OpenStack

  • Updated on Apr 3, 2025
  • Published on Nov 3, 2024
Prev Next
Self Service Ingestion

Connect this data source on your own, using the Hunters platform.

TL;DR

Supported data types

3rd party detection

Hunters detection

IOC search

Search

Table name

Log format

Collection method

OpenStack logs

✅

✅

openstack_logs

NDJSON

S3

Overview

OpenStack LogoOpenStack is a free, open standard cloud computing platform. It is mostly deployed as infrastructure-as-a-service (IaaS) in both public and private clouds where virtual servers and other resources are made available to users. The software platform consists of interrelated components that control diverse, multi-vendor hardware pools of processing, storage, and networking resources throughout a data center. Users manage it either through a web-based dashboard, through command-line tools.

Supported data types

OpenStack logs

Table name: openstack_logs

OpenStack logs are detailed records generated by various OpenStack services, which provide insights into the system's operation and help administrators monitor, troubleshoot, and secure the cloud environment. These logs capture information about events, errors, and system behavior across different OpenStack components such as Nova (compute), Neutron (networking), Cinder (block storage), and Keystone (identity management). Logs can include messages related to system performance, failed requests, security incidents, and service errors. By analyzing these logs, administrators can quickly diagnose issues, optimize performance, and ensure proper operation of the cloud infrastructure.

Send data to Hunters

Hunters supports the ingestion of OpenStack logs via an intermediary AWS S3 bucket.

To connect OpenStack logs:

  1. Export your logs from OpenStack to an AWS S3 bucket.

  2. Once the export is completed and the logs are collected to S3, follow the steps in this section.

Expected format

OpenStack log sample

Logs are expected in JSON format.

{ "@timestamp": "1979-01-01T00:00:00.00Z", "Logger": "logger", "Severity": 6, "Source": "test-audit", "Timestamp": "1979-01-01T00:00:00.00Z, "_unique_id": "asdasdasdasd", "action": "read", "environment_label": "asd.test.test.com", "event": { "dataset": "test-audit" }, "event_type": "activity", "message_id": "asdasdasdsa", "notification_type": "audit.http.response", "outcome": "success", "project_id": null, "req_initiator": { "credential": { "identity_status": "Confirmed", "token": "aosiudhuioawhfjwaojfawfawf" }, "host": { "address": "00.00.00.00", "agent": "USER AGENT STRING" }, "id": "1241245120", "name": "oaiwjf-wawf-awfawf", "project_id": "89d2u1f98h31f98uh3gesgsdg", "typeURI": "service/security/account/user" }, "severity_label": "INFO", "target_url": { "addresses": [ { "name": "test", "url": "https://test.test.com:874/v2.1" }, { "name": "test2", "url": "https://test.test.com:874/v2.1" }, { "name": "test3", "url": "https://test.test.com:874/v2.1" } ], "id": "nova", "name": "nova", "typeURI": "service/compute/servers/server" }, "url": null, "username": "1234-1902159-12-asdfdsgasdg" }