Audit log profiles define how to log requests that come to the OpenShift API server, Kubernetes API server, OpenShift OAuth API server, and OpenShift OAuth server.
{product-title} provides the following predefined audit policy profiles:
Profile | Description | ||
---|---|---|---|
|
Logs only metadata for read and write requests; does not log request bodies except for OAuth access token requests. This is the default policy. |
||
|
In addition to logging metadata for all requests, logs request bodies for every write request to the API servers ( |
||
|
In addition to logging metadata for all requests, logs request bodies for every read and write request to the API servers ( |
||
|
No requests are logged; even OAuth access token requests and OAuth authorize token requests are not logged.
|
-
Sensitive resources, such as
Secret
,Route
, andOAuthClient
objects, are only ever logged at the metadata level. OpenShift OAuth server events are only ever logged at the metadata level.
By default, {product-title} uses the Default
audit log profile. You can use another audit policy profile that also logs request bodies, but be aware of the increased resource usage (CPU, memory, and I/O).