Uploaded image for project: 'Observability and Data Analysis Program'
  1. Observability and Data Analysis Program
  2. OBSDA-81

Collect & forward OVN audit logs

XMLWordPrintable

    • False
    • False
    • Undefined

      What is the problem that your customer is facing?

      Recently (OCP 4.8), the OVNKubernetes plugin introduced a new feature where audit logs can be collected which allows for gathering more information about network policies.

      As with any other audit log, this is considered sensitive information and often has to be handled in a different pipeline than other container logs.

      What is the business impact, if any, if this request will not be made available?

      Customers in regulated industries will have to come up with their own log forwarding solution just for this type of log. Otherwise, they might use a side-car container to output the logs, which would forward them to the regular bucket of logs. Which, if found by an auditor, is considered a finding that might affect their compliance targets.

      What are your expectations for this feature

      The Cluster Logging Operator already has a log forwarding feature that takes audit logs into account.

      It is expected that if these OVN audit logs (which are persisted in the /ovn/acl-audit-log.log file) are found, they will be collected, and can be forwarded using the audit inputRef.

      Have you done this before and/or outside of support and if yes, how?

      No.

            [OBSDA-81] Collect & forward OVN audit logs

            Shannon Wilber (Inactive) added a comment -

            HI, The PM Team would like to know if this issue is still relevant or no longer required?

            Shannon Wilber (Inactive) added a comment - HI, The PM Team would like to know if this issue is still relevant or no longer required?

            Ishwar Kanse added a comment -

            QE ack, Verified with https://polarion.engineering.redhat.com/polarion/#/project/OSE/workitem?id=OCP-42981

            Ishwar Kanse added a comment - QE ack, Verified with  https://polarion.engineering.redhat.com/polarion/#/project/OSE/workitem?id=OCP-42981

            Christian Heidenreich (Inactive) added a comment -

            astoycos Are your audit logs in the JSON format?

            Christian Heidenreich (Inactive) added a comment - astoycos Are your audit logs in the JSON format?

            Juan Antonio Osorio (Inactive) added a comment -

            cvogel1 my team looks at compliance in OpenShift. The OVN audit logging feature will come in OCP4.8, so I just thought it would be good to point it out before it comes out in a compliance audit. I just found out about the feature myself.

            Juan Antonio Osorio (Inactive) added a comment - cvogel1 my team looks at compliance in OpenShift. The OVN audit logging feature will come in OCP4.8, so I just thought it would be good to point it out before it comes out in a compliance audit. I just found out about the feature myself.

            Christian Heidenreich (Inactive) added a comment -

            josorior@redhat.com Did that come up during a customer request or is that a more general request w/o any customer atm?

            Christian Heidenreich (Inactive) added a comment - josorior@redhat.com Did that come up during a customer request or is that a more general request w/o any customer atm?

              rh-ee-rfloren Roger Florén
              josorior@redhat.com Juan Antonio Osorio (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              10 Start watching this issue

                Created:
                Updated:
                Resolved: