Uploaded image for project: 'OpenShift Logging'
  1. OpenShift Logging
  2. LOG-1377

Support collecting audit logs from additional, platform related locations


    • Platform Audit Logs
    • 3
    • False
    • False
    • NEW
    • Done
    • NEW
    • 0% To Do, 0% In Progress, 100% Done
    • Undefined


      Support collecting additional audit logs from other, platform related locations to enable security admins to fully audit the entire OpenShift Platform and its underlying infrastructure components.


      • General support for adjusting or adding more locations on-the-fly where we will collect audit logs from.


      Recently (OCP 4.8), the OVNKubernetes plugin introduced a new feature where audit logs can be collected which allows for gathering more information about network policies.

      As with any other audit log, this is considered sensitive information and often has to be handled in a different pipeline than other container logs.


      Customers in regulated industries will have to come up with their own log forwarding solution just for this type of log. Otherwise, they might use a side-car container to output the logs, which would forward them to the regular bucket of logs. Which, if found by an auditor, is considered a finding that might affect their compliance targets.

      Acceptance Criteria

      • It is expected that if these OVN audit logs (which are persisted in the /ovn/acl-audit-log.log file) are found, they will be collected, and can be forwarded using the audit inputRef.

      Risk and Assumptions

      Documentation Considerations

      • Update the list of files we collect audit logs from.

      Open Questions

      Additional Notes

            aguptaredhat Ajay Gupta (Inactive)
            cvogel1 Christian Heidenreich (Inactive)
            Ishwar Kanse Ishwar Kanse
            0 Vote for this issue
            8 Start watching this issue