URL

1. Logging > Log Collection and forwarding > About log collection and forwarding > Log collection

2. Logging > Log Collection and forwarding > Configuring log forwarding > About forwarding logs to third-party systems

DESCRIPTION

Issue 1

In Logging > Log Collection and forwarding > About log collection and forwarding > Log collection  is said:

If you configure the log collector to collect audit logs, it collects them from /var/log/audit/audit.log.

The complete list is:

• Linux audit logs: /var/log/audit/audit.log
• Kubernetes API server logs: /var/log/kube-apiserver/audit.log
• OpenShift API server: /var/log/openshift-apiserver/audit.log
• OpenShift Oauth API Server: /var/log/oauth-apiserver/audit.log
• OpenShift Oauth Server: /var/log/oauth-server/audit.log
• OVN network: /var/log/ovn/acl-audit-log.log

This is not correct as it's also observed in the  Logging > Log Collection and forwarding > Configuring log forwarding > About forwarding logs to third-party systems where it's said:

• audit. Audit logs generated by the node audit system, auditd, Kubernetes API server, OpenShift API server, and OVN network.

Then, it's not only the audit logs from `/var/log/audit/audit.log`. The audit logs collected  includes a list of different audit logs observed in the Issue 2.

 
Issue 2 

In Logging > Log Collection and forwarding > Configuring log forwarding > About forwarding logs to third-party systems is said:

• audit. Audit logs generated by the node audit system, auditd, Kubernetes API server, OpenShift API server, and OVN network.

This list is partial, because it's missing the OpenShift Oauth API server and OpenShift Oauth Server audit logs.