5. Configuring Audit Log Collection
Configuring Audit Log Collection​
Audit Logs manage three types of logs: Console, Kubernetes, and Keycloak.
Console Log​
- Store log: Toggle the switch to enable or disable log storage.
- Include the payload: Toggle the switch to decide whether to store detailed information of resources during log collection.
- Resource types: Select the resource types to collect from the resources managed in ZMP.
- Retention period: Set the log retention period. It can be configured in weeks, months, or years.
- Processing after retention period: Define the policy for logs after the set retention period (Delete or Archive).
- Execution time: Set the time to execute management tasks for the retention period.
Keycloak Log​
- Store log: Toggle the switch to enable or disable log storage.
- Include the payload: Toggle the switch to decide whether to store detailed information of resources during log collection.
- Resource types (admin): Select the resource types to collect from the admin resources managed in Keycloak.
- Resource types (user): Select the resource types to collect from the user resources managed in Keycloak.
- Retention period: Set the log retention period. It can be configured in weeks, months, or years.
- Processing after retention period: Define the policy for logs after the set retention period (Delete or Archive).
- Execution time: Set the time to execute management tasks for the retention period.
Kubernetes Log​
ZMP is a multi-cluster management platform, and for Kubernetes logs, you need to select the managed clusters and configure settings for each cluster individually.
- Store log: Toggle the switch to enable or disable log storage.
- Include the payload: Toggle the switch to decide whether to store detailed information of resources during log collection.
- Resource types: Select the resource types to collect from the resources managed in Kubernetes.
- Retention period: Set the log retention period. It can be configured in weeks, months, or years.
- Processing after retention period: Define the policy for logs after the set retention period (Delete or Archive).
- Execution time: Set the time to execute management tasks for the retention period.
Viewing Collected Audit Logs​
You can view the audit logs collected based on the configured settings.
| Column Name | Description |
|---|---|
| No | Sequence number |
| Date Time | Time of the event |
| Event Source | Source of the event |
| User (Actor) | Account information of the actor |
| Project | Project information |
| Resource | Type of resource |
| Action Type | Type of action |
| Request URI | Request URI path |
| Response Code | Response code |
| Action | View details |
Filtering Logs​
You can filter logs using the following three criteria:
- Event source: Select the event source from Console, Keycloak, or Kubernetes.
- Start date / End date: Set the start and end dates for the time range.
Viewing Detailed Audit Logs​
In addition to the list view filters, you can view detailed information for the selected audit logs.
- In the Audit Log menu, click the Action button on the right of the list to view details.
- Clicking the button will display log details on the right side, including payload information in JSON or YAML format.
- To view detailed payloads, the Include the payload option must be enabled in the Audit Log settings.
- The displayed payload can be copied using the Copy button.