检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
Audit and Logging Audit Cloud Trace Service (CTS) is a log audit service intended for Huawei Cloud security. It allows you to collect, store, and query cloud resource operation records.
Release rollback, version iteration control, and audit and tracing are implemented. The required infrastructure status is automatically applied to the infrastructure without any manual intervention.
Centralized configuration delivery Configuration policies can be managed in a unified manner; tenant permissions are assigned by enterprise project; and there is a policy center that helps you audit resources to meet compliance requirements for multiple clusters running on different
You can audit resources to meet compliance requirements for multiple clusters running on different clouds, as UCS centrally manages security policies and resource access restrictions of each cluster.
Kubernetes Audit Logs Table 1 Kubernetes audit logs Log Type Component Log Stream Description Kubernetes audit logs audit audit-{{clusterID}} An audit log is a chronological record of user operations on Kubernetes APIs and control plane activities for security.
Logging Overview Enabling Logging Collecting Data Plane Logs Collecting Control Plane Component Logs Collecting Kubernetes Audit Logs Collecting Kubernetes Events Cloud Native Log Collection Using Direct Connect or VPN to Report Logs of On-Premises Clusters or Attached Clusters Parent
Collect control plane component logs and Kubernetes audit logs from master nodes and add them to the LTS log streams in your account. For details, see Collecting Control Plane Component Logs and Collecting Kubernetes Audit Logs.
Security Shared Responsibilities Authentication and Access Audit and Logging Risk Monitoring
Kubernetes audit logs: Kubernetes audit logs will be collected and reported to LTS. kube-apiserver logs: Logs of the kube-apiserver component on the control plane will be collected and reported to LTS. kube-controller-manager logs: Logs of the kube-controller-manager component on
Set the following parameters: Figure 1 Creating a policy instance Policy Definition: Select one from the 33 built-in policy definitions to configure resource audit rules for your clusters or fleets.
Kubernetes Audit Logs: displays all Kubernetes audit logs in the default log stream audit-{Cluster ID} of the default log group k8s-log-{Cluster ID}. Global Log Query: You can view logs in the log streams of all log groups. You can specify a log stream to view the logs.
