Help Center> Cloud Container Engine> User Guide> User Guide for Standard and Turbo Clusters> Observability> Logging> Collecting Kubernetes Audit Logs
Updated on 2024-01-29 GMT+08:00
View PDF

Collecting Kubernetes Audit Logs

CCE supports logging for master nodes. On the Control Plane Audit Logs tab of Logging, you can determine whether to report Kubernetes audit logs to LTS.

Constraints

  • The cluster version must be v1.21.7-r0 or later, v1.23.5-r0 or later, or 1.25.
  • There is required LTS resource quota. For details about the default LTS quota, see Basic Resources.

Kubernetes Audit Logs

Table 1 Kubernetes audit logs

Log Type

Component

Log Stream

Description

Control plane audit logs

audit

audit-{{clusterID}}

An audit log is a chronological record of user operations on Kubernetes APIs and control plane activities for security.

Enabling Control Plane Audit Logging

Enabling control plane audit logging during cluster creation

  1. Log in to the CCE console.
  2. From the top menu, click Buy Cluster and select a cluster type.
  3. On the Add-on Configuration page, check the box of Enable logging for Control Plane Audit Logs.

Enabling control plane audit logging for an existing cluster

  1. Log in to the CCE console and click the cluster name to access the details page. In the navigation pane, choose Logging.
  2. Click the Control Plane Audit Logs tab, select the audit component, and click Enable.

Viewing Control Plane Audit Logs

Viewing control plane audit logs on the CCE console

  1. Log in to the CCE console and click the cluster name to access the details page. In the navigation pane, choose Logging.
  2. Click the Control Plane Audit Logs tab to view audit logs in the cluster. For details about operations, see LTS User Guide.

Viewing control plane audit logs on the TLS console

  1. Log in to the LTS console and choose Log Management.
  2. Search for the log group by cluster ID and click the log group name to view the log streams. For details, see LTS User Guide.

Disabling Control Plane Audit Logging

  1. Log in to the CCE console and click the cluster name to access the details page. In the navigation pane, choose Logging.
  2. On the Control Plane Audit Logs tab, click Configure Control Plane Audit Logs in the upper right corner and determine whether to enable control plane audit logging.

  3. Deselect audit and click OK.

    After you disable control plane audit logging, logs are no longer written to the original log stream, but the existing logs will not be deleted and expenses may be incurred for this.

Parent topic: Logging