Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support for Kubernetes audit logs json format #519

Open
hmalinov opened this issue Dec 11, 2020 · 4 comments
Open

Support for Kubernetes audit logs json format #519

hmalinov opened this issue Dec 11, 2020 · 4 comments
Labels
enhancement

Comments

@hmalinov
Copy link

The Kubernetes audit logs support two formats:

--audit-log-format string     Default: "json"
  | Format of saved audits. "legacy" indicates 1-line text format for each event. "json" indicates structured json format. Known formats are legacy,json.

The default format these days is json. However the parsing defined in kubernetes.conf is for legacy format.
Could you please add or replace the current parsing with a json one like below ?

<source>
  @type tail
  @id in_tail_kube_apiserver_audit
  multiline_flush_interval 5s
  path /var/log/kubernetes/kube-apiserver-audit.log
  pos_file /var/log/kube-apiserver-audit.log.pos
  tag kube-apiserver-audit
  <parse>
    @type json
    keep_time_key true
    time_key timestamp
    time_format %Y-%m-%dT%T.%L%Z
  </parse>
</source>
@GerkinDev
Copy link
Contributor

Bump. It's quite boring to have to edit kube-apiserver flags from manifests.

This was referenced Feb 4, 2021
Closed
Merged
@github-actions
Copy link

github-actions bot commented May 5, 2021

This issue has been automatically marked as stale because it has been open 90 days with no activity. Remove stale label or comment or this issue will be closed in 30 days

@github-actions github-actions bot added the stale label May 5, 2021
@GerkinDev
Copy link
Contributor

Bump. Could something be done about #534 addressing this need?

@github-actions github-actions bot removed the stale label May 6, 2021
@willianmga
Copy link

just checking if a solution for this has been released?

still getting [in_tail_kube_apiserver_audit] got incomplete line before first line from /var/log/kubernetes/kube-apiserver-audit.log when fluentd reads audit logs

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@cosmo0920 @hmalinov @GerkinDev @willianmga