CloudSigma

Owned by Omry Koschitzky
Last updated: Jun 26, 2022 by Noga Aviram (Unlicensed)
1 min read

Background

The CloudSigma Server log analysis App automatically Collect - Read - Parse - Analyzes - Reports all CloudSigma generated audit logs data of the server and presents a comprehensive set of graphs and reports to analyze the generated data. Use a predefined set of dashboards and widgets to visualize and address the system software, code written, and infrastructure during development, testing, and production. This CloudSigma Server log analysis App helps measure, troubleshoot, and optimize your data bases integrity, stability and quality with the several visualization and investigation dashboards.

Steps:

  1. CloudSigma Server App is running on the CloudSigma default auditLOG.
    When adding/editing the logs to XpoLog it is mandatory to apply the correct log type(s) to each of the logs:
    1. cloudigma - all logs that the application will analyze must have cloudsigma as a log type.
    2. audit  - only the audit log must also be configured to have audit as a log type.
  2. There is a need to extract the audit log via API command.
    The API's syntax is as follows https://Cloud_Sigma_URL/api/2,0/logs/?format=xml&limit=Amount_Of_Records.
  3. Once the required information is set, click next and edit the log pattern, this step is crucial to the accuracy and deployment of the CloudSigma Server App. Use the following pattern for the log:
    CloudSigma audit log: 
    <object>{regexp:date,refName=Message;columnType=date;dateFormat=yyyy-MM-dd HH:mm:ss.SSSSSS,<timestamp>(\d\d\d\d-\d\d-\d\d \d\d:\d\d:\d\d\.\d\d\d\d\d\d)}{regexp:category,ftype=eventName;refName=Message,<category>([^<]*)}{regexp:action,ftype=action;refName=Message,<action>([^<]*)}{regexp:error_type,refName=Message,<error_type\s\w+="([^"]*)}{regexp:uuidboth,refName=Message,<uuid>([^<]*)}{regexp:objectid,ftype=auditid;refName=uuidboth,([^\s]*)\n}{regexp:userid,ftype=user;refName=uuidboth,(\n[^*\n]*)}{regexp:success,ftype=status;refName=Message,<success type="boolean">([^<]*)}{regexp:error message,ftype=message;refName=Message,<error_message>([^<]*)}{regexp:actor_type,refName=Message,<actor type="([^"]*)}{regexp:resource_uri,refName=Message,<resource_uri>([^<]*)}{regexp:details,refName=Message,<details>([^<]*)}{regexp:object_name,refName=details,"name": "([^"]*)}{string:Message}</object>