This post covers the scenario of aggregating the logs of OIC instances from different regions within the one tenancy. In my case, OIC1 is in UK South(London) and OIC2 is in US West(Phoenix). So how best to approach this?
We've seen in a previous post how easy it is to push the OIC Activity Stream logs to OCI Logging Service. That is the starting point for us.
So back to our use-case - this is the high level flow -
OIC1 London Activity Stream Logs to OCI Logging -
Logs to Object Storage -
Replication to Phoenix Object Storage -
Create Log Collection Rule - following documentation here
Step 1 is to assign the permissions required to collect logs from Object Storage -
allow service loganalytics to read buckets in compartment yourcompartment
allow service loganalytics to read objects in compartment yourcompartment
Allow group yourGroup to manage all-resources IN compartment OICPMCompartment where any {request.permission='LOG_ANALYTICS_OBJECT_COLLECTION_RULE_CREATE',request.permission='LOG_ANALYTICS_LOG_GROUP_UPLOAD_LOGS',request.permission='LOG_ANALYTICS_ENTITY_UPLOAD_LOGS',request.permission='LOG_ANALYTICS_SOURCE_READ',request.permission='BUCKET_UPDATE',request.permission='LOG_ANALYTICS_OBJECT_COLLECTION_RULE_DELETE'}
Step 2 - create the Rule via OCI CLI -
oci log-analytics object-collection-rule create --from-json <json_file_name> --namespace-name <namespace_name>
My json file is called create.json -
No comments:
Post a Comment