OSDOCS-11625:Viewing Network events in Network Observability

Author: skrthomas

modules/network-observability-networking-events-overview.adoc

@@ -0,0 +1,12 @@
+// Module included in the following assemblies:
+//
+// network_observability/observing-network-traffic.adoc
+
+:_mod-docs-content-type: CONCEPT
+[id="network-observability-networking-events-overview_{context}"]
+= OVN Kubernetes networking events
+You use network event tracking in Network Observability to gain insight into OVN-Kubernetes events, including network policies, admin network policies, and egress firewalls. You can use the insights from tracking network events to help with the following:
+
+* Network monitoring: Monitor allowed and blocked traffic, detecting whether packets are allowed or blocked based on network policies and admin network policies. 
+
+* Network security: You can track outbound traffic and see whether it adheres to egress firewall rules. Detect unauthorized outbound connections and flag outbound traffic that violates egress rules.

modules/network-observability-viewing-network-events.adoc

@@ -0,0 +1,57 @@
+// Module included in the following assemblies:
+//
+// * network_observability/observing-network-traffic.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="network-observability-viewing-network-events_{context}"]
+= Viewing network events
+You can view network events, such as network flows that are dropped or allowed by a network policy, by editing the `FlowCollector` to the specifications in the following YAML example.
+
+.Prerequisites
+* Must have the `OVNObservability` specified in the `FeatureGate` custom resource. For more information, see "Enabling features using feature gates" in the "Additional resources" of this section.
+
+.Procedure
+. In the web console, navigate to *Operators* -> *Installed Operators*.
+. In the *Provided APIs* heading for the *NetObserv Operator*, select *Flow Collector*.
+. Select *cluster*, and then select the *YAML* tab.
+. Configure the `FlowCollector` custom resource to enable viewing `NetworkEvents`, for example:
++
+[id="network-observability-flowcollector-configuring-networkevents{context}"]
+.Example `FlowCollector` configuration
+[source, yaml]
+----
+apiVersion: flows.netobserv.io/v1beta2
+kind: FlowCollector
+metadata:
+  name: cluster
+spec:
+   agent:
+    type: eBPF
+    ebpf:
+      sampling: 1       <1>
+      privileged: true  <2>
+      features:
+       - "NetworkEvents"
+----
+<1> The `sampling` parameter is set to a value of 1 so that all network events are captured.
+<2> The `privileged` parameter is set to `true` because the `OVN observability` library needs to access local OVS socket and OVN databases
+
+.Verification
+. Navigate to the *Network Traffic* view and select the *Traffic flows* table. 
+. You should see the new column, *Network Events*, where you can view information about impacts that network policies, admin policies, and egress firewalls have on network flows.
++
+.Examples of Network Events output
+[source,text]
+----
+Dropped by cluster multicast policy, direction Ingress
+----
++
+[source,text]
+----
+Allowed by network policy iperf.iperf3-server-access-egress, direction Egress
+----
++
+[source,text]
+----
+Allowed by admin network policy allow-egress-iperf, direction Egress
+----

observability/network_observability/observing-network-traffic.adoc

@@ -41,6 +41,11 @@ include::modules/network-observability-flow-filter-parameters.adoc[leveloffset=+
 * xref:../../observability/network_observability/metrics-alerts-dashboards.adoc#network-observability-metrics_metrics-dashboards-alerts[Network Observability metrics]
 * xref:../../observability/network_observability/network-observability-operator-monitoring.adoc#network-observability-health-dashboard-overview_network_observability[Health dashboards]
 
+include::modules/network-observability-networking-events-overview.adoc[leveloffset=+2]
+[role="_additional-resources"]
+.Additional resources
+* xref:../../observability/network_observability/observing-network-traffic.adoc#network-observability-viewing-network-events_nw-observe-network-traffic[Viewing network events]
+
 //Traffic flows
 include::modules/network-observability-trafficflow.adoc[leveloffset=+1]
 include::modules/network-observability-working-with-trafficflow.adoc[leveloffset=+2]
@@ -52,6 +57,11 @@ include::modules/network-observability-RTT.adoc[leveloffset=+2]
 include::modules/network-observability-histogram-trafficflow.adoc[leveloffset=+2]
 include::modules/network-observability-working-with-zones.adoc[leveloffset=+2]
 include::modules/network-observability-filtering-ebpf-rule.adoc[leveloffset=+2]
+include::modules/network-observability-viewing-network-events.adoc[leveloffset=+2]
+
+[role="_additional-resources"]
+.Additional resources
+* Placeholder for link to OVN-K topic on `OVNObservability`
 
 //Topology
 include::modules/network-observability-topology.adoc[leveloffset=+1]