Skip to main content

Audit Logs

Audit Logs manage three types of logs: Console, Kubernetes, and Keycloak.

Console Log​

  • Store log: Use the toggle switch to turn log storage on or off.
  • Include the payload: Toggle the switch to determine whether to store detailed resource information during log collection.
  • Resource types: Choose the resource types to collect from those managed within ZMP.
  • Retention period: Configure how long logs should be retained, using weeks, months, or years.
  • Processing after retention period: Specify the action to take after the retention period (Delete or Archive).
  • Execution time: Define the time at which log management tasks should run.

Keycloak Log​

  • Store log: Use the toggle switch to turn log storage on or off.
  • Include the payload: Toggle the switch to determine whether to store detailed resource information during log collection.
  • Resource types (admin): Choose resource types from the admin resources managed in Keycloak.
  • Resource types (user): Choose resource types from the user resources managed in Keycloak.
  • Retention period: Configure how long logs should be retained, using weeks, months, or years.
  • Processing after retention period: Specify the action to take after the retention period (Delete or Archive).
  • Execution time: Define the time at which log management tasks should run.

Kubernetes Log​

As ZCP is a multi-cluster management platform, Kubernetes logs require selecting the managed clusters and configuring settings individually for each one.

  • Store log: Use the toggle switch to turn log storage on or off.
  • Include the payload: Toggle the switch to determine whether to store detailed resource information during log collection.
  • Resource types: Choose the resource types to collect from those managed in Kubernetes.
  • Retention period: Configure how long logs should be retained, using weeks, months, or years.
  • Processing after retention period: Specify the action to take after the retention period (Delete or Archive).
  • Execution time: Define the time at which log management tasks should run.

Viewing Collected Audit Logs​

Audit logs can be viewed based on the configured settings.

  • No: Sequential number of the entry
  • Date Time: Date and time when the event occurred
  • Event Source: Source or origin of the event
  • User (Actor): Account that performed the action
  • Project: Project associated with the event
  • Resource: Type of resource involved
  • Action Type: Type or category of action performed
  • Request URI: URI path of the request
  • Response Code: HTTP response code returned
  • Action: Option to view event details

Filtering Logs​

Logs can be filtered using the following criteria:

  • Event Source: Choose from Console, Keycloak, or Kubernetes.
  • Start Date / End Date: Define the time range for the logs to be retrieved.

Viewing Detailed Audit Logs​

In addition to filtering, detailed audit log information can be accessed.

  • In the Audit Log menu, click the Action button beside the desired log entry to view more details.
  • Log details, including payload information in JSON or YAML format, will appear on the right side.
  • The Include Payload setting must be enabled for payload details to be visible.
  • Use the Copy button to duplicate the displayed payload data.