-
Bug
-
Resolution: Done
-
Blocker
-
Logging 5.8.0
-
False
-
None
-
False
-
NEW
-
OBSDA-344 - Audit log forwarding produces excessive data, configuration for prefiltering is needed
-
VERIFIED
-
-
-
Log Collection - Sprint 243
Description of problem:
Create CLF with below yaml:
apiVersion: logging.openshift.io/v1
kind: ClusterLogForwarder
metadata:
name: instance
namespace: openshift-logging
spec:
filters:
- kubeAPIAudit:
omitStages:
- RequestReceived
rules:
- level: RequestResponse
resources:
- group: ""
resources:
- pods
name: my-policy
type: kubeAPIAudit
pipelines:
- filterRefs:
- my-policy
inputRefs:
- application
- infrastructure
- audit
name: test
outputRefs:
- default
get below failure:
status: conditions: - lastTransitionTime: "2023-10-07T03:13:10Z" reason: ValidationFailure status: "False" type: Ready - lastTransitionTime: "2023-10-07T03:13:10Z" message: clusterlogforwarder is not ready reason: ValidationFailure status: "True" type: Validation outputs: default: - lastTransitionTime: "2023-10-07T03:13:10Z" status: "True" type: Ready pipelines: pipeline_0: - lastTransitionTime: "2023-10-07T03:13:10Z" message: 'invalid: unrecognized filters: [my-policy]' reason: Invalid status: "False" type: Ready
Version-Release number of selected component (if applicable):
openshift-logging/cluster-logging-rhel9-operator/images/v5.8.0-177
How reproducible:
Always
Steps to Reproduce:
- Deploy clusterlogging
- Create CLF with above yaml file
Actual results:
CLF validation failed, no collector pods be deployed.
Expected results:
Collector pods should be deployed successfully.
