Uploaded image for project: 'OpenShift Logging'
  1. OpenShift Logging
  2. LOG-4557

Node audit logs from /var/log/audit do not have an openshift cluster_id field.

XMLWordPrintable

    • False
    • None
    • False
    • NEW
    • NEW
    • Bug Fix
    • Log Collection - Sprint 242, Log Collection - Sprint 243

      Description of problem:

      Node audit logs from /var/log/audit do not have an opensihft cluster_id field.

      This field should be populated with the same cluster-id value that is provided on other log types.

      Version-Release number of selected component (if applicable):

      5.6.6

      How reproducible:

      Steps to Reproduce:

      Detailed customer reproducer:MEAKV-1615.md.docx

      Summary of steps:

      1. Install cluster logging, create a CLF to forward audit logs
      2. Generate node audit events (e.g. use ssh to log into a cluster node directly)
      3. Find the resulting audit log in stored logs, check if it has openshift.cluster_id

      Actual results:

      cluster_id should be set to openshift cluster uuid.

      Expected results:

      no cluster_id field

      Additional info:

       

        1. vector.toml
          24 kB
        2. MEAKV-1615.md.docx
          1.06 MB

              vparfono Vitalii Parfonov
              dacarpen@redhat.com Darren Carpenter
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated:
                Resolved:

                  Estimated:
                  Original Estimate - 1 minute
                  1m
                  Remaining:
                  Remaining Estimate - 1 minute
                  1m
                  Logged:
                  Time Spent - Not Specified
                  Not Specified