Create at least one log group to store logs that you collect. Log Groups are located in a compartment to provide user access control to logs stored in that log group.

You can give different users access to different compartments, but inside the compartments, the user will have the same access to all the Log Groups in that compartment. You can move the Log Group to a different compartment if your segregation of duties security policies change.

For example, myCompany has two compartments, Operations which stores basic operational logs and Secured Content which contains logs that need to have restricted access because they have sensitive information in them. Each compartment can have many log groups. For example, Operations compartment has Server Logs and Access Logs. Secured Content compartment has Audit and Transaction. Using OCI IAM Policies, you can give Operators user group access to Operations compartment and Auditors user group access to Secured Content compartment. Each user group can only view logs for the compartments that they have access to.

1. Open the navigation menu and click Observability & Management. Under Logging Analytics, click Administration. The Administration Overview page opens.

2. Click Log Groups from the list of available resources.

3. Ensure your compartment selector on the left indicates you are in the desired compartment for this new log group.

4. Click Create, enter Name of the log group, enter Description of the log group, and click Save.

   Ensure that the log group has a distinct name across compartments.

Review the permissions you set earlier to make sure that the user who should enable log collection has at a minimum USE permission on the log-analytics-log-group resources in this compartment or tenancy. The user that will query logs needs READ on the log-analytics-log-group for the compartment or tenancy. The individual resource-type log-analytics-log-group is part of the aggregate resource-type loganalytics-resources-family. If you create the blanket policy for the aggregate resource-type, then it also covers log-analytics-log-group. For Logging Analytics policies documentation, see IAM Policies Catalog for Logging Analytics. However, if you want to provide a more granular access control to the individual resource type, then see Allow Users to Perform All Operations on Log Groups.

Create an entity to reference a real asset on your on-premises host or virtual host and to enable log collection from it. If you are using management agent to collect logs, then after you install the management agent, you must come back here to specify the agent for the entity.

Like other Oracle Cloud Infrastructure resources, Entities belong to compartments. The entities access control is governed by Oracle Cloud Infrastructure policies. The access control that is given for users to entities is used for allowing those users to enable log collection and to send logs to Logging Analytics for those entities. After log data is collected, the access to view log content is determined by the log group that those logs are in. The entity access is not used to control who can view the collected log data.

1. Open the navigation menu and click Observability & Management. Under Logging Analytics, click Administration. The Administration Overview page opens.

2. Click Entities from the list of available resources.

3. Ensure your compartment selector on the left indicates you are in the desired compartment for this new entity.

4. Click Create. Select an Entity Type, provide a Name and if you have any properties that can be used to indicate the file paths, add those properties to the entity. Some entity types already have parameters that need to be filled out for the entity to make use of an Oracle-Defined log source. Click Save.

   Optionally, if you are using the management agent to collect logs, then ensure to select the management agent. If you have not yet installed the management agent, then you must install it first before creating the entity.

   Alternatively, you can create the entity first, edit it later and specify the management agent after the agent is installed.

   If you intend to use Oracle-defined log sources to collect logs from management agents, it is recommended that you provide any parameter values that may already be defined for the chosen entity type. If the parameter values are not provided, then when you try to associate the source to this entity, it will fail because of the missing parameter values.

Review the permissions you set previously for the user to enable log collection, has at a minimum USE permission on the log-analytics-entity resources in this compartment or tenancy.

For policies to perform specific tasks and a complete reference of the policy requirements in Logging Analytics, see IAM Policies Catalog for Logging Analytics.