Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

A way to ingest audit logs from kubernetes apiserver #60

Open
jorotg opened this issue Feb 15, 2021 · 2 comments
Open

A way to ingest audit logs from kubernetes apiserver #60

jorotg opened this issue Feb 15, 2021 · 2 comments

Comments

@jorotg
Copy link

jorotg commented Feb 15, 2021

Hi guys,

We use fluentd-elasticsearch helm chart in our environment. I tried to add filter to collect audit logs from kube apiserver but for some reason I can't see them in Kibana. My configuration in templates/configmaps.yaml is:

<source>
      @id kube-apiserver-audit.log
      @type tail
      format json
      path /var/log/apiserver/audit.log
      pos_file /var/log/apiserver/audit.log.pos
      time_key timestamp
      time_format %Y-%m-%dT%H:%M:%SZ
      tag kube-apiserver-audit
 </source>

which doesn't seem to work.
@NelsonJeppesen
Copy link

NelsonJeppesen commented Feb 23, 2021
edited
Loading

@jorotg Maybe not what you're looking for but what I did was output audit logs to stdout from apiserver. Then fluentd pulls it in just like any other pod logs

As configured with kops

  kubeAPIServer:
    # Log audit log to stdout for fluentd
    auditLogPath: "-"

@jorotg
Copy link
Author

jorotg commented Feb 23, 2021

Thank you Nelson! Most likely I'm going to use your approach too.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jorotg @NelsonJeppesen