Uploaded image for project: 'OpenShift Request For Enhancement'
  1. OpenShift Request For Enhancement
  2. RFE-4473

[RFE] Filtering audit logs by fields before sending them to external


    • False
    • None
    • False
    • Not Selected
    • 0
    • 0% 0%

      1. Proposed title of this feature request

      Filtering audit logs by fields before sending them to external 

      2. What is the nature and description of the request? Customers want to add an additional feature to ongoing RFE https://issues.redhat.com/browse/OBSDA-344 Audit logs filtering by fields for example:
      objectRef.resource=pod and user.username!=system:*
      all events relating to pods, but not generated by k8s itself are forwarded to Splunk. 
      They want to fully customization on filter audit logs by fields.
      RHOCP Version 4.12
      3. Why does the customer need this? (List the business requirements here)
      The amount of generating logs is significant for audit logs which if stored in Splunk will cause significant charges for storage to the customer. So only relevant logs should be forwarded instead of all audit logs.
      4. List any affected packages or components.

            jamparke@redhat.com Jamie Parker
            rhn-support-kirpatil Kiran Patil
            1 Vote for this issue
            3 Start watching this issue
