-
Story
-
Resolution: Done
-
Major
-
None
Story
As a cluster administrator,
I want to collect OVN audit logs
Acceptance Criteria
- Logs from "/ovn/acl-audit-log.log" are forwarded through the "audit" pipeline
- Log entries populate hostname with the node from which the log originated
- Log entries populate timestamp
- Functional test to verify collection
- Document new collection source
Example log event received at output:
{ "@timestamp" : "2021-07-06T08:26:58.687Z", "hostname":"ip.abc.iternal", "level":"info", "message" : "2021-07-06T08:26:58.687Z|00004|acl_log(ovn_pinctrl0)|INFO|name='verify-audit-logging_deny-all', verdict=drop, severity=alert: icmp,vlan_tci=0x0000,dl_src=0a:58:0a:81:02:12,dl_dst=0a:58:0a:81:02:14,nw_src=10.129.2.18,nw_dst=10.129.2.20,nw_tos=0,nw_ecn=0,nw_ttl=64,icmp_type=8,icmp_code=0" }
Notes
- Consider reviewing the remaining audit pipelines as we may want to apply the same AC to all audit logs
Sample Message:
2021-07-06T08:26:58.687Z|00004|acl_log(ovn_pinctrl0)|INFO|name="verify-audit-logging_deny-all", verdict=drop, severity=alert: icmp,vlan_tci=0x0000,dl_src=0a:58:0a:81:02:12,dl_dst=0a:58:0a:81:02:14,nw_src=10.129.2.18,nw_dst=10.129.2.20,nw_tos=0,nw_ecn=0,nw_ttl=64,icmp_type=8,icmp_code=0
- is documented by
-
RHDEVDOCS-3162 Collect OVN Audit Logs
- Closed
- links to