Uploaded image for project: 'Observability and Data Analysis Program'
  1. Observability and Data Analysis Program
  2. OBSDA-342

To apply custom filter before forwarding audit logs externally

    XMLWordPrintable

Details

    • Market Problem
    • False
    • None
    • False
    • Not Selected
    • 0
    • 0% 0%
    • 0

    Description

      1. Proposed title of this feature request

      To apply custom filter before forwarding the audit logs externally

      2. What is the nature and description of the request?
      To have customer filters for audit logs like:
      Events FILTER1: to get user action events (non system) from audit* index
      NOT (user.username:system)

      Events FILTER2: to get login/logout events from audit* index.
      objectRef.resource:oauthaccesstokens

      3. Why does the customer need this? (List the business requirements here)
      Collecting the complete audit logs consuming more space and taking more network bandwidth while pushing all audit logs externally most of which are actually not required.

      Attachments

        Issue Links

          duplicates

          Feature - Capability or a well-defined set of functionality that delivers business value. Features can include additions or changes to existing functionality. Features can easily span multiple teams, and potentially multiple releases. OBSDA-344 Audit log forwarding produces excessive data, configuration for prefiltering is needed

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed
          is incorporated by

          Outcome - Organizational objective focused on a measurable outcome. May be in support of larger strategic goals. OBSDA-339 Filter and control size of audit logs

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed
          relates to

          Feature - Capability or a well-defined set of functionality that delivers business value. Features can include additions or changes to existing functionality. Features can easily span multiple teams, and potentially multiple releases. OCPSTRAT-568 Improve configuration of kube-apiserver audit logging

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed

          Activity

            People

              jamparke@redhat.com Jamie Parker
              rhn-support-kiyyappa Kosal Raj Iyyappan (Inactive)
              Votes:
              3 Vote for this issue
              Watchers:
              9 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: