalyticsVirtualResource to {CLUSTER_READ} in tenancy allow resource loganalyticsvrp LogAnalyticsVirtualResource to {GOLDENGATE_DEPLOYMENT_READ} in tenancy allow resource loganalyticsvrp LogAnalyticsVirtualResource to {CG_DATA_SOURCE_READ} in tenancy allow resource loganalyticsvrp LogAnalyticsVirtualResource to {POSTGRES_DB_SYSTEM_READ} in tenancy allow any-user to {LOG_ANALYTICS_LOG_GROUP_UPLOAD_LOGS} in compartment id <compartment_OCID> where all {request.principal.type='serviceconnector', target.loganalytics-log-group.id='<target_log_group_OCID>',request.principal.compartment.id='<compartment_OCID>'}