Loading...

XML

Word

Printable

Type: Bug
Resolution: Done
Priority: Blocker
Fix Version/s: Logging 5.5.0
Affects Version/s: Logging 5.4.0
Component/s: Log Collection
Labels:
- devel_ack+

Blocked:
False
Blocked Reason:
None
Ready:
False
Epic Link:
Deploy Vector Collector as a GA offering (Phase 1)
Docs QE Status:
NEW
Feature Link:
OBSDA-108 - Distribute an alternate Vector Log Collector
QE Status:
VERIFIED

SFDC Cases Links:
SFDC Cases Counter:
SFDC Cases Open:

Cluster-logging.5.4.0-103

Server Version: 4.10.0-0.nightly-2022-03-23-153617

Kubernetes Version: v1.23.5+b0357ed

Description of problem:

No audit logs are forwarded to the log store when a ClusterLogForwarder is created to forward audit logs.

Version-Release number of selected component (if applicable):

NAME DISPLAY VERSION REPLACES PHASE

cluster-logging.5.4.0-103 Red Hat OpenShift Logging 5.4.0-103 Succeeded

elasticsearch-operator.5.4.0-117 OpenShift Elasticsearch Operator 5.4.0-117 Succeeded

How reproducible:

Always

Steps to reproduce the issue:

1 Install the Cluster Logging and Elasticsearch 5.4 operators.

2 Create a Cluster Logging instance with Vector as collector.

apiVersion: "logging.openshift.io/v1"
kind: "ClusterLogging"
metadata:
  name: "instance" 
  namespace: "openshift-logging"
  annotations:
    logging.openshift.io/preview-vector-collector: enabled
spec:
  managementState: "Managed"  
  logStore:
    type: "elasticsearch"  
    retentionPolicy: 
      application:
        maxAge: 10h
      infra:
        maxAge: 10h
      audit:
        maxAge: 10h
    elasticsearch:
      nodeCount: 1 
      storage: {} 
      resources: 
          limits:
            memory: "4Gi"
          requests:
            memory: "1Gi"
      proxy: 
        resources:
          limits:
            memory: 256Mi
          requests:
            memory: 256Mi
      redundancyPolicy: "ZeroRedundancy"
  visualization:
    type: "kibana"  
    kibana:
      replicas: 1
  collection:
    logs:
      type: "vector"  
      vector: {}

3 Create a ClusterLogForwarder to forward all log types to the default log store.

apiVersion: logging.openshift.io/v1
kind: ClusterLogForwarder
metadata:
  name: instance
  namespace: openshift-logging
spec:
  pipelines:
  - name: to-es
    inputRefs:
    - infrastructure
    - audit
    - application
    outputRefs:
    - default

4 Check the indices in the Elasticsearch log store.

sh-4.4$ indices
Thu Mar 24 07:26:33 UTC 2022
health status index        uuid                   pri rep docs.count docs.deleted store.size pri.store.size
green  open   app-000001   xwXMh1kTSueECO_LcRhNlQ   1   0       3161            0          0              0
green  open   audit-000001 ZQoxHEdUQ8-o8REAZ3OvwQ   1   0          0            0          0              0
green  open   .kibana_1    HwLS-h4oQFaNGAfO-6Yjuw   1   0          0            0          0              0
green  open   .security    sn8k-siVQzSqmvOKa8LpaA   1   0          6            0          0              0
green  open   infra-000001 ZyXxB_VwR4GhIh_SiF-8wA   1   0      50618            0         20             20

Additional details:

Attached the generated vector.toml file.

- - Sort By Name
  - Sort By Date
  - Ascending
  - Descending
  - Thumbnails
  - List
  - Download All

master-vector.toml
5 kB
2022/03/25 3:07 AM
vector.toml
6 kB
2022/03/24 7:30 AM

Assignee:: Vimal Kumar

Reporter:: Ishwar Kanse

QA Contact:: Ishwar Kanse

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Created:: 2022/03/24 7:28 AM

Updated:: 2022/08/03 6:20 PM

Resolved:: 2022/03/29 3:56 AM

Details

Description

Attachments

Attachments

Activity

People

Dates