Chapter 3. Viewing audit logs in Developer Hub


Administrators can view, search, filter, and manage the log data from the Red Hat OpenShift Container Platform web console. You can filter audit logs from other log types by using the isAuditLog field.

Prerequisites

  • You are logged in as an administrator in the OpenShift Container Platform web console.

Procedure

  1. From the Developer perspective of the OpenShift Container Platform web console, click the Topology tab.
  2. From the Topology view, click the pod that you want to view audit log data for.
  3. From the pod panel, click the Resources tab.
  4. From the Pods section of the Resources tab, click View logs.
  5. From the Logs view, enter isAuditLog into the Search field to filter audit logs from other log types. You can use the arrows to browse the logs containing the isAuditLog field.

3.1. Audit log fields

Developer Hub audit logs can include the following fields:

eventName
The name of the audited event.
actor

An object containing information about the actor that triggered the audited event. Contains the following fields:

actorId
The name/id/entityRef of the associated user or service. Can be null if an unauthenticated user accesses the endpoints and the default authentication policy is disabled.
ip
The IP address of the actor (optional).
hostname
The hostname of the actor (optional).
client
The user agent of the actor (optional).
stage
The stage of the event at the time that the audit log was generated, for example, initiation or completion.
status
The status of the event, for example, succeeded or failed.
meta
An optional object containing event specific data, for example, taskId.
request

An optional field that contains information about the HTTP request sent to an endpoint. Contains the following fields:

method
The HTTP method of the request.
query
The query fields of the request.
params
The params fields of the request.
body
The request body. The secrets provided when creating a task are redacted and appear as *.
url
The endpoint URL of the request.
response

An optional field that contains information about the HTTP response sent from an endpoint. Contains the following fields:

status
The status code of the HTTP response.
body
The contents of the request body.
isAuditLog
A flag set to true to differentiate audit logs from other log types.
errors
A list of errors containing the name, message and potentially the stack field of the error. Only appears when status is failed.

3.2. Scaffolder events

Developer Hub audit logs can include the following scaffolder events:

ScaffolderParameterSchemaFetch
Tracks GET requests to the /v2/templates/:namespace/:kind/:name/parameter-schema endpoint which return template parameter schemas
ScaffolderInstalledActionsFetch
Tracks GET requests to the /v2/actions endpoint which grabs the list of installed actions
ScaffolderTaskCreation
Tracks POST requests to the /v2/tasks endpoint which creates tasks that the scaffolder executes
ScaffolderTaskListFetch
Tracks GET requests to the /v2/tasks endpoint which fetches details of all tasks in the scaffolder.
ScaffolderTaskFetch
Tracks GET requests to the /v2/tasks/:taskId endpoint which fetches details of a specified task :taskId
ScaffolderTaskCancellation
Tracks POST requests to the /v2/tasks/:taskId/cancel endpoint which cancels a running task
ScaffolderTaskStream
Tracks GET requests to the /v2/tasks/:taskId/eventstream endpoint which returns an event stream of the task logs of task :taskId
ScaffolderTaskEventFetch
Tracks GET requests to the /v2/tasks/:taskId/events endpoint which returns a snapshot of the task logs of task :taskId
ScaffolderTaskDryRun
Tracks POST requests to the /v2/dry-run endpoint which creates a dry-run task. All audit logs for events associated with dry runs have the meta.isDryLog flag set to true.
ScaffolderStaleTaskCancellation
Tracks automated cancellation of stale tasks
ScaffolderTaskExecution
Tracks the initiation and completion of a real scaffolder task execution (will not occur during dry runs)
ScaffolderTaskStepExecution
Tracks initiation and completion of a scaffolder task step execution
ScaffolderTaskStepSkip
Tracks steps skipped due to if conditionals not being met
ScaffolderTaskStepIteration
Tracks the step execution of each iteration of a task step that contains the each field.

3.3. Catalog events

Developer Hub audit logs can include the following catalog events:

CatalogEntityAncestryFetch
Tracks GET requests to the /entities/by-name/:kind/:namespace/:name/ancestry endpoint, which returns the ancestry of an entity
CatalogEntityBatchFetch
Tracks POST requests to the /entities/by-refs endpoint, which returns a batch of entities
CatalogEntityDeletion
Tracks DELETE requests to the /entities/by-uid/:uid endpoint, which deletes an entity
Note

If the parent location of the deleted entity is still present in the catalog, then the entity is restored in the catalog during the next processing cycle.

CatalogEntityFacetFetch
Tracks GET requests to the /entity-facets endpoint, which returns the facets of an entity
CatalogEntityFetch
Tracks GET requests to the /entities endpoint, which returns a list of entities
CatalogEntityFetchByName
Tracks GET requests to the /entities/by-name/:kind/:namespace/:name endpoint, which returns an entity matching the specified entity reference, for example, <kind>:<namespace>/<name>
CatalogEntityFetchByUid
Tracks GET requests to the /entities/by-uid/:uid endpoint, which returns an entity matching the unique ID of the specified entity
CatalogEntityRefresh
Tracks POST requests to the /entities/refresh endpoint, which schedules the specified entity to be refreshed
CatalogEntityValidate
Tracks POST requests to the /entities/validate endpoint, which validates the specified entity
CatalogLocationCreation
Tracks POST requests to the /locations endpoint, which creates a location
Note

A location is a marker that references other places to look for catalog data.

CatalogLocationAnalyze
Tracks POST requests to the /locations/analyze endpoint, which analyzes the specified location
CatalogLocationDeletion
Tracks DELETE requests to the /locations/:id endpoint, which deletes a location and all child entities associated with it
CatalogLocationFetch
Tracks GET requests to the /locations endpoint, which returns a list of locations
CatalogLocationFetchByEntityRef
Tracks GET requests to the /locations/by-entity endpoint, which returns a list of locations associated with the specified entity reference
CatalogLocationFetchById
Tracks GET requests to the /locations/:id endpoint, which returns a location matching the specified location ID
QueriedCatalogEntityFetch
Tracks GET requests to the /entities/by-query endpoint, which returns a list of entities matching the specified query
Red Hat logoGithubRedditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

© 2024 Red Hat, Inc.