8.2.13.2. Logbook Exploitation¶

8.2.13.2.1. Configuration du Logbook¶

logbook.conf : fichier Yaml de configuration du serveur logbook. Celle-ci possède une propriété :

alertEvents : configuration des alertes de sécurité

une alerte est déclenchée soit sur l’analyse du couple {evType,outCome} soit sur celle du {outDetail}

Dans le cas du déclenchement sur l’analyse du couple {evType, outCome}

- evType: 'CHECK_HEADER.CHECK_CONTRACT_INGEST'
  outcome: 'KO'

Dans le cas du déclenchement sur l’analyse du {outComeDetail}

- outDetail: 'CHECK_HEADER.CHECK_CONTRACT_INGEST.KO'

La liste des détections de l’alerte

non conformité de la base des règles de gestion au référentiel enregistré (CHECK_RULES)
refus d’entrée d’un SIP pour des raisons d’inadéquation de contrats (CHECK_HEADER.CHECK_CONTRACT_INGEST)
soumission d’un SIP avec une classification incompatible avec la plateforme (CHECK_CLASSIFICATION_LEVEL)
valeur de durée dans les régle de gestion inférieure à la durée minimum (CHECK_RULES.MAX_DURATION_EXCEEDS)
refus d’un accès avec les droits personae (STP_PERSONAL_CERTIFICATE_CHECK)
absence de sécurisation des journaux sur 12h (TODO)

Les fichiers de configuration sont gérés par les procédures d’installation ou de mise à niveau de l’environnement VITAM. Se référer au DIN.

Les fichiers de configuration sont définis sous /vitam/conf/logbook.

8.2.13.2.2. Fichier `logbook.conf`¶

#jinja2: lstrip_blocks: True
# Configuration MongoDB
mongoDbNodes:
{% for server in groups['hosts_mongos_data'] %}
- dbHost: {{ hostvars[server]['ip_service'] }}
  dbPort: {{ mongodb.mongos_port }}
{% endfor %}
dbName: logbook
dbAuthentication: {{ mongodb.mongo_authentication }}
dbUserName: {{ mongodb['mongo-data'].logbook.user }}
dbPassword: {{ mongodb['mongo-data'].logbook.password }}
jettyConfig: jetty-config.xml
p12LogbookPassword: {{ keystores.timestamping.secure_logbook }}
p12LogbookFile: keystore_secure-logbook.p12
workspaceUrl: {{ vitam.workspace | client_url }}
processingUrl: {{ vitam.processing | client_url }}

# ElasticSearch
clusterName: {{ vitam_struct.cluster_name }}
elasticsearchNodes:
{% for server in groups['hosts_elasticsearch_data'] %}
- hostName: {{ hostvars[server]['ip_service'] }}
  httpPort: {{ elasticsearch.data.port_http }}
{% endfor %}

# ElasticSearch tenant indexation
elasticsearchTenantIndexation:
  default_config:
    logbookoperation:
      number_of_shards: {{ vitam_elasticsearch_tenant_indexation.default_config.logbookoperation.number_of_shards | default('1') }}
      number_of_replicas: {{ vitam_elasticsearch_tenant_indexation.default_config.logbookoperation.number_of_replicas | default('2') }}

{% if vitam_elasticsearch_tenant_indexation.dedicated_tenants is defined and vitam_elasticsearch_tenant_indexation.dedicated_tenants is not none %}
  dedicated_tenants:
  {% for entry in vitam_elasticsearch_tenant_indexation.dedicated_tenants %}
  - tenants: '{{ entry.tenants }}'
    {% if entry.logbookoperation is defined %}
    logbookoperation:
      {% if entry.logbookoperation.number_of_shards is defined %}
      number_of_shards: {{ entry.logbookoperation.number_of_shards }}
      {% endif %}
      {% if entry.logbookoperation.number_of_replicas is defined %}
      number_of_replicas: {{ entry.logbookoperation.number_of_replicas }}
      {% endif %}
    {% endif %}
  {% endfor %}
{% endif %}

{% if vitam_elasticsearch_tenant_indexation.grouped_tenants is defined and vitam_elasticsearch_tenant_indexation.grouped_tenants is not none %}
  grouped_tenants:
  {% for entry in vitam_elasticsearch_tenant_indexation.grouped_tenants %}
  - name: '{{ entry.name }}'
    tenants: '{{ entry.tenants }}'
    {% if entry.logbookoperation is defined %}
    logbookoperation:
      {% if entry.logbookoperation.number_of_shards is defined %}
      number_of_shards: {{ entry.logbookoperation.number_of_shards }}
      {% endif %}
      {% if entry.logbookoperation.number_of_replicas is defined %}
      number_of_replicas: {{ entry.logbookoperation.number_of_replicas }}
      {% endif %}
    {% endif %}
  {% endfor %}
{% endif %}

#Basic Authentication
adminBasicAuth:
- userName: {{ admin_basic_auth_user }}
  password: {{ admin_basic_auth_password }}

## Configuration for logbook coherence check
# list of operations that generate LFC
opWithLFC: [
  "PROCESS_SIP_UNITARY",
  "FILINGSCHEME",
  "HOLDINGSCHEME",
  "UPDATE_RULES_ARCHIVE_UNITS",
  "PROCESS_AUDIT",
  "STP_UPDATE_UNIT"]
# list of events not declared in wf
opEventsNotInWf: [
  "STP_SANITY_CHECK_SIP",
  "SANITY_CHECK_SIP",
  "CHECK_CONTAINER",
  "STP_UPLOAD_SIP"
]
# list of events to skip for OP-LFC check
opLfcEventsToSkip: [
  "STP_SANITY_CHECK_SIP", "SANITY_CHECK_SIP", "CHECK_CONTAINER", "STP_UPLOAD_SIP", "ATR_NOTIFICATION", "ROLL_BACK",
  "STORAGE_AVAILABILITY_CHECK", "ACCESSION_REGISTRATION",
  "ROLL_BACK", "ATR_NOTIFICATION", "COMMIT_LIFE_CYCLE_OBJECT_GROUP", "COMMIT_LIFE_CYCLE_UNIT",
  "LIST_OBJECTGROUP_ID", "REPORT_AUDIT",
  "LIST_ARCHIVE_UNITS", "LIST_RUNNING_INGESTS"]

# Configuration des alertes de securite
alertEvents:
- evType: 'CHECK_HEADER.CHECK_CONTRACT_INGEST'
  outcome: 'KO'
- evType: 'CHECK_RULES.MAX_DURATION_EXCEEDS'
  outcome: 'KO'
- evType: 'CHECK_RULES'
  outcome: 'KO'
- outDetail: 'CHECK_CLASSIFICATION_LEVEL.KO'
- outDetail: 'STP_PERSONAL_CERTIFICATE_CHECK.KO'

# Traceability params
operationTraceabilityTemporizationDelay: {{ vitam.logbook.operationTraceabilityTemporizationDelay | default(300) }}
operationTraceabilityMaxRenewalDelay: {{ vitam.logbook.operationTraceabilityMaxRenewalDelay | default(690) }}
operationTraceabilityMaxRenewalDelayUnit: {{ vitam.logbook.operationTraceabilityMaxRenewalDelayUnit | default('MINUTES') }}
operationTraceabilityThreadPoolSize: {{ vitam.logbook.operationTraceabilityThreadPoolSize | default(16) }}
lifecycleTraceabilityTemporizationDelay: {{ vitam.logbook.lifecycleTraceabilityTemporizationDelay | default(300) }}
lifecycleTraceabilityMaxRenewalDelay: {{ vitam.logbook.lifecycleTraceabilityMaxRenewalDelay | default(690) }}
lifecycleTraceabilityMaxRenewalDelayUnit: {{ vitam.logbook.lifecycleTraceabilityMaxRenewalDelayUnit | default('MINUTES') }}
lifecycleTraceabilityMaxEntries: {{ vitam.logbook.lifecycleTraceabilityMaxEntries | default(100000) }}

{% if primary_site | lower != "true" %}
# Reconstruction cache duration (in minutes)
reconstructionMetricsCacheDurationInMinutes: {{ vitam.logbook.reconstructionMetricsCacheDurationInMinutes | default(15) }}
{% endif %}

8.2.13.2.3. Fichier `functional-administration-client.conf`¶

serverHost: {{ vitam.functional_administration.host }}
serverPort: {{ vitam.functional_administration.port_service }}

8.2.13.2.4. Fichier `logbook-client.conf`¶

serverHost: {{ vitam.logbook.host }}
serverPort: {{ vitam.logbook.port_service }}

8.2.13.2.5. Fichier `storage-client.conf`¶

serverHost: {{ vitam.storageengine.host }}
serverPort: {{ vitam.storageengine.port_service }}

8.2.13.2. Logbook Exploitation¶

8.2.13.2.1. Configuration du Logbook¶

8.2.13.2.2. Fichier logbook.conf¶

8.2.13.2.3. Fichier functional-administration-client.conf¶

8.2.13.2.4. Fichier logbook-client.conf¶

8.2.13.2.5. Fichier storage-client.conf¶

8.2.13.2.2. Fichier `logbook.conf`¶

8.2.13.2.3. Fichier `functional-administration-client.conf`¶

8.2.13.2.4. Fichier `logbook-client.conf`¶

8.2.13.2.5. Fichier `storage-client.conf`¶