ログ・アナリティクスのオンボーディング中に作成されたポリシー
新しいユーザーとして、Oracle Logging Analyticsの使用を開始する場合は、OCIコンソール・メニューから「監視および管理」に移動し、「ログ・アナリティクス」をクリックして、オンボーディング・ページで「ログ・アナリティクスの使用の開始」をクリックします。このウィザードでは、Oracle Logging Analyticsを有効にし、OCI Audit Logs収集を構成するためのポリシーが自動的に作成されます。
次のポリシーが作成されます。
- logging_analytics_automatic_service_policies
このポリシーは、Oracle Logging Analyticsを有効にするためのもので、次の文が含まれます:
define tenancy sampledata as <sampledata_tenancy_OCID> endorse group Administrators to read loganalytics-features-family in tenancy sampledata endorse group Administrators to read loganalytics-resources-family in tenancy sampledata endorse group Administrators to read compartments in tenancy sampledata allow service loganalytics to READ loganalytics-features-family in tenancy allow service loganalytics to READ compartments in tenancy - logging_analytics_automatic_ingestion_policies
ポリシーは、OCI監査ログ収集を構成するためのもので、次の文が含まれています。
allow service loganalytics to {EVENTRULE_READ} in tenancy allow service loganalytics to {LOAD_BALANCER_READ} in tenancy allow service loganalytics to {BUCKET_READ} in tenancy allow service loganalytics to read functions-family in tenancy allow service loganalytics to read api-gateway-family in tenancy allow service loganalytics to {VNIC_READ} in tenancy allow service loganalytics to {APPROVED_SENDER_READ} in tenancy allow service loganalytics to {IPSEC_CONNECTION_READ} in tenancy allow service loganalytics to {WEB_APP_FIREWALL_READ} in tenancy allow service loganalytics to read operator-control-family in tenancy allow service loganalytics to {NETWORK_FIREWALL_READ} in tenancy allow service loganalytics to {DEVOPS_DEPLOYMENT_READ} in tenancy allow service loganalytics to {DEVOPS_DEPLOY_PIPELINE_READ} in tenancy allow service loganalytics to {DEVOPS_DEPLOY_STAGE_READ} in tenancy allow service loganalytics to {APM_DOMAIN_READ} in tenancy allow service loganalytics to {SERVICE_CONNECTOR_READ} in tenancy allow service loganalytics to {DATAFLOW_APPLICATION_READ} in tenancy allow service loganalytics to {MEDIA_WORKFLOW_READ} in tenancy allow service loganalytics to {MEDIA_WORKFLOW_JOB_READ} in tenancy allow service loganalytics to {CLUSTER_READ} in tenancy allow service loganalytics to {GOLDENGATE_DEPLOYMENT_READ} in tenancy allow any-user to {LOG_ANALYTICS_LOG_GROUP_UPLOAD_LOGS} in compartment id <compartment_OCID> where all {request.principal.type='serviceconnector', target.loganalytics-log-group.id='<target_log_group_OCID>',request.principal.compartment.id='<compartment_OCID>'}