Red Hat SummitThis documentation is for a release that is no longer maintained
See documentation for the latest supported version.Este contenido no está disponible en el idioma seleccionado.
Chapter 9. Audit logs in Red Hat Developer Hub
Audit logs are a chronological set of records documenting the user activities, system events, and data changes that affect your Red Hat Developer Hub users, administrators, or components. Administrators can view Developer Hub audit logs in the OpenShift Container Platform web console to monitor scaffolder events, changes to the RBAC system, and changes to the Catalog database. Audit logs include the following information:
- Name of the audited event
- Actor that triggered the audited event, for example, terminal, port, IP address, or hostname
- Event metadata, for example, date, time
-
Event status, for example,
success,failure -
Severity levels, for example,
info,debug,warn,error
You can use the information in the audit log to achieve the following goals:
- Enhance security
- Trace activities, including those initiated by automated systems and software templates, back to their source. Know when software templates are executed, as well as the details of application and component installations, updates, configuration changes, and removals.
- Automate compliance
- Use streamlined processes to view log data for specified points in time for auditing purposes or continuous compliance maintenance.
- Debug issues
- Use access records and activity details to fix issues with software templates or plugins.
Audit logs are not forwarded to the internal log store by default because this does not provide secure storage. You are responsible for ensuring that the system to which you forward audit logs is compliant with your organizational and governmental regulations, and is properly secured.
9.1. Configuring audit logs for Developer Hub on OpenShift Container Platform
Use the OpenShift Container Platform web console to configure the following OpenShift Container Platform logging components to use audit logging for Developer Hub:
- Logging deployment
- Configure the logging environment, including both the CPU and memory limits for each logging component. For more information, see Red Hat OpenShift Container Platform - Configuring your Logging deployment.
- Logging collector
-
Configure the
spec.collectionstanza in theClusterLoggingcustom resource (CR) to use a supported modification to the log collector and collect logs fromSTDOUT. For more information, see Red Hat OpenShift Container Platform - Configuring the logging collector. - Log forwarding
-
Send logs to specific endpoints inside and outside your OpenShift Container Platform cluster by specifying a combination of outputs and pipelines in a
ClusterLogForwarderCR. For more information, see Red Hat OpenShift Container Platform - Enabling JSON log forwarding and Red Hat OpenShift Container Platform - Configuring log forwarding.
9.2. Viewing audit logs in Developer Hub
Administrators can view, search, filter, and manage the log data from the Red Hat OpenShift Container Platform web console. You can filter audit logs from other log types by using the isAuditLog field.
Prerequisites
- You are logged in as an administrator in the OpenShift Container Platform web console.
Procedure
- From the Developer perspective of the OpenShift Container Platform web console, click the Topology tab.
- From the Topology view, click the pod that you want to view audit log data for.
- From the pod panel, click the Resources tab.
- From the Pods section of the Resources tab, click View logs.
-
From the Logs view, enter
isAuditLoginto the Search field to filter audit logs from other log types. You can use the arrows to browse the logs containing theisAuditLogfield.
9.2.1. Audit log fields
Developer Hub audit logs can include the following fields:
eventName- The name of the audited event.
actorAn object containing information about the actor that triggered the audited event. Contains the following fields:
actorId-
The name/id/
entityRefof the associated user or service. Can benullif an unauthenticated user accesses the endpoints and the default authentication policy is disabled. ip- The IP address of the actor (optional).
hostname- The hostname of the actor (optional).
client- The user agent of the actor (optional).
stage-
The stage of the event at the time that the audit log was generated, for example,
initiationorcompletion. status-
The status of the event, for example,
succeededorfailed. meta-
An optional object containing event specific data, for example,
taskId. requestAn optional field that contains information about the HTTP request sent to an endpoint. Contains the following fields:
method- The HTTP method of the request.
query-
The
queryfields of the request. params-
The
paramsfields of the request. body-
The request
body. Thesecretsprovided when creating a task are redacted and appear as*. url- The endpoint URL of the request.
responseAn optional field that contains information about the HTTP response sent from an endpoint. Contains the following fields:
status- The status code of the HTTP response.
body- The contents of the request body.
isAuditLog-
A flag set to
trueto differentiate audit logs from other log types. errors-
A list of errors containing the
name,messageand potentially thestackfield of the error. Only appears whenstatusisfailed.
9.2.2. Scaffolder events
Developer Hub audit logs can include the following scaffolder events:
ScaffolderParameterSchemaFetch-
Tracks
GETrequests to the/v2/templates/:namespace/:kind/:name/parameter-schemaendpoint which return template parameter schemas ScaffolderInstalledActionsFetch-
Tracks
GETrequests to the/v2/actionsendpoint which grabs the list of installed actions ScaffolderTaskCreation-
Tracks
POSTrequests to the/v2/tasksendpoint which creates tasks that the scaffolder executes ScaffolderTaskListFetch-
Tracks
GETrequests to the/v2/tasksendpoint which fetches details of all tasks in the scaffolder. ScaffolderTaskFetch-
Tracks
GETrequests to the/v2/tasks/:taskIdendpoint which fetches details of a specified task:taskId ScaffolderTaskCancellation-
Tracks
POSTrequests to the/v2/tasks/:taskId/cancelendpoint which cancels a running task ScaffolderTaskStream-
Tracks
GETrequests to the/v2/tasks/:taskId/eventstreamendpoint which returns an event stream of the task logs of task:taskId ScaffolderTaskEventFetch-
Tracks
GETrequests to the/v2/tasks/:taskId/eventsendpoint which returns a snapshot of the task logs of task:taskId ScaffolderTaskDryRun-
Tracks
POSTrequests to the/v2/dry-runendpoint which creates a dry-run task. All audit logs for events associated with dry runs have themeta.isDryLogflag set totrue. ScaffolderStaleTaskCancellation- Tracks automated cancellation of stale tasks
ScaffolderTaskExecution-
Tracks the
initiationandcompletionof a real scaffolder task execution (will not occur during dry runs) ScaffolderTaskStepExecution-
Tracks
initiationandcompletionof a scaffolder task step execution ScaffolderTaskStepSkip-
Tracks steps skipped due to
ifconditionals not being met ScaffolderTaskStepIteration-
Tracks the step execution of each iteration of a task step that contains the
eachfield.
9.2.3. Catalog events
Developer Hub audit logs can include the following catalog events:
CatalogEntityAncestryFetch-
Tracks
GETrequests to the/entities/by-name/:kind/:namespace/:name/ancestryendpoint, which returns the ancestry of an entity CatalogEntityBatchFetch-
Tracks
POSTrequests to the/entities/by-refsendpoint, which returns a batch of entities CatalogEntityDeletion-
Tracks
DELETErequests to the/entities/by-uid/:uidendpoint, which deletes an entity
If the parent location of the deleted entity is still present in the catalog, then the entity is restored in the catalog during the next processing cycle.
CatalogEntityFacetFetch-
Tracks
GETrequests to the/entity-facetsendpoint, which returns the facets of an entity CatalogEntityFetch-
Tracks
GETrequests to the/entitiesendpoint, which returns a list of entities CatalogEntityFetchByName-
Tracks
GETrequests to the/entities/by-name/:kind/:namespace/:nameendpoint, which returns an entity matching the specified entity reference, for example,<kind>:<namespace>/<name> CatalogEntityFetchByUid-
Tracks
GETrequests to the/entities/by-uid/:uidendpoint, which returns an entity matching the unique ID of the specified entity CatalogEntityRefresh-
Tracks
POSTrequests to the/entities/refreshendpoint, which schedules the specified entity to be refreshed CatalogEntityValidate-
Tracks
POSTrequests to the/entities/validateendpoint, which validates the specified entity CatalogLocationCreation-
Tracks
POSTrequests to the/locationsendpoint, which creates a location
A location is a marker that references other places to look for catalog data.
CatalogLocationAnalyze-
Tracks
POSTrequests to the/locations/analyzeendpoint, which analyzes the specified location CatalogLocationDeletion-
Tracks
DELETErequests to the/locations/:idendpoint, which deletes a location and all child entities associated with it CatalogLocationFetch-
Tracks
GETrequests to the/locationsendpoint, which returns a list of locations CatalogLocationFetchByEntityRef-
Tracks
GETrequests to the/locations/by-entityendpoint, which returns a list of locations associated with the specified entity reference CatalogLocationFetchById-
Tracks
GETrequests to the/locations/:idendpoint, which returns a location matching the specified location ID QueriedCatalogEntityFetch-
Tracks
GETrequests to the/entities/by-queryendpoint, which returns a list of entities matching the specified query
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}