Bug 1867687
| Summary: | Changed location of some audit logs in 4.6 | ||
|---|---|---|---|
| Product: | OpenShift Container Platform | Reporter: | Alan Conway <aconway> |
| Component: | Logging | Assignee: | Jeff Cantrill <jcantril> |
| Status: | CLOSED ERRATA | QA Contact: | Anping Li <anli> |
| Severity: | urgent | Docs Contact: | |
| Priority: | urgent | ||
| Version: | 4.6 | CC: | aos-bugs |
| Target Milestone: | --- | ||
| Target Release: | 4.6.0 | ||
| Hardware: | All | ||
| OS: | All | ||
| Whiteboard: | logging-core | ||
| Fixed In Version: | Doc Type: | No Doc Update | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2020-10-27 15:09:55 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Alan Conway
2020-08-10 14:20:11 UTC
Verified on clusterlogging.4.6.0-202008262209.p0
#cat fluent.conf |grep 'type tail' -A 3
@type tail
@id container-input
path "/var/log/containers/*.log"
exclude_path ["/var/log/containers/fluentd-*_openshift-logging_*.log", "/var/log/containers/elasticsearch-*_openshift-logging_*.log", "/var/log/containers/kibana-*_openshift-logging_*.log"]
--
@type tail
@id audit-input
@label @INGRESS
path "#{ENV['AUDIT_FILE'] || '/var/log/audit/audit.log'}"
--
@type tail
@id k8s-audit-input
@label @INGRESS
path "#{ENV['K8S_AUDIT_FILE'] || '/var/log/kube-apiserver/audit.log'}"
--
@type tail
@id openshift-audit-input
@label @INGRESS
path /var/log/oauth-apiserver/audit.log,/var/log/openshift-apiserver/audit.log
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (OpenShift Container Platform 4.6.1 extras update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2020:4198 |