-
Feature
-
Resolution: Done
-
Major
-
None
-
False
-
False
-
0% To Do, 0% In Progress, 100% Done
Proposed title of this feature request
Manual configuration of audit logging
What is the nature and description of the request?
My customer currently uses logforwarding to move all the logs to splunk, when they configured the audit logging stack to use the default mode, see
https://docs.openshift.com/container-platform/4.7/security/audit-log-policy-config.html
which is the least amount of logging according to the docs.
But they are still see 30/40 gb's logging to splunk per openshift cluster.
It is not possible to define/configure/tweak the audit logging, there are only 3 presets available. They want to see an option in openshift so they can define their own policy.
Why does the customer need this? (List the business requirements here)
Currently, even on minimum (default) logging there seems to be issues with the amount of audit logs OCP 4.7 and above are shipping, not having an ability to alter what is being sent to Splunk is having a financial impact in terms of Splunk and storage costs.
List any affected packages or components.
- is blocked by
-
LOG-3982 Kube API-server audit log filtering policy
-
- Closed
-
- is documented by
-
OBSDOCS-205 Kube API-server audit log filtering policy
-
- Closed
-
- is duplicated by
-
OBSDA-342 To apply custom filter before forwarding audit logs externally
-
- Closed
-
- is incorporated by
-
-
- Closed
-
- relates to
-
-
- New
-
-
-
- Closed
-
-
-
- Closed
-
-
-
- Closed
-
-
LOG-3727 The length of the syslog packet_size set to 4096 is not sufficient
-
- Closed
-
-
-
- Closed
-
-
-
- Closed
-
- links to