5. Configuring Audit Log Collection
Configuring Audit Log Collection
Audit Logs manage three types of logs: Console, Kubernetes, and Keycloak.
Console Log
- Store log: Toggle the switch to enable or disable log storage.
- Include the payload: Toggle the switch to decide whether to store detailed information of resources during log collection.
- Resource types: Select the resource types to collect from the resources managed in ZMP.
- Retention period: Set the log retention period. It can be configured in weeks, months, or years.
- Processing after retention period: Define the policy for logs after the set retention period (Delete or Archive).
- Execution time: Set the time to execute management tasks for the retention period.
Keycloak Log
- Store log: Toggle the switch to enable or disable log storage.
- Include the payload: Toggle the switch to decide whether to store detailed information of resources during log collection.
- Resource types (admin): Select the resource types to collect from the admin resources managed in Keycloak.
- Resource types (user): Select the resource types to collect from the user resources managed in Keycloak.
- Retention period: Set the log retention period. It can be configured in weeks, months, or years.
- Processing after retention period: Define the policy for logs after the set retention period (Delete or Archive).
- Execution time: Set the time to execute management tasks for the retention period.
Kubernetes Log
ZMP is a multi-cluster management platform, and for Kubernetes logs, you need to select the managed clusters and configure settings for each cluster individually.
- Store log: Toggle the switch to enable or disable log storage.
- Include the payload: Toggle the switch to decide whether to store detailed information of resources during log collection.
- Resource types: Select the resource types to collect from the resources managed in Kubernetes.
- Retention period: Set the log retention period. It can be configured in weeks, months, or years.
- Processing after retention period: Define the policy for logs after the set retention period (Delete or Archive).
- Execution time: Set the time to execute management tasks for the retention period.
Viewing Collected Audit Logs
You can view the audit logs collected based on the configured settings.
| Column Name | Description |
|---|---|
| No | Sequence number |
| Date Time | Time of the event |
| Event Source | Source of the event |
| User (Actor) | Account information of the actor |
| Project | Project information |
| Resource | Type of resource |
| Action Type | Type of action |
| Request URI | Request URI path |
| Response Code | Response code |
| Action | View details |
Filtering Logs
You can filter logs using the following three criteria:
- Event source: Select the event source from Console, Keycloak, or Kubernetes.
- Start date / End date: Set the start and end dates for the time range.
Viewing Detailed Audit Logs
In addition to the list view filters, you can view detailed information for the selected audit logs.
- In the Audit Log menu, click the Action button on the right of the list to view details.
- Clicking the button will display log details on the right side, including payload information in JSON or YAML format.
- To view detailed payloads, the Include the payload option must be enabled in the Audit Log settings.
- The displayed payload can be copied using the Copy button.