Oracle Cloud Infrastructure Logging Interface Views
The Oracle Cloud Infrastructure (OCI) logging interface views enable authorized users to access log data through a set of views.
Oracle Cloud Infrastructure (OCI) logging is the central logging solution for OCI services, including VCN flow logs, load balancer logs, object storage logs, and others within the added capability to include custom logs. The logs are not stored in Autonomous Database. Instead, the logs are dynamically retrieved based on various predicates provided by the user, including date range, log group, log name, and others.
- Oracle Cloud Infrastructure Logging Interface Overview
Providing access to the log data inside an Autonomous Database in relational format provides a useful access method, along with the ability to get the logging data in relational or JSON format and enrich the analytics by joining with other data they may have in the Autonomous Database. - OCI_LOG_LIST View
Displays a list of all logs in the tenant. The view does not show log data, but provides the metadata about the logs in a tenancy. This metadata is used to properly specify parameter values for other logging view. If there is no logs under a log group, that log group will not be included in this view. - OCI_LOG_DATA View
The common view that provides access to all log types supported by the OCI Logging Service. The log content is in theDATA
column. - OCI_VCN_FLOWLOGS View
View that provides details about traffic that passes through the user's VCN. This log enables users to audit traffic and troubleshoot security lists. Each flow log record reflects logged traffic in one direction of a connection between two endpoints. For example, a single TCP connection, you may have two records in the capture window: one for ingress traffic, and one for egress traffic. - OCI_LBLOG_ACCESS View
View that provides load balancer access logs capturing detailed information about requests sent to a load balancer. Each entry contains the time the request was received, client, intermediate HTTP proxy IP addresses, and times used by at the load balancer and backend to process the request. - OCI_LBLOG_ERRORS View
View that provides load balancer error logs capturing detailed information about requests related to troubleshooting and monitoring. Each entry contains information such as the time the request was received, error type, and additional details of the specific error.
Parent topic: Autonomous Database Views
Oracle Cloud Infrastructure Logging Interface Overview
Providing access to the log data inside an Autonomous Database in relational format provides a useful access method, along with the ability to get the logging data in relational or JSON format and enrich the analytics by joining with other data they may have in the Autonomous Database.
Oracle logging service provides access to logs from Oracle Cloud Infrastructure (OCI) resources. These logs include critical diagnostic information that describes how resources are performing and being accessed. There are varying log types for each Oracle service. To learn more about the logging service and supported OCI services, see Oracle Cloud Infrastructure Logging Overview.
Through the Oracle Cloud
Infrastructure Logging Interface, log data can now be accessed through an Autonomous Database in relational format. Users can query different log data in OCI across all compartments and regions. The implemented OCI views use the OCI$RESOURCE_PRINCIPAL
credential.
- An Administrator enables use of the
OCI$RESOURCE_PRINCIPAL
credential in the database. - Users create a new dynamic group for the
OCI$RESOURCE_PRINCIPAL
credential.
To learn more about enabling the credential, setting up a dynamic group, and creating policy statements, see Use Resource Principal to Access Oracle Cloud Infrastructure Resources.
EXEC DBMS_CLOUD_ADMIN.ENABLE_RESOURCE_PRINCIPAL();
resource.id = '<resource.id>'
There
are two policy statements required to access logging
views.-- For OCI Logging Views
Allow dynamic-group <group-name> to use logging-family in tenancy
Allow dynamic-group <group-name> to use compartments in tenancy
All the views have mandatory and optional predicate values (column names).
OCI_LOG_LIST
view does not have
mandatory columns. If the REGION
value is
not provided, the view returns data for the home
region.
REGION
(Mandatory)COMPARTMENT_ID
(Mandatory)LOG_GROUP_ID
(Mandatory)LOG_ID
(Optional) - If the value is provided, query results will use theLOG_ID
value. If no value provided, the value will be returned from the server.START_TIME
(Optional) - If no value provided, return values are for past 5 minutes in GMT.END_TIME
(Optional) - If no value provided, return values are for past 5 minutes in GMT.SEARCH_CRITERIA
(Optional) - If no value provided, null will be returned.
Since there can be different log types within a single log group, it's recommended to specify LOG_ID
in a predicate when using OCI_VCN_FLOWLOGS
, OCI_LBLOG_ACCESS
, and OCI_LBLOG_ERRORS
views.
- The common view
OCI_LOG_DATA
supports all log types, soCOMPARTMENT_ID
,LOG_GROUP_ID
, andREGION
are sufficient. Likewise, if a user uses theLOG_ID
of a load balancer with theOCI_VCN_FLOWLOGS
view, it will either not return correct data or any data at all. - For the
OCI_LOG_LIST
view, theselect * from OCI_LOG_LIST
will shows data only for the home region. If you need data for another region, you will have to use aREGION
equality predicate in the WHERE clause. - If the
OCI_LOG_DATA
,OCI_VCN_FLOWLOGS
,OCI_LBLOG_ACCESS
, andOCI_LBLOG_ERRORS
, theselect * from <view>
gives anORA-20000: compartment_id,log_group_id and region are mandatory predicates, please provide valid values for them as equality predicate in the WHERE clause.
provide the required predicate values. - The framework supports querying up to past 7 days (from current time ) log data to query from the supported views. Any values for the predicates
START_TIME
andEND_TIME
predicates outside this range will result inORA-20000: start_time and end_time should be from current_timestamp to current_timestamp-7.
- If you do not provide the listed mandatory predicates, you will see an
ORA-20000: compartment_id,log_group_id and region are mandatory predicates, please provide valid values for them as equality predicate in the WHERE clause
. Other columns can be used as predicates of any type (=
,IN
). The mandatory predicates can be only used once in a query, and they cannot be used multiple times withAND
orNOT
. - Values for
START_TIME
andEND_TIME
have to be given inDD-MM-YY HH24:MI:SS
format. If not provided in this format, the query will not return any data.
Parent topic: Oracle Cloud Infrastructure Logging Interface Views
OCI_LOG_LIST View
Displays a list of all logs in the tenant. The view does not show log data, but provides the metadata about the logs in a tenancy. This metadata is used to properly specify parameter values for other logging view. If there is no logs under a log group, that log group will not be included in this view.
Column | Datatype | Description |
---|---|---|
|
|
OCI region name |
|
|
Compartment OCID |
|
|
|
|
|
Log group name. |
|
|
|
|
|
Log name |
|
|
Log service |
Parent topic: Oracle Cloud Infrastructure Logging Interface Views
OCI_LOG_DATA View
The common view that provides access to all log types supported by the OCI Logging Service. The log content is in the DATA
column.
Column | Datatype | Description |
---|---|---|
|
|
Same as the oracle.ingestedtime field |
|
|
A random UUID for each log entry |
|
|
Resource name that generated the log message |
|
|
Version of the |
|
|
Log message generation time |
|
|
Log message type |
|
|
Compartment OCID |
|
|
Log message ingest time |
|
|
Log group OCID |
|
|
Log OCID |
|
|
Tenant OCID of log object owner |
|
|
Log message |
|
|
Oracle-specific metadata |
Parent topic: Oracle Cloud Infrastructure Logging Interface Views
OCI_VCN_FLOWLOGS View
View that provides details about traffic that passes through the user's VCN. This log enables users to audit traffic and troubleshoot security lists. Each flow log record reflects logged traffic in one direction of a connection between two endpoints. For example, a single TCP connection, you may have two records in the capture window: one for ingress traffic, and one for egress traffic.
Column | Datatype | Description |
---|---|---|
|
|
OCI region name |
|
|
Same as the oracle.ingestedtime field |
|
|
A random UUID unique to each log entry |
|
|
Possible values of ACCEPT or REJECT |
|
|
Hash of key fields (source and destination addresses, ports, and protocol) |
|
|
Possible values of OK, NODATA, or SKIPDATA |
|
|
Capture window end time |
|
|
Number of packets recorded in capture window |
|
|
Flow log record schema number |
|
|
Number of bytes recorded in capture window |
|
|
|
|
|
Capture window start time |
|
|
Source IANA port number |
|
|
IANA protocol name |
|
|
IP address of the source in IPv4 or IPv6 notation |
|
|
Destination IANA port number |
|
|
IP address of the destination in IPv4 or IPv6 notation |
|
|
Same as |
|
|
Log category |
|
|
Log OCID |
|
|
Tenant OCID |
|
|
VNIC OCID |
|
|
Log group OCID |
|
|
Time log ingested by OCI Logging |
|
|
Log group compartment OCID |
|
|
VNIC subnet OCID |
|
|
VNIC compartment OCID |
|
|
Resource name that generated log message |
|
|
Version of the |
Parent topic: Oracle Cloud Infrastructure Logging Interface Views
OCI_LBLOG_ACCESS View
View that provides load balancer access logs capturing detailed information about requests sent to a load balancer. Each entry contains the time the request was received, client, intermediate HTTP proxy IP addresses, and times used by at the load balancer and backend to process the request.
Column | Datatype | Description |
---|---|---|
|
|
OCI region name |
|
|
Same as the oracle.ingestedtime field |
|
|
A random UUID unique to each log entry |
|
|
IP address and port number of the backend server which processed the client request |
|
|
Time spent (in seconds, with millisecond precision) to establish backend server connection |
|
|
Total time taken (in seconds, with millisecond precision) from the load balancer establishing a connection to a backend until it completes |
|
|
Status code of the response from the target |
|
|
IP address and port number of the requesting client |
|
|
IP address of the client and http proxies between client and load balancer |
|
|
Domain name which resolves to IP address assigned to the load balancer |
|
|
Load balancer status code |
|
|
Listener which received the incoming traffic request on the load balancer's IP address |
|
|
Total size of the request (in bytes) received from the client |
|
|
Request line received from the client |
|
|
Total time taken (in seconds, with millisecond precision) from the load balancer receiving the request from the client until load balancer completes sending response to the client. |
|
|
Routing rule engine error during policy evaluation of the request with a 0 (no error) or 1 (error). If an error occurred, requests are forwarded to the default backend attached to the listener. |
|
|
Routing policy rule name, which was matched for this specific request |
|
|
Number of routing rules evaluated to true for the request |
|
|
Number of routing rules evaluated to false for the request |
|
|
Total size of the request (in bytes) sent to the client |
|
|
Negotiated SSL cipher between the client and the load balancer |
|
|
Negotiated SSL protocol between the client and the load balancer |
|
|
Log entry generation time |
|
|
User agent used to send the request to the load balancer |
|
|
Log entry generation time |
|
|
Log category |
|
|
Log OCID |
|
|
Tenant OCID |
|
|
Log group OCID |
|
|
Resource OCID |
|
|
Time log ingested by OCI Logging |
|
|
Log group compartment OCID |
|
|
Resource name that generated log message |
|
|
Subject of the log |
|
|
Version of the |
Parent topic: Oracle Cloud Infrastructure Logging Interface Views
OCI_LBLOG_ERRORS View
View that provides load balancer error logs capturing detailed information about requests related to troubleshooting and monitoring. Each entry contains information such as the time the request was received, error type, and additional details of the specific error.
Column | Datatype | Description |
---|---|---|
|
|
OCI region name |
|
|
Same as the oracle.ingestedtime field |
|
|
A random UUID unique to each log entry |
|
|
Log type |
|
|
Detailed description of the error message |
|
|
Log entry generation time |
|
|
Log entry generation time |
|
|
Log category |
|
|
Log OCID |
|
|
Tenant OCID |
|
|
Log group OCID |
|
|
Resource OCID |
|
|
Time log ingested by OCI Logging |
|
|
Log group compartment OCID |
|
|
Resource name that generated log message |
|
|
Subject of the log |
|
|
Version of the |
Parent topic: Oracle Cloud Infrastructure Logging Interface Views