Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Forwarding audit logs to falco from an AKS cluster using sysdiglabs/aks-audit-log #1702

Closed
thomas-goulet opened this issue Aug 9, 2021 · 1 comment · Fixed by #1800
Closed

Forwarding audit logs to falco from an AKS cluster using sysdiglabs/aks-audit-log #1702

thomas-goulet opened this issue Aug 9, 2021 · 1 comment · Fixed by #1800
Labels
kind/bug

Comments

@thomas-goulet
Copy link

thomas-goulet commented Aug 9, 2021
edited
Loading

Bug

When trying to forward AKS audit logs to a falco instance using the setup from sysdiglabs/aks-audit-log the logs indicate all POST requests fail with a 400 code.

**Error sending POST, retry 1, result: [BadRequest] System.Net.Http.HttpConnectionResponseContent

Problem

The issue is that the falco webserver only accepts requests with the header application/json while the audit log forwarder sends requests with the header application/json; charset=utf-8. See webserver.cpp

The webserver.cpp file should be modified to accept encoding values in the request headers.

Related issue : sysdiglabs/aks-audit-log#4
@jemag
Copy link

jemag commented Sep 28, 2021

I think this is a minor change that would help facilitate the auditing of AKS API server logs by using https://github.com/sysdiglabs/aks-audit-log directly, instead of having users maintain a fork modifying the header.

@FedeDP FedeDP mentioned this issue Nov 19, 2021
Merged
This was referenced Jan 3, 2022
Closed
Closed
@jemag jemag mentioned this issue Dec 12, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/bug
Projects
None yet
Milestone
No milestone
2 participants
@jemag @thomas-goulet