Monitoring

The Monitoring dashboard in Cloud Control Center gives visibility into all system activity and administrative events that occur in Cloud Control Center and Elisity Infrastructure. From user login, to Policy Group modifications, to Policy deployments or deletions, this is where you can find a log of all activity in Cloud Control Center. This includes system activity and events, as well as infrastructure alerts. See the list below for a categorical view of all monitoring views available.

Audit logs show changes made by any user in Cloud Control Center such as configuration changes, policy modifications, device creation, modification, and purging actions, and so on. Audit logs also contain login events for users which includes the user's source IP address. This provides customers with industry standard, exportable audit logs required by most compliance regulations.

Events shows system actions and events that occurred that were not necessarily the result of user configuration such as device Policy Group assignments, Virtual Edge registrations, and so on. Events records many of the events that are also found in Activity Logs and Events - see the list below for the VE/VEN related events that are recorded.

• Virtual Edge Activity: Heartbeat Missed
• Virtual Edge Activity: Registered
• Virtual Edge Node Activity: Heartbeat Missed
• Virtual Edge Node Activity: Registered
• Virtual Edge Node Activity: Reinitialized
• Virtual Edge Activity: Online (Also found in Alerts)
• Virtual Edge Activity: Offline (Also found in Alerts)
• Virtual Edge Node Activity: Online (Also found in Alerts)
• Virtual Edge Node Activity: Offline (Also found in Alerts)
• Virtual Edge Node Activity: Degraded (Also found in Alerts)
• Virtual Edge Node Activity: Healthy (Also found in Alerts)

This list only contains VE/VEN events - many other events are recorded related to Policy Group assignment, Security Profile and Policy deployment, System Initializations, and more.

Activity Logs shows all infrastructure related activity such as VE/VEN onboarding, decommissioning, and recommissioning. This corresponds directly with the Activity column in the notifications pane. 

Alerts provides status alerting of Elisity infrastructure such as Virtual Edge and Virtual Edge Node Online, Offline, Degraded, and Healthy status changes. The Alerts view enables quick and easy monitoring of the status of your Elisity Infrastructure. As mentioned, these alerts are also recorded in the Events view. This corresponds directly with the Alerts column in the notifications pane. 

Custom filtering can be applied and saved for each of these views, giving Administrators the ability to export filtered (or unfiltered) data for auditing or compliance checks. Logs can also be filtered by the last hour, 24 hours, week or month - layered with additional filters - to filter down to specific types of events that occured within a given time frame.

Monitoring data can be exported with or without these filters by clicking on Export Data and selecting the appropriate option - Export Filtered Data or Export All Data. Monitoring data contains up to 10,000 events which are all exported, depending on the filter applied.

Viewing Events from the Device Details View

The Elisity platform offers a sophisticated device event monitoring system, as seen above, that provides administrators with a clear and comprehensive view of all device activities on their network. This system is designed with the user in mind, focusing on simplicity and effectiveness.

External Policy Logging

Security Profiles in Elisity include the ability to log policy events. This feature allows you to gain deeper insights into network activity and is particularly useful for monitoring and analyzing security-related events. Lets look at how to enable logging in Security Profiles and provide important information about its usage.

Policy Logging is a Global setting that cannot be turned off once enabled. To enable Policy Logging, navigate to Settings > System > Advanced and click the button to enable this setting. 

Per-Rule Logging

You can now enable logging on a per-rule basis within Security Profiles that can be sent to a syslog server for the purpose of monitoring policy enforcement interactions for any security profile you choose.  This means that you can choose to log specific rules while leaving others unaffected. This level of granularity allows you to focus on the rules that are most critical for your security monitoring needs. Note that by enabling logging for a Security Profile, logging will be enabled for every policy that uses this specific Security Profile.

To enable logging for specific rules:

1. Access the Security Profile: Navigate to the Security Profile you want to modify.
2. Edit the Rule: Locate the rule you want to enable logging for and click on it to edit its settings.
3. Enable Logging: In the rule settings, you will find a "Log" option. Turn this option on to enable syslog generation for that specific rule.
4. Save Changes: Make sure to save your changes to apply the logging configuration to the rule.

Final Policy Action Logging

In addition to per-rule logging, you can enable logging on the Final Policy Action. This allows you to capture logs about the ultimate outcome of the Final Policy Action. You can use this feature to ensure that you have a record of what happens to traffic that doesn't match any specific rule. This is enabled per policy rather than at the security profile. 

To enable logging for the Final Policy Action on a policy:

1. Access the Policy: Navigate to the Policy you want to modify.
2. Enable Logging: At the bottom near the Final Policy Action section, you will find an option to enable logging. Turn this option on to log the final policy action.
3. Save Changes: Remember to save your changes to activate logging for the Final Policy Action.

Viewing Policy Logging Status in Security Profile and Policy Dashboards

Policy Logging status is available in both the Security Profile dashboard and the Policies List View, allowing users to quickly see the logging status and filter Policies and Policy Groups by this attribute.

Security Profile Dashboard

Policy Logging status (Enabled or Disabled) can be viewed in the Security Profiles Dashboard by using the Policy Logging column. This column, as all other columns, can be moved, enabled, disabled, and filtered.

Policies Dashboard

Policy Logging status (Enabled or Disabled) can be viewed in the Policies List View as well, by using the same Policy Logging column. This column, as all other columns, can be moved, enabled, disabled, and filtered.

Performance Considerations

Enabling logging, especially at a high volume, can cause increased CPU utilization on the VENs (Virtual Enforcement Nodes) due to the generation of syslog messages. It is crucial to monitor the performance of VENs when enabling logging and consider potential mitigations if high CPU usage becomes an issue.

 By providing options for per-rule logging and Final Policy Action logging, as well as an acceptance function for performance risks, we aim to empower you with the tools needed to optimize your security posture effectively.