Uploaded image for project: 'OpenShift Request For Enhancement'
  1. OpenShift Request For Enhancement
  2. RFE-4339

[RFE] Audit log filtering based on time

    XMLWordPrintable

Details

    • Feature Request
    • Resolution: Unresolved
    • Undefined
    • None
    • None
    • quay
    • False
    • None
    • False
    • Not Selected
    • x86_64
    • 0
    • 0% 0%

    Description

      The customer has a requirement to export Audit logs every 10 minutes to minimize the potential impact of rogue activites. They do not have a ElasticSearch or Splunk log store. The only option currently available is therefore a Quay API log scrape.

      The Quay API log scrape provides the necessary information however the customer cannot provide a time filter query to the API.

      For example
      https://github.com/quay/quay/blob/ed86a102ce0c619033714e0afe30a71a331465f4/endpoints/api/logs.py#L132

      (There are several other api audit logs endpoints where this needs to be updated)

      The starttime and endtime format only accept the following format "%m/%d/%Y".

      The customer is requesting the format be extended to "%m/%d/%Y HH:MM:SS".

      If the filter is amended the customer can then reguarly scrape on a cron for the last 10 minutes of audit records. 

      Currently the customer has to scrape all events from Midnight to the current time and then filter out audit logs that have already been captured. 

      Attachments

        Activity

          People

            DanielMesser Daniel Messer
            iwatson@redhat.com Ian Watson
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated: