Enable MKE audit logging¶
Note
The enablement of auditing in MKE does not automatically enable auditing in
Kubernetes objects. To do this, you must set the
kube_api_server_auditing
parameter in the MKE configuration file to
true
.
Once you have set the kube_api_server_auditing
parameter to true
,
the following default auditing values are configured on the Kubernetes API
server:
--audit-log-maxage:
30
--audit-log-maxbackup:
10
--audit-log-maxsize:
10
For information on how to enable and configure the Kubernetes API server
audit values, refer to cluster_config
table detail in the MKE
configuration file.
You can enable MKE audit logging using the MKE web user interface, the MKE API, and the MKE configuration file.
Enable MKE audit logging using the web UI¶
Log in to the MKE web user interface.
Click admin to open the navigation menu at the left.
Click Admin Settings.
Click Logs & Audit Logs to open the Logs & Audit Logs details pane.
In the Configure Audit Log Level section, select the relevant logging level.
Click Save.
Enable MKE audit logging using the API¶
Download the MKE client bundle from the command line, as described in Download the client bundle.
Retrieve the JSON file for current audit log configuration:
export DOCKER_CERT_PATH=~/ucp-bundle-dir/ curl --cert ${DOCKER_CERT_PATH}/cert.pem --key ${DOCKER_CERT_PATH}/key.pem --cacert ${DOCKER_CERT_PATH}/ca.pem -k -X GET https://ucp-domain/api/ucp/config/logging > auditlog.json
In
auditlog.json
, edit theauditlevel
field tometadata
orrequest
:{ "logLevel": "INFO", "auditLevel": "metadata", "supportDumpIncludeAuditLogs": false }
Send the JSON request for the audit logging configuration with the same API path, but using the
PUT
method:curl --cert ${DOCKER_CERT_PATH}/cert.pem --key ${DOCKER_CERT_PATH}/key.pem --cacert ${DOCKER_CERT_PATH}/ca.pem -k -H "Content-Type: application/json" -X PUT --data $(cat auditlog.json) https://ucp-domain/api/ucp/config/logging
Enable MKE audit logging using the configuration file¶
You can enable MKE audit logging using the MKE configuration file before or after MKE installation.
The section of the MKE configuration file that controls MKE auditing
logging is [audit_log_configuration]
:
[audit_log_configuration]
level = "metadata"
support_dump_include_audit_logs = false
The level
setting supports the following variables:
""
"metadata"
"request"
Caution
The support_dump_include_audit_logs
flag specifies whether user
identification information from the ucp-controller
container logs is
included in the support bundle. To prevent this information from being sent
with the support bundle, verify that support_dump_include_audit_logs
is set to false
. When disabled, the support bundle collection tool
filters out any lines from the ucp-controller
container logs that
contain the substring auditID
.