Uploaded image for project: 'OpenShift Logging'
  1. OpenShift Logging
  2. LOG-1526

Collect OVN Audit Logs

    XMLWordPrintable

Details

    • Logging (Core) - Sprint 204
    • 3
    • Passed
    • NEW
    • Hide
      * With this update, you can collect OVN network policy audit logs for forwarding to a logging server. For more information, see xref:../logging/cluster-logging-external.html#cluster-logging-collecting-ovn-audit-logs_cluster-logging-external[Collecting OVN network policy audit logs]. (link:https://issues.redhat.com/browse/LOG-1526[LOG-1526])
      Show
      * With this update, you can collect OVN network policy audit logs for forwarding to a logging server. For more information, see xref:../logging/cluster-logging-external.html#cluster-logging-collecting-ovn-audit-logs_cluster-logging-external[Collecting OVN network policy audit logs]. (link: https://issues.redhat.com/browse/LOG-1526 [ LOG-1526 ])

    Description

      Story

      As a cluster administrator,
      I want to collect OVN audit logs

      Acceptance Criteria

      • Logs from "/ovn/acl-audit-log.log" are forwarded through the "audit" pipeline
      • Log entries populate hostname with the node from which the log originated
      • Log entries populate timestamp
      • Functional test to verify collection
      • Document new collection source

      Example log event received at output:

      {
        "@timestamp" : "2021-07-06T08:26:58.687Z",
        "hostname":"ip.abc.iternal",
        "level":"info",
        "message" : "2021-07-06T08:26:58.687Z|00004|acl_log(ovn_pinctrl0)|INFO|name='verify-audit-logging_deny-all', verdict=drop, severity=alert: icmp,vlan_tci=0x0000,dl_src=0a:58:0a:81:02:12,dl_dst=0a:58:0a:81:02:14,nw_src=10.129.2.18,nw_dst=10.129.2.20,nw_tos=0,nw_ecn=0,nw_ttl=64,icmp_type=8,icmp_code=0"
      }
      

      Notes

      • Consider reviewing the remaining audit pipelines as we may want to apply the same AC to all audit logs

      Sample Message:

       2021-07-06T08:26:58.687Z|00004|acl_log(ovn_pinctrl0)|INFO|name="verify-audit-logging_deny-all", verdict=drop, severity=alert: icmp,vlan_tci=0x0000,dl_src=0a:58:0a:81:02:12,dl_dst=0a:58:0a:81:02:14,nw_src=10.129.2.18,nw_dst=10.129.2.20,nw_tos=0,nw_ecn=0,nw_ttl=64,icmp_type=8,icmp_code=0
      

      Attachments

        Activity

          People

            aguptaredhat Ajay Gupta
            jcantril@redhat.com Jeffrey Cantrill
            Ishwar Kanse Ishwar Kanse
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: