Audit Logs
Audit Logs manage three types of logs: Console, Kubernetes, and Keycloak.
Console Log​
- Store log: Use the toggle switch to turn log storage on or off.
- Include the payload: Toggle the switch to determine whether to store detailed resource information during log collection.
- Resource types: Choose the resource types to collect from those managed within ZMP.
- Retention period: Configure how long logs should be retained, using weeks, months, or years.
- Processing after retention period: Specify the action to take after the retention period (Delete or Archive).
- Execution time: Define the time at which log management tasks should run.
Keycloak Log​
- Store log: Use the toggle switch to turn log storage on or off.
- Include the payload: Toggle the switch to determine whether to store detailed resource information during log collection.
- Resource types (admin): Choose resource types from the admin resources managed in Keycloak.
- Resource types (user): Choose resource types from the user resources managed in Keycloak.
- Retention period: Configure how long logs should be retained, using weeks, months, or years.
- Processing after retention period: Specify the action to take after the retention period (Delete or Archive).
- Execution time: Define the time at which log management tasks should run.
Kubernetes Log​
As ZCP is a multi-cluster management platform, Kubernetes logs require selecting the managed clusters and configuring settings individually for each one.
- Store log: Use the toggle switch to turn log storage on or off.
- Include the payload: Toggle the switch to determine whether to store detailed resource information during log collection.
- Resource types: Choose the resource types to collect from those managed in Kubernetes.
- Retention period: Configure how long logs should be retained, using weeks, months, or years.
- Processing after retention period: Specify the action to take after the retention period (Delete or Archive).
- Execution time: Define the time at which log management tasks should run.
Viewing Collected Audit Logs​
Audit logs can be viewed based on the configured settings.
| Column Name | Description |
|---|---|
| No | Sequential number |
| Date Time | Timestamp of the event |
| Event Source | Origin of the event |
| User (Actor) | Account associated with the action |
| Project | Related project details |
| Resource | Type of resource affected |
| Action Type | Category of the action performed |
| Request URI | Path of the request URI |
| Response Code | HTTP response code |
| Action | Option to view details |
Filtering Logs​
Logs can be filtered using the following criteria:
- Event Source: Choose from Console, Keycloak, or Kubernetes.
- Start Date / End Date: Define the time range for the logs to be retrieved.
Viewing Detailed Audit Logs​
In addition to filtering, detailed audit log information can be accessed.
- In the Audit Log menu, click the Action button beside the desired log entry to view more details.
- Log details, including payload information in JSON or YAML format, will appear on the right side.
- The Include Payload setting must be enabled for payload details to be visible.
- Use the Copy button to duplicate the displayed payload data.
