Uploaded image for project: 'Observability Documentation'
  1. Observability Documentation
  2. OBSDOCS-205

Kube API-server audit log filtering policy

XMLWordPrintable

    • Icon: Story Story
    • Resolution: Done
    • Icon: Major Major
    • None
    • Logging 5.8, OpenShift 4.12 Async
    • Logging
    • 8
    • True
    • Hide

      Awaiting implementation decisions and draft docs from engineering

      Show
      Awaiting implementation decisions and draft docs from engineering
    • Administer, Deploy
    • Feature
    • OBSDOCS (Aug 21-Sep 11) #241, OBSDOCS (Sep 11 - Oct 2) #242, OBSDOCS (Oct 2 - Oct 23) #243, OBSDOCS (Oct 23 - Nov 13) #244, OBSDOCS (Nov 13 - Dev 4) #245, OBSDOCS (Dec 4 - Dev 25) #246, OBSDOCS (Jan 1 - Jan 22) #247, OBSDOCS (Jan 22 - Feb 12) #248

      Goals

      Associate kube-API audit policies with audit log inputs in the ClusterLogForwarder.

      • allow multiple audit log streams with separate filtering.
      • specify filter in-line or as an external resource.
      • enable/disable node audit logs
      • compatible with HTTP inputs (LOG-3965)

      Motivation

      • unfiltered request-response audit events are too big to forward
      • unfiltered event stream has low signal-to-noise ratio

      Acceptance Criteria

      • Kube and Openshift API server events forwarded in accordance with an audit policy.
      • Separate policies can be applied on separate inputs/pipelines.

      Documentation Considerations

      The upstream documentation is at https://github.com/openshift/cluster-logging-operator/blob/master/docs/features/logforwarding/filters/api-audit-filter.adoc

      This links to audit policy details in the k8s documentation:

       

              landerso@redhat.com Libby Anderson
              rkratky@redhat.com Robert Krátký (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              13 Start watching this issue

                Created:
                Updated:
                Resolved: