OpenShift audit logs in OSD and ROSA
Environment
- Red Hat OpenShift Service on AWS (ROSA) Classic
- 4
- Red Hat OpenShift Dedicated (OSD)
- 4
Issue
- How to get the audit logs from a Red Hat OpenShift Service on AWS (ROSA) or OpenShift Dedicated (OSD) cluster?
Resolution
For Red Hat OpenShift Service on AWS (ROSA) and OpenShift Dedicated (OSD) clusters deployed using the Customer Cloud Subscription (CCS) model can view the cluster audit logs as explained in the OSD documentation and ROSA documentation.
For OpenShift Dedicated (OSD) customers who are not using the Customer Cloud Subscription (CCS) model, you must request a copy of your cluster’s audit logs by contacting Red Hat Support. This is because viewing API server audit logs requires cluster-admin privileges.
Red Hat only retains cluster audit logs, it does not collect, aggregate, or forward application or infrastructure logs. To retain these logs, customers must configure OpenShift Logging or another similar tool.
As explained in the Logging section of the ROSA Service Definition and in the Logging section of the OSD Service Definition, it's possible to integrate ROSA and OSD clusters with AWS CloudWatch. To forward logs from a ROSA (STS) cluster, refer to the documentation for Installing Logging and Forwarding logs to Amazon CloudWatch from STS enabled clusters. To forward logs from a ROSA (IAM) or OSD cluster, refer to the documentation for Installing Logging and Forwarding logs to Amazon CloudWatch.
Root Cause
In Red Hat OpenShift Service on AWS (ROSA) or OpenShift Dedicated (OSD) clusters, customers can view cluster audit logs or forward them to an internal or external log aggregator using the OpenShift Logging operator.
This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.
Comments