Bug 1654515 - Best practices or recommendations on OCP logging for production environments
Summary: Best practices or recommendations on OCP logging for production environments
Keywords:
Status: CLOSED EOL
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Documentation
Version: 3.2.0
Hardware: x86_64
OS: Linux
high
medium
Target Milestone: ---
: 4.1.0
Assignee: Vikram Goyal
QA Contact: Xiaoli Tian
Vikram Goyal
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2018-11-28 23:34 UTC by Sam Yangsao
Modified: 2019-09-09 17:33 UTC (History)
7 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2019-08-10 06:40:27 UTC
Target Upstream Version:
scuppett: needinfo-


Attachments (Terms of Use)

Comment 2 Stephen Cuppett 2018-11-29 01:26:12 UTC
Reassigning to the master team. This bug is for best practices/settings capturing kubelet and master API logs + auditing, not the elasticsearch logging component.

Comment 4 Stephen Cuppett 2018-11-30 13:13:56 UTC
In all cases/versions, the logging levels set by default represents the levels desired to identify error conditions within the software and the time they occur. Existing serviceability tools (sosreports) collect the required payloads for reporting issues to engineering.

Prior to 3.7, it is generally recommended to keep audit logging disabled. There is no mechanism to filter the audit log to particular usage patterns (external actors, etc.). Depending on the amount of output generated here for a particular cluster workload, enabling or disabling the audit log is an installation by installation decision.

After 3.7, it is possible to enable audit logging for external usages of the API only. It is documented in 3.7+ [1]. This may or may not be desirable depending on the patterns of interaction with the cluster and any historical issues which may exist for the organization.

We should follow up with specific recommendations on a case by case basis via CEE.

1 - https://access.redhat.com/documentation/en-us/openshift_container_platform/3.7/html-single/installation_and_configuration/#master-node-config-advanced-audit.

Comment 10 Stephen Cuppett 2018-12-04 16:17:40 UTC
For 4.0, we should identify a brief meaning behind the numerical logging levels and identify the default to provide an idea the additional levels of output that will be received.

In 4.0, audit logging is enabled by default. We should identify how it can be filtered and under what situations you might want to filter it or disable it entirely (and how). This is likely the opposite of what is currently documented.

Comment 11 Maciej Szulik 2018-12-07 13:41:11 UTC
> In 4.0, audit logging is enabled by default. We should identify how it can be filtered and under what situations you might want to filter it or disable it entirely (and how). This is likely the opposite of what is currently documented.

I agree about a doc describing how to disable it. As for filtering we need thorough docs (with examples) and explanation of the default policy we need to create (see https://jira.coreos.com/browse/MSTR-264). That should provide sufficient information for any administrator to confidently update their policy.


Note You need to log in before you can comment on or make changes to this bug.