-
Feature
-
Resolution: Done
-
Major
-
None
-
False
-
False
-
0% To Do, 0% In Progress, 100% Done
Proposed title of this feature request
Manual configuration of audit logging
What is the nature and description of the request?
My customer currently uses logforwarding to move all the logs to splunk, when they configured the audit logging stack to use the default mode, see
https://docs.openshift.com/container-platform/4.7/security/audit-log-policy-config.html
which is the least amount of logging according to the docs.
But they are still see 30/40 gb's logging to splunk per openshift cluster.
It is not possible to define/configure/tweak the audit logging, there are only 3 presets available. They want to see an option in openshift so they can define their own policy.
Why does the customer need this? (List the business requirements here)
Currently, even on minimum (default) logging there seems to be issues with the amount of audit logs OCP 4.7 and above are shipping, not having an ability to alter what is being sent to Splunk is having a financial impact in terms of Splunk and storage costs.
List any affected packages or components.
- is blocked by
-
LOG-3982 Kube API-server audit log filtering policy
- Closed
- is documented by
-
OBSDOCS-205 Kube API-server audit log filtering policy
- Closed
- is duplicated by
-
OBSDA-342 To apply custom filter before forwarding audit logs externally
- Closed
- is incorporated by
-
OBSDA-339 Filter and control size of audit logs
- Closed
- relates to
-
LOG-4462 Audit log forwarding produces excessive data, configuration for prefiltering is needed
- New
-
AUTH-6 Logs should contain login and login failure details
- Closed
-
LOG-4029 Support STS Cloudwatch authentication for logging in Managed Clusters
- Closed
-
AUTH-209 Optional: Reduce verbosity of audit log
- Closed
-
LOG-3727 The length of the syslog packet_size set to 4096 is not sufficient
- Closed
-
OCPSTRAT-568 Improve configuration of kube-apiserver audit logging
- Closed
-
OCPSTRAT-340 Provide the ability to output APIServer audit logs based on resource-type
- Closed
- links to