Enable MKE audit logging¶
You can enable MKE audit logging using the MKE web user interface, the MKE API, and the MKE configuration file.
Enable MKE audit logging using the web UI¶
Log in to the MKE web user interface.
Click admin to open the navigation menu at the left.
Click Admin Settings.
Click Logs & Audit Logs to open the Logs & Audit Logs details pane.
In the Configure Audit Log Level section, select the relevant logging level.
Click Save.
Enable MKE audit logging using the API¶
Download the MKE client bundle from the command line, as described in Download the client bundle.
Retrieve the JSON file for current audit log configuration:
export DOCKER_CERT_PATH=~/ucp-bundle-dir/ curl --cert ${DOCKER_CERT_PATH}/cert.pem --key ${DOCKER_CERT_PATH}/key.pem --cacert ${DOCKER_CERT_PATH}/ca.pem -k -X GET https://ucp-domain/api/ucp/config/logging > auditlog.json
In
auditlog.json
, edit theauditlevel
field tometadata
orrequest
:{ "logLevel": "INFO", "auditLevel": "metadata", "supportDumpIncludeAuditLogs": false }
Send the JSON request for the audit logging configuration with the same API path, but using the
PUT
method:curl --cert ${DOCKER_CERT_PATH}/cert.pem --key ${DOCKER_CERT_PATH}/key.pem --cacert ${DOCKER_CERT_PATH}/ca.pem -k -H "Content-Type: application/json" -X PUT --data $(cat auditlog.json) https://ucp-domain/api/ucp/config/logging
Enable MKE audit logging using the configuration file¶
You can enable MKE audit logging using the MKE configuration file before or after MKE installation.
The section of the MKE configuration file that controls MKE auditing
logging is [audit_log_configuration]
:
[audit_log_configuration]
level = "metadata"
support_dump_include_audit_logs = false
The level
setting supports the following variables:
""
"metadata"
"request"
Caution
The support_dump_include_audit_logs
flag specifies whether user
identification information from the ucp-controller
container logs is
included in the support bundle. To prevent this information from being sent
with the support bundle, verify that support_dump_include_audit_logs
is set to false
. When disabled, the support bundle collection tool
filters out any lines from the ucp-controller
container logs that
contain the substring auditID
.