CONTROLLED DATA
Leidos Proprietary - US Citizens ONLY
The information contained herein is proprietary to Leidos, Inc. It may not be used, reproduced, disclosed, or exported without the written approval of Leidos.

Monitoring the application logs for each of the Secure DevOps (SDO) tool-chain components is required to ensure compliance with enterprise security policy. This is accomplished by forwarding the logs from each system component to the centralized enterprise Splunk server. This document outlines the steps for managing the log monitoring process.

Step-by-step guide

Prerequisites

  1. Administrators must have a Y-Account.
  2. Application components are installed on ITS-supplied images.

Configuration

  1. The Splunk Forwarder is pre-installed on the Linux images supplied by ITS. Verify by checking that Splunk is installed at /opt/splunkforwarder.
  2. The default deployment client configuration file is located at /opt/splunkforwarder/etc/system/local/deploymentclient.conf. This configuration file is used by the Splunk Forwarder to determine the location of the central Splunk server. Open this file in a text editor and verify the following entries. (Note that some configurations might use the IP address instead of the DNS name of the host.)

    [target-broker:deploymentServer]
    targetUri = splunkawsgov.leidos.com:8089

  3. Verify access to the central Splunk server by the client by using a network utility such as ping.

    > ping splunkawsgov.leidos.com

  4. If there were any edits to the configuration file in Step 2, stop and then start the Splunk Forwarder.

    > export SPLUNK_HOME=/opt/splunkforwarder
    > $SPLUNK_HOME/bin/splunk stop
    $SPLUNK_HOME/bin/splunk start

CIO Central Request

  1. Once network access and the configuration files have been verified, a CIO Central request must be made. This request should be routed to Enterprise Cloud Management. Below is an example template.

    TO: Enterprise Management

    Description
    Push Splunk log forwarder configurations to the production SDO Atlassian Bitbucket ECR Server.

    Host(s)
    example.dcs.leidos.com

    Index
    sdo_application

    source: /var/atlassian/application-data/atlbitbucket/log/atlassian-bitbucket.log
    Sourcetype: atlassian:bitbucket

    source: /var/atlassian/application-data/atlbitbucket/log/atlassian-bitbucket-access.log
    Sourcetype: atlassian:bitbucket:access

    source: /var/atlassian/application-data/atlbitbucket/log/atlassian-bitbucket-alerts.log
    Sourcetype: atlassian:bitbucket:alert

    source: /var/atlassian/application-data/atlbitbucket/log/atlassian-bitbucket-mail.log
    Sourcetype: atlassian:bitbucket:mail

    source: /var/atlassian/application-data/atlbitbucket/log/atlassian-bitbucket-profiler.log
    Sourcetype: atlassian:bitbucket:profiler

    source: /var/atlassian/application-data/atlbitbucket/log/audit/atlassian-bitbucket-audit.log
    Sourcetype: atlassian:bitbucket:audit

Verification

  1. Once Enterprise Management has completed the request, navigate to the SDO log monitoring dashboard (see example dashboard below) Select each host submitted in the previous step and verify that the logs are being monitored as expected.





The information contained herein is proprietary to Leidos, Inc. It may not be used, reproduced, disclosed, or exported without the written approval of Leidos.
CONTROLLED DATA